Canadian council aims for trusted identities
26 April, 2016
category: Corporate, Digital ID, Government
It’s not exactly Verify in the UK or the National Strategy for Trusted Identities in Cyberspace in the U.S. The Digital ID and Authentication Council of Canada (DIACC) will work with those efforts but at the same time is an initiative for Canadian citizens, says Joni Brennan, a management consultant at the council.
Brennan is no stranger to government identity projects having lead the Kantara Initiative and worked on a range of projects including NSTIC and other U.S. based identity projects. DIACC – pronounced Dye-Ack – was started in 2012 as a Canadian Non-Profit Corporation originating out of the government of Canada’s Payments Task Force. DIACC is the neutral forum where the public and private sectors collaborate to ensure Canada’s full participation in the identity services aspects of the digital transformation and global digital economy.
The group quickly realized digital identity was part of mobile payments but also goes across all markets and decided to start the council, Brennan says. “They decided to formalize and create a consortium to identity and develop standards for digital identity management and make sure that Canadian culture and values were represented,” she adds. “It’s a global conversation and the DIACC wants to make sure that Canadian values for privacy and data protections approaches are maintained.”
DIACC is similar to other organizations in the digital identity space but it’s also different, Brennan explains. The council Board of Directors are from public and private sectors. “DIACC fosters public-private collaborations to create a trusted identity framework in Canada,” she says. The trusted identity framework addresses two Canadian priorities aligning with the Prime Minister’s Mandate Letters and with Canada’s 2016 Federal Budget. One priority is to modernize public sector service delivery to all Canadians. The other priority is to ensure Canada’s full and beneficial participation in the global digital economy.
The council isn’t starting from scratch with its identity efforts. Since 2012 Canadian citizens have been able to use their login credentials from financial institutions to access government services with a high levels of assurance using the Concierge service. SecureKey’s Concierge service let’s citizens use a portal to access Federal Government resources. DIACC is focused developing a trust framework that addresses the needs of both the public and private sectors and enables both to use high-assurance credentials for government services delivery as well as to secure Canada’s full participation in the global digital economy. “We want to make secure, convenient, privacy-respecting credentials available to any service that would leverage a digital identity that is vetted and has attributes from an assured attribute provider and authority,” Brennan says.
While high-assurance digital identity for consumers isn’t an easy feat anywhere, Canada has a few advantages, Brennan says. There are fewer stakeholders to manage – 10 provinces and three territories compared to 50 states in the U.S. – as well as fewer financial institutions. Canada also has a trusted attribute authority that can provide valuable information for digital identities.
In its effort to create secure digital identities, there are three areas of focus for DIACC, Brennan explains. The first is publishing a Pan-Canadian Trust Framework, in collaboration public and private sector stakeholders, that defines the trust model for how the federal government, provinces and private sector will interact with these digital IDs. The trust framework includes roles and objectives for services within the Canadian Identity Ecosystem. Profile for communities of interest will then detail criteria for how credentials are used in different instances.
The second area is establishing proof of concept research papers and demonstrators that explore the art of the possible for how secure digital identities can be used to benefit everyday Canadians. The first proof of concept report has been published and looks at how high-assurance digital identities can be used to remotely open new financial accounts online.
The second research paper is targeted for release in the summer and will look at how a consumer can prove residency with other resources. Typically an individual uses utility bills as proof of address for example, but this proof of concept will look at leveraging a user-centric model to gain access to other data records that support a proof of residence with better privacy. For this project the DIACC is looking to leverage models aligning with User-Managed Access standards approach that gives the consumer of the ability to manage who may access their personal data and for a specific purpose, Brennan says. A third proof of concept is being considered for later in 2016.
The last focus of DIACC is education and outreach, Brennan says. The council seeks to energize the public and private sectors to educate them on the value of trusted federated identity model, the process of developing the trust framework and what research the council is planning as well as to solicit input from others within Canada and globally. Readers can learn more about the DIACC by visiting DIACC.ca or by attending Identity North in Toronto in June.