Trust Frameworks? Standards Matter.

Photo by Tekton on Unsplash

Note: This post is the author’s opinion only and does not represent the opinion of the author’s employer, or any organizations with which the author is involved.

Over the past few years, and especially in the face of the COVID-19, there has been a proliferation of activity of developing digital identity trust frameworks. Trust frameworks are being developed by the private sector and the public sector, as collaborative or sector-specific efforts. Trust mark and trust certification programs are also emerging alongside trust framework development efforts.

These trust framework development efforts are worthy undertakings and the results of these efforts should automatically engender trust. But the problem that we are now faced with, all good intentions aside, is — how do we truly trust a trust framework?

The answer is simple — with standards.

Trust frameworks need standards to be trusted.

Within the Canadian context, a standard is defined by the Standards Council of Canada, as:

“a document that provides a set of agreed-upon rules, guidelines or characteristics for activities or their results. Standards establish accepted practices, technical requirements, and terminologies for diverse fields.”

This standard definition might sound straightforward — making a ‘standard” might sound easy but the hard part is all the work leading up to agreeing on those things that are part of a standardan agreed-upon rules, guidelines or characteristics for activities or their results.

That’s where trust frameworks come into play. Much of the work that eventually ends up in a standard is years if not decades in the making. For years I have been part of developing the Public Sector Profile of the Pan-Canadian Trust Framework. This work had started in earnest in early 2015, and building on work that goes as far as back as 2007 (you can find a lot of the historical material in the docs folder in the PCTF repository on GitHub)

What has come out of all of this work is a trust frameworka set of agreed on principles, definitions, standards, specifications, conformance criteria, and assessment approach.

This definition of a trust framework, sounds pretty much like a standard, doesn’t it? Yes and no. What the trust framework has not gone through is a standards development process that respects and safeguards the interests of all stakeholders affected by the standard. Within the Canadian context, that’s where Standards Council of Canada comes into play by specifying how standards should be developed and how to accredit certain bodies to be standards development organizations.

So trust frameworks, however good and complete they are, still need to go through the step of becoming an official standard. Fortunately, this is the case in Canada, where the Public Sector Profile of the Pan-Canadian Trust Framework was used to develop CAN/CIOSC 103–1:2020 Digital trust and Identity — Part 1: Fundamentals. This standard was developed by the CIO Strategy Council, a standards development organization accredited by the Standards Council of Canada.

In closing, there are lots of trust frameworks being developed today. But to be truly trusted, a trust framework needs to either apply existing standards or become a standard itself. In Canada, we have been extremely fortunate to see the good work that we have done in the public sector to be transformed into a national standard that serves the interests of all Canadians.




Based in Ottawa. Does identity stuff. My tweets are my opinion but they can be yours too!

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

200+ Submissions in Phantom MEME Contest!

Beginner’s Guide to Bug Bounty Hunter

The Scalers’ ISO 27001 Certification for Information Security

Pixelated text from redacted documents can be restored with the tool called “Unredacter”

{UPDATE} Easy Game - Brain Test Hack Free Resources Generator

It’s Not Rocket Science — Secure Unattended Information Systems

What is Who is Lookup?

Barter smartplace: participant privacy, trade execution speed, scalability

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tim Bouma

Tim Bouma

Based in Ottawa. Does identity stuff. My tweets are my opinion but they can be yours too!

More from Medium

Three Kindoms in Metaverse: Microsoft vs Meta

Hello Senior Developer with web3 experience

It Takes a Small Army: A Practical Guide for Granting Equity in a Decentralized World

Differentiating Native vs. Hybrid Mobile Applications