Pan-Canadian Trust Framework

Trust is a critical component of good relationships. Friendships, the stores you buy from and where you get your information from, all rely on trust. Now, with much of our daily interactions being shifted online, digital trust is becoming just as important. Establishing digital ID and authentication standards is crucial to developing the unequivocal trust required to enable the next generation economy and all the benefits it entails.

To that end, on September 15, the Digital ID & Authentication Council of Canada (DIACC) launched the Pan-Canadian Trust Framework ™ (PCTF), “a set of rules and tools designed to help businesses and governments to develop tools and services that enable information to be verified regarding a specific transaction or particular set of transactions.”

It’s important to note the variety and extent of use cases the Framework covers. After all, requirements for digital ID and authentication range from one-time use to accessing highly sensitive information on an ongoing basis, and the identity landscape is constantly changing with new requirements, opportunities and threats.

Launching one framework that works for multiple public and private uses, is adaptable, is acceptable to multiple parties and delivers privacy, security and convenience is a significant development for Canada and those that want to do business there.

DIACC: Progressing the Pan-Canadian Trust Framework

DIACC -- Canadian identity framework - partners
Image Source: DIACC

Trust Frameworks

There are already numerous trust agreements that enable digital transactions and other forms of cooperation. Terms of Service and other contractual arrangements state how certain types of information should be secured, processed, stored, shared and deleted.

The difference with a framework is that it’s not a one-off relationship, but rather a set of business, technical and (potentially) legal standards that can more quickly and efficiently create a foundation of trust. With auditable processes, these trust conventions can create “a more scalable, more transparent, and arguably more economical approach to creating a trusted environment.”

If Canadian governments, businesses and people can all look to the PCTF as a standard, digital trust can be quicker, safer and less costly.

The guiding principles for the PCTF include:

  • Secure
  • Privacy by design
  • Inclusive
  • Transparent
  • Individual choice, control and convenience
  • Open standards
  • International interoperability
  • Cost-effective and competitive
  • Auditable
  • Minimizes data transfers

PCTF compliance certification program

The practical application of the PCTF is a compliance certification program; a set of defined rules and responsibilities for assessment and certification of organizations. These organizations can be divided into four types:

  1. Certifying Authority
  2. Trustmark Issuer
  3. Accredited Assessor
  4. Certification Candidate

These organizations will assess if the entity in question, a person or organization, is “real, unique, and identifiable.” If they can verify the person or organization, they then can create a trusted digital identity.

With this digital identity, participants can get authenticated access to various digital systems. Various rules around consent and notifications are required to help ensure the use of identity information is understood and accepted by the user.

To deliver a secure trust framework, conformance to various technology and operational requirements and guidelines are specified as is conformance to the Personal Information Protection and Electronic Documents Act (PIPEDA), the Canadian Federal-level law governing data protection. Existing standards, where applicable, will be used.

Integrating existing processes

That last point, using existing standards, provides a useful starting point for the PCTF. Considering that there are already many proven processes, starting from scratch would slow down adoption, create confusion and discourage vested participants.

Thus “an existing business or technical process may be designated as a trusted process that is subject to the conformance criteria, assessment process, and certification defined by the PCTF.”

This philosophy also enables the use of profiles, where certain contexts or use-cases can inform the conformance criteria.

Many different types of roles, participants, and providers already exist, who perform various processes and representations within the Canadian trust ecosystem. The PCTF considers that and provides opportunities for all the different players. By working with, and creating consensus, amongst all the different participants, the PCTF is a substantial opportunity to move digital ID forward in Canada.

As DIACC Board Chair Dave Nikolejsin states in the organization’s announcement “Canadians have had to deal with identity theft and fraud, high anxiety in accessing services that they were in dire need of while facing social distancing measures, and attempting to go about their lives as normally as possible … Digital ID minimizes all of those pain points, and elevates the livelihoods of Canadians everywhere.”

Trulioo is a proud member of the DIACC and is looking forward to the future of the PCTF as well as digital ID in Canada and around the world. To learn more, see how a digital identity network can help your global business solve today’s biggest identity challenges and build trust online.