decentralized-id.github.io/_posts/government/canada/2020-01-11-pan-canadian-trust-framework.md

92 lines
13 KiB
Markdown
Raw Normal View History

---
2020-01-12 11:42:43 -05:00
title: "Governments of Canada and the Pan Canadian Trust Framework"
description: "This framework is the next major step after the 2016 publication of the Pan-Canadian Trust Framework Overview by the Digital Identification and Authentication Council of Canada (DIACC)"
excerpt: >
"The Treasury Board Secretariat of Canada (TBS) and Shared Services Canada (SSC) are seeking a standardized method to issue and rapidly verify portable digital credentials across many different contexts, thereby reducing human judgement error, increasing efficiency and ensuring digital credential veracity using cryptography."
2020-11-17 22:27:12 -05:00
permalink: /government/canada/
redirect_from: /public-sector/canada/
2023-04-10 15:27:44 -04:00
tags: ["Trust Framework","Canada","Verifiable Credentials","DIACC","PCTF"]
2020-03-25 20:47:52 -04:00
categories: ["Government"]
header:
2020-11-19 03:16:51 -05:00
image: /images/pan-canadian-trust-header.webp
2020-11-05 23:47:20 -05:00
caption: "[PCTF Placemat](https://canada-ca.github.io/PCTF-CCP/docs/PCTF-Placemat.pdf)"
2020-11-19 03:16:51 -05:00
teaser: /images/pctf-teaser.webp
2020-12-04 19:01:23 -05:00
updated: 2020-12-04
---
2020-12-04 19:01:23 -05:00
## The Framework
* [Pan-Canadian Trust Framework (“PCTF”)](https://diacc.ca/trust-framework/)
* **Infrastructure (Technology & Operations)**: [Component Overview](https://diacc.ca/wp-content/uploads/2020/11/PCTF-Infrastructure-Component-Overview-Final-Recommendation-V1.0.pdf) and [Conformance Profile](https://diacc.ca/wp-content/uploads/2020/11/PCTF-Infrastructure-Conformance-Criteria-Final-Recommendation-V1.0.pdf) Nov 2, 2020 (PCTF08)
> Defines criteria, requirements, and guidelines regarding the trustworthiness of IT infrastructure.
* **Credentials (Relationship & Attributes)**: [Component Overview](https://diacc.ca/wp-content/uploads/2020/09/PCTF-Credentials-Relationships-Attributes-Component-Overview-Final-Recommendation-V1.0-1.pdf) and [Conformance Profile](https://diacc.ca/wp-content/uploads/2020/09/PCTF-Credentials-Relationships-Attributes-Conformance-Criteria-Final-Recommendation-V1.0.pdf) Sep 29, 2020 (PCTF07)
> Defines criteria related to the creation, issuance, and management of credentials existing in digital form.
* **Verified Organization**: [Component Overview](https://diacc.ca/wp-content/uploads/2020/09/PCTF-Verified-Organization-Component-Overview-Final-Recommendation-V1.0-1.pdf) and [Conformance Profile](https://diacc.ca/wp-content/uploads/2020/09/PCTF-Verified-Organization-Conformance-Criteria-Recommendation-V1.0.pdf) Sep 29, 2020 (PCTF06)
> Defines criteria that allow organizations to exchange trustworthy information about themselves or others (individuals or organizations) with external parties.
* **Verified Person**: [Component Overview](https://diacc.ca/wp-content/uploads/2020/09/PCTF-Verified-Person-Component-Overview-Final-Recommendation_V1.0.pdf) and [Conformance Profile](https://diacc.ca/wp-content/uploads/2020/09/PCTF-Verified-Person-Component-Conformance-Criteria-Final-Recommendation_V1.0.pdf) Sep 15, 2020 (PCTF05)
> Defines criteria used to establish that a natural person is real, unique and identifiable.
* **Privacy**: [Component Overview](https://diacc.ca/wp-content/uploads/2020/09/PCTF-Privacy-Component-Overview-Final-Recommendation_V1.0.pdf) and [Conformance Profile](https://diacc.ca/wp-content/uploads/2020/09/PCTF-Privacy-Component-Conformance-Criteria-Final-Recommendation_V1.0.pdf) Sep 15, 2020 (PCTF04)
> Defines criteria concerned with the handling of personal data for digital identity purposes.
* **Authentication**: [Component Overview](https://diacc.ca/wp-content/uploads/2020/09/PCTF-Authentication-Component-Overview-Final-Recommendation_V1.0.pdf) and [Conformance Profile](https://diacc.ca/wp-content/uploads/2020/09/PCTF-Authentication-Component-Conformance-Criteria-Final-Recommendation_V1.0.pdf) Sep 15, 2020 (PCTF03)
> Defines criteria used to enable access to digital systems.
* Notice & Consent: [Component Overview](https://diacc.ca/wp-content/uploads/2020/09/PCTF-Notice-Consent-Component-Overview-Final-Recommendation_V1.0.pdf) and [Conformance Profile](https://diacc.ca/wp-content/uploads/2020/09/PCTF-Notice-Consent-Component-Conformance-Criteria-Final-Recommendation_V1.0.pdf) Sep 15, 2020 (PCTF02)
> Defines criteria used to formulate a statement about the collection, use and disclosure of personal information, and to obtain a consent decision on that statement from a person authorized to do so.
2020-12-04 19:01:23 -05:00
## Background
2023-06-05 17:28:05 -04:00
* [The Public Sector Profile of the Pan-Canadian Trust Framework Working Group Close-Out Report](https://trbouma.medium.com/public-sector-profile-of-the-pan-canadian-trust-framework-version-1-2-and-next-steps-86ae7a96d6c7) Tim Bouma
> the PSP PCTF WG was an important vehicle for ensuring public sector communication and discussion across Canada
* [Trust Frameworks? Standards Matter](https://medium.com/@trbouma/trust-frameworks-standards-matter-47c946992f44) Tim Bouma
> He points at the NIST documents about it [Developing Trust Frameworks to Support Identity Federations](https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8149.pdf) published in 2018. He also points at the Canadian governments definition of standards.
>
> “a document that provides a set of agreed-upon rules, guidelines or characteristics for activities or their results. Standards establish accepted practices, technical requirements, and terminologies for diverse fields.”  He goes on to highlight a lot of the work being done in Canada and where it all sits relative to being a standard - “In closing, there are lots of trust frameworks being developed today. But to be truly trusted, a trust framework needs to either apply existing standards or become a standard itself.”
* [Looking Ahead in 2020](https://medium.com/@trbouma/looking-ahead-in-2020-830afa372878)
> I believe it will be a breakout year for digital identity, and for the underlying technical infrastructure that we need to achieve our goals. I see the work progressing on two fronts: 1) Pan-Canadian Trust Framework, and, 2) Verifiable Credentials/Decentralized Identifiers Deployment.
* [Public Sector Profile of the Pan-Canadian Trust Framework Version 1.0 Recommendation Draft](https://medium.com/@trbouma/public-sector-profile-of-the-pan-canadian-trust-framework-version-1-0-4baf8ff0cfa0) — Now [available on GitHub](https://canada-ca.github.io/PCTF-CCP/)
> The public sector profile of the PCTF reflects:
> - Evolution of the Identity Management Sub-Committee (IMSC) efforts.
> - The Need to Apply the PCTF for Assessments.
> - Policy Alignment.
* [IMSC Pan-Canadian Trust Framework Executive Summary](https://medium.com/@trbouma/imsc-pan-canadian-trust-framework-executive-summary-5c89a72e06b5)
> This [document](https://drive.google.com/open?id=1Xmjh8QJZKWmRkaTtE2f43ISntD7jE6D5) describes Version 1.0 of the IMSC Pan-Canadian Trust Framework (PCTF). This framework is the next major step after the 2016 publication of the Pan-Canadian Trust Framework Overview by the Digital Identification and Authentication Council of Canada (DIACC), in collaboration with the Canadian public sector Identity Management Sub-Committee (IMSC) of the Joint Councils (JC).
* [IMSC Pan-Canadian Trust Framework](https://medium.com/@trbouma/imsc-pan-canadian-trust-framework-1f68134e338a) - A summary of the latest iterations before our final version to be delivered on March 31st, 2019. The near to final document is [here](https://drive.google.com/open?id=1P8kFJZfUV7PX25KEkZKk0XftrqqQp9FI)
* [The Pan-Canadian Trust Framework Using Prolog](https://medium.com/@trbouma/the-pan-canadian-trust-framework-using-prolog-e62ffa911ff5)
> A declarative framework (such as [Prolog](https://www.geeksforgeeks.org/prolog-an-introduction/)) focuses on the what needs to be done, satisfied, relied on (i.e., proven to be true) versus how to do it. In our case, with the Pan-Canadian Trust Framework (PCTF), its the question of Can we rely on or accept a digital identity originating from a province or territory?
2020-11-05 23:47:20 -05:00
* [Pan-Canadian Trust Framework - Tim Bouma](https://medium.com/@trbouma/pan-canadian-trust-framework-eb65eac6c683)
> The Pan-Canadian Trust Framework is how we will formalize the approval and acceptance of a “trusted digital identity.”
![](https://miro.medium.com/max/687/1*gWHaw0K1e_S4Ts4EIzEhoA.png)
{% include video id="sg8qM9D_vqU" provider="youtube" %}
* [A Quick Video Tour of the PCTF Trusted Processes and Cross-Referencing](https://medium.com/@trbouma/a-quick-video-tour-of-the-pctf-trusted-processes-and-cross-referencing-3c892a012edd)
* [Treasury Board Identity Management Policy and Pan-Canadian Trust Framework — Identity Management Policy Workshop](https://docs.google.com/presentation/d/189DxjNv7EE7KtjkidB6EpwuvO2lIy7kEL-3DWtMAiQg/edit)
* [Pan Canadian Trust Framework - Overview](https://diacc.ca/2016/08/11/pctf-overview/)
* [Pan-Canadian Trust Framework](https://diacc.ca/pan-canadian-trust-framework/)
* [Pan-Canadian Trust Framework (Draft for Discussion)deck, ...](https://medium.com/@trbouma/pan-canadian-trust-framework-draft-for-discussion-deck-video-and-site-724b5aa3acf0)
Here is a link to the discussion deck of the Pan-Canadian Trust Framework. One of the slides is depicted below.
* [White Paper: Canadas Digital ID Future - A Federated Approach](https://www.cba.ca/embracing-digital-id-in-canada)
In this brief, we highlight why Canada needs a digital identity system, how other countries have made progress in this area and the lessons we can learn from those experiences to build a system in Canada.
* [canada-ca/PCTF-CCP](https://github.com/canada-ca/PCTF-CCP) - Public Sector Profile of the Pan-Canadian Trust Framework | Cadre de Confiance pancanadien
> Public Sector Profile of the [Pan-Canadian Trust Framework Version 1.0 Recommendation Draft (July 4th, 2019)](https://github.com/canada-ca/PCTF-CCP/blob/master/public-sector-profile/recommendation-draft/Readme.md)
> A quick video overview of the document (this video is of a previous version will be updated shortly)
* [ssimeetup- Overview of Proposed Pan Canadian Trust Framework](https://ssimeetup.org/overview-proposed-pan-canadian-trust-framework-ssi-tim-bouma-webinar-19/) 1\2019 [Slideshare](https://www.slideshare.net/SSIMeetup/overview-of-the-proposed-pancanadian-trust-framework-for-ssi-tim-bouma)
> The Government of British Columbia and the Government of Ontario have already rolled out a production system using the Sovrin Network for business registration and licensing; together they've issued over 6 million credentials, according to Windley. - [How Blockchain may Kill the Password](https://www.computerworld.com/article/3329962/blockchain/how-blockchain-may-kill-the-password.amp.html)
<iframe src="//www.slideshare.net/slideshow/embed_code/key/hwUlr34zkyfGvm" width="595" height="485" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" style="border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;" allowfullscreen> </iframe>
{% include figure image_path="/images/canadian-digital-identity-history.png" alt="canadian-digital-identity-history" caption="[Annex E - 2014- 2017 Federating Identity: Milestones and Initiatives](https://docs.google.com/presentation/d/189DxjNv7EE7KtjkidB6EpwuvO2lIy7kEL-3DWtMAiQg/edit)" %}
2020-12-04 19:01:23 -05:00
## Related
[![](https://i.imgur.com/wdbN3Ld.png)](https://twitter.com/sboots/status/1070320318487584768)
* [User-Centric Verifiable Digital Credentials](https://www.ic.gc.ca/eic/site/101.nsf/eng/00068.html)
> The Treasury Board Secretariat of Canada (TBS) and Shared Services Canada (SSC) are seeking a standardized method to issue and rapidly verify portable digital credentials across many different contexts, thereby reducing human judgement error, increasing efficiency and ensuring digital credential veracity using cryptography.
* [USER AUTHENTICATION GUIDANCE FORINFORMATION TECHNOLOGY SYSTEMS](https://www.cse-cst.gc.ca/en/system/files/pdf_documents/itsp.30.031v3-eng_0.pdf)
* [Directive on Identity Management — 10 Years Later](https://medium.com/@trbouma/directive-on-identity-management-10-years-later-9463fbb835f3)
> On July 1st, 2019 the new [Treasury Board Directive on Identity Management](https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16577) (DIDM) went into effect, 10 years to the day when it was first issued under the revised Policy on Government Security back on July 1, 2009. The directive is issued under the new [Policy on Government Security](https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16578) (PGS) and the [Directive on Security Management](https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32611) (DSM).
* [Canadians expect government, private sector to develop digital ID framework](https://www.biometricupdate.com/201910/canadians-expect-government-private-sector-to-develop-digital-id-framework)
> Some 70 percent of Canadians would adopt digital identity and think the government should join forces with the private sector to implement a Digital ID framework for better access to government benefits, healthcare, e-commerce, and financial services, [found](https://diacc.ca/2019/10/15/canadians-are-ready-to-embrace-digital-identity/) a survey conducted by non-profit Digital ID and Authentication Council of Canada (DIACC).