An Informal Update on the Public Sector Profile of the Pan-Canadian Trust Framework

Alex Colville, To Prince Edward Island (1965), acrylic emulsion on Masonite, 61.9 x 92.5 cm. National Gallery of Canada, Ottawa. Photo © NGC

Note: This is a version of my notes for an informal report on the progress of the PCTF provided to the Identity Management Sub-Committee (IMSC), a Pan-Canadian inter-jurisdictional body consisting of federal, provincial, territorial and municipal representative. This report has been prepared on a best-effort basis for the IMSC Meeting on held May 11th, 2020, and may not accurately reflect, or be considered as any official position. Further, this Medium post has been edited to remove specific references and links to drafts which are still being reviewed by the PCTF Working Group. These will be posted on GitHub shortly.

Prepared for: IMSC Meeting on Monday, May 11th, 2020

Date Revised: Monday, May 11th, 2020

Prepared by: Tim Bouma on behalf of the PCTF Working Group

Summary of Changes and Evolution of the PCTF Version 1.1

• The development of the Public Sector Profile of the PCTF has been driven by the public sector practitioners of digital identity programs who have deep knowledge of policy and operations.
• The PSP is technology agnostic — we’ve ensured that we can incorporate both the emerging and legacy technologies.
• The PCTF is not intended to impose technical architectures, but rather the PCTF sets expectations with the necessary transparency and due diligence such that we rely or trust on each others’ digital identities (irrespective of the technology implementation.)

Key Dates, Statistics and Links

Reflects the significant input and effort by the public sector.

• Public Sector Profile of the PCTF
• Latest working group version of PSP PCTF (May 8th) (not yet posted on GitHub)
• (Publicly available material is posted: https://canada-ca.github.io/PCTF-CCP/ )
• Available under open government license
• PCTF Working Group Engagement (Weekly meeting records are available)
• 114 members on the distribution list (includes Digital Nations)
• Weekly call frequency (9 calls YTD)
• Regular attendance by 10 FPTM jurisdictions
• Federal counting as one (9 depts, agencies, incl OPC, BoC)
• Weekly participation 20–28 members (based on last 7 calls)

Recent Milestones

May 8, 2020 PSP PCTF Version 1.1 DocVer 0.3 Consultation Draft (not yet on GitHub)

• 180 WG comments received and disposed from the Feb 20th version
• In addition to feedback — keeping the content fresh
• Integrate the various traditional roles
• Digital ecosystem roles, verifiable credentials, emerging standards
• Feb 20th, 2020 PSP PCTF Version 1.1 Doc Ver 0.3
• 129 WG comments from received and disposed from the October 31st version
• Incorporating findings from thematic issues.

Oct 31, 2019 PSP PCTF Version 1.1 Doc Ver 0.2 Consultation Draft on GitHub

• Began to address thematic issues: related: to i) integration of Organizations and Persons, ii) Evolving state of credentials, iii) Notice and Consent

July 4, 2019 PCTF Version 1.0 Recommendation Draft published on GitHub

• 83 comments from received and disposed from the May 30th Version

May 30, 2019 PCTF Version 1.0 Consultation Draft

• Based on feedback from IMSC In-Person meeting in Feb

Assessment Worksheet

• 29 atomic processes to date
• Over 300 conformance criteria cross-referenced from current version PCTF-V1.1, PCTF-V1.0, PCTF-Alpha, TFEC
• Various worksheets to assist in the assessment processes.

Application of the PCTF to the assessment process of AB and BC — caused us to refactor (streamline) the trust framework. The PSP framework is now one framework document and one assessment worksheet. This was driven by the lessons learned in applying the framework and revisiting the overall structure of component deliverables having many redundant/repetitive sections that were difficult to maintain consistency.

In creating PSP PCTF Version 1.1, significant effort has been made to integrate the concepts of Verified Person and Verified Organization into a unified model of Trusted Digital Representations. What were previously separate components have been integrated into a more holistic model of:

• Normative Core the components that would comprise a standard that is national or international in scope.
• Mutual Recognition — steps required to formalize an assessment or mutual recognition process.
• Supporting Infrastructure — how the PCTF relates to other existing components and processes that support but are not necessarily the essence of the PCTF
• Digital Ecosystem Roles and Information Flows — a section describing the emerging area relating to new conceptual approaches involving decentralized identity and verifiable credentials. It is anticipated that the PCTF will be applied in conjunction with these new technologies.

Next Steps

1. Finalize Version 1.1 of the PCTF — so that it is sufficient to conduct assessments of digital FPTM identity programs.
2. Continue integration of organizations. Continue the integration of organizations into the PCTF.
3. Continue assessments to evolve an assessment program: Use the PCTF V1.1 deliverables for assessment, incorporate lessons-learned, and continued integration.
4. Continue the development of the PCTF — refining the framework and evolving it to the more general use cases around digital trust.