Public Sector Profile of the Pan-Canadian Trust Framework Version 1.2 and Next Steps

The Public Sector Profile of the Pan-Canadian Trust Framework Working Group Close-Out Report

Public Sector Profile of the Pan-Canadian Trust Framework Version 1.2

Note: This post is of the author based on knowledge and experience gained at the time. The author recognizes that there may be errors and biases, and welcomes constructive feedback to correct or ameliorate.

Additional context: This post is based on the report and presentation that was provided on December 10, 2020, to the newly-formed Jurisdictional Experts on Digital Identity (JEDI), the committee responsible for public sector governance for digital identity.

The consultation draft of the Public Sector Profile of the Pan-Canadian Trust Framework Version 1.2 is now available and directly downloadable at this link. The folder with related artifacts is available here.

The remainder of this post is the content of the report, lightly edited for Medium.

Objective of the PSP PCTF Working Group (PSP PCTF WG)

The primary objective of the PSP PCTF WG had been the development of the Public Sector Profile of the Pan-Canadian Trust Framework (PSP PCTF). This has been achieved by contributing and reviewing content, attaining the consensus of the public sector jurisdictions, and monitoring related developments that might impact the development of the PSP PCTF.

The main deliverable of the PSP PCTF WG has been the PSP PCTF, the various versions of which consist of a consolidated overview document, an assessment methodology, and an assessment worksheet.

The PSP PCTF WG has also facilitated other activities such as:

Membership

At its dissolution, the PSP PCTF WG had 111 confirmed members on its distribution list consisting of representatives from all jurisdictions and various municipalities across Canada, as well as international participants from the Digital Nations. The working group normally met on a weekly call that averaged 20 to 30 participants.

Achievements

PSP PCTF Deliverables

The PSP PCTF Version 1.2 is now available at: https://github.com/canada-ca/PCTF-CCP. It should be noted that this has been the iterative product of several prior versions:

PSP PCTF Assessments

The PSP PCTF was used in the following assessments conducted by the federal government to accept trusted digital identities from the provinces of Alberta and British Columbia:

Insights and lessons learned from the application of these PSP PCTF assessments were brought back to the PSP PCTF WG and the learnings were incorporated into subsequent versions of the PSP PCTF.

Joint Council Briefings

The PSP PCTF is the result of a long-term and deep collective experience of the public sector. Efforts on the PSP PCTF began in late 2014 and have been reported regularly to the Joint Councils by the Identity Management Sub-Committee (IMSC) Working Group and its successor, the PSP PCTF Working Group. The following is the list of updates that are on record and are available for reference in the joint-councils-update folder (GitHub link):

Related Deliverables

In addition to the PSP PCTF itself, the following related deliverables should be noted:

Other

It also should be noted that content from the PSP PCTF Version 1.1 was incorporated into the National Standard of Canada, CAN/CIOSC 103–1, Digital Trust and Identity — Part 1: Fundamentals, developed by the CIO Strategy Council, and approved by the Standards Council of Canada (Website link).

PSP PCTF WG Work Plan 2020–2021

At the time of its dissolution, the work plan of the PSP PCTF WG was as follows:

2. An Assessment Worksheet (draft released on December 4, 2020) which contains new and revised conformance criteria for assessment purposes

3. A re-assessment of the MyAlberta Digital Identity (MADI) Program for use by the Government of Canada (using the PSP PCTF Version 1.2) with planned completion by March 2021.

PSP PCTF Thematic Issues

During the development of the PSP PCTF, the working group has identified several high-level thematic issues that must be addressed in order to advance the digital ecosystem.

Thematic Issue 1: Relationships (Priority: High)

The development of a relationship model is required.

This issue has been initially addressed in the PSP PCTF Version 1.2 Consolidated Overview document released in December 2020.

Thematic Issue 2: Credentials (Priority: High)

The development of a generalized credential model is required. This model should integrate traditional physical credentials and authentication credentials with the broader notion of a verifiable credential.

This issue has been initially addressed in the PSP PCTF Version 1.2 Consolidated Overview document released in December 2020.

Thematic Issue 3: Unregistered Organizations (Priority: High)

Currently, the scope of PSP PCTF includes all organizations registered in Canada (including inactive organizations) for which an identity has been established in Canada. There are also many kinds of unregistered organizations operating in Canada such as sole proprietorships, trade unions, co-ops, NGOs, unregistered charities, and trusts. An analysis of these unregistered organizations needs to be undertaken.

Thematic Issue 4: Informed Consent (Priority: High)

The current version of the PSP PCTF Consolidated Overview document does not adequately capture all the issues and nuances surrounding the topic of informed consent especially in the context of the public sector. A more rigorous exploration of this topic needs to be done.

Thematic Issue 5: Privacy Concerns (Priority: Medium)

In regards to the Identity Continuity and Relationship Continuity atomic processes, it has been noted that there are privacy concerns with the notion of dynamic confirmation. Further analysis based on feedback from the application of the PSP PCTF is required to determine if these atomic processes are appropriate.

Thematic Issue 6: Assessing Outsourced Atomic Processes (Priority: Medium)

The PSP PCTF does not assume that a single Issuer or Verifier is solely responsible for all of the atomic processes. An organization may choose to outsource or delegate the responsibility of an atomic process to another party. Therefore, several bodies might be involved in the PSP PCTF assessment process, focusing on different atomic processes, or different aspects (e.g., security, privacy, service delivery). It remains to be determined how such multi-actor assessments will be conducted.

Thematic Issue 7: Scope of the PSP PCTF (Priority: Low)

It has been suggested that the scope of the PSP PCTF should be broadened to include academic qualifications, professional designations, etc. The PSP PCTF anticipates extensibility through the generalization of the PSP PCTF model and the potential addition of new atomic processes. Expanding the scope of the PSP PCTF into other domains needs to be studied.

Thematic Issue 8: Signature (Priority: Low)

The concept of signature as it is to be applied in the context of the PSP PCTF needs to be explored.

Thematic Issue 9: Foundation Name, Primary Name, Legal Name (Priority: Low)

The PSP PCTF has definitions for Foundation Name, Primary Name, and Legal Name. Since the three terms mean the same thing, a preferred term should be selected and used consistently throughout the PSP PCTF documents.

Thematic Issue 10: Additional Detail (Priority: Low)

It has been noted that the PSP PCTF Consolidated Overview document contains insufficient detail in regards to the specific application of the PSP PCTF. The PSP PCTF Consolidated Overview document needs to be supplemented with detailed guidance in a separate document.

Thematic Issue 11: Review of the Appendices (Priority: Low)

A review of the current appendices contained in the PSP PCTF Consolidated Overview document needs to be undertaken. Each appendix should be evaluated for its utility, applicability, and appropriateness, and a determination made as to whether it should continue to be included in the document.

Recommendations for Next Steps

Conclusion

At the time of its dissolution, the PSP PCTF WG was an important vehicle for ensuring public sector communication and discussion across Canada in order to cultivate a shared understanding of how identity and digital identity could be best developed for the country.

Much has been achieved by the working group, building on prior work going back more than a decade. However much more work remains. It is hoped that the work accomplished to date and the recommendations put forward in this report will be considered by the JEDI to support their mandate to accelerate the specific goals of the digital identity priority of the Joint Councils.