In a few months two Canadian digital identity projects that could create a leap in online transactions in this country are going to capture the attention of the world, at least according to those involved in them.
Both were featured Tuesday at the annual Identity North conference in Toronto, where experts are talking about progress being made to solve the knotty problem of how people can verify their identity online when it’s essential.
The goal is to accelerate the digital economy and get away from lining up to show paper documents for service.
One of the projects, announced earlier this year, will be a blockchain-based network involving several levels of government, banks, telecom companies and others giving people the ability to do business over mobile devices – everything from proving they are a good risk to rent an apartment, opening a new bank account online or a teen getting into a bar.
“We think its big enough to be transformative and will get the digital economy going in Canada,” Franklin Garrigues, a vice-president at TD Bank who leads its digital identity efforts, told the conference about the yet-unnamed service.
“The world is looking at us.”
The network – or as some call it, an ecosystem of partners – is expected to go live either late this year or early 2018.
The other project is less glamorous: The release of a draft framework from the Digital ID and Authentication Council of Canada (DIACC), a private-public partnership which has spent several years drawing up a digital identification scheme Canadian governments and companies can use to create solutions to accelerate e-commerce.
“By the end of 2017 what we’re hoping will be in place is the first instances of standards that organizations could use to start doing some implementations,” said DIACC chair David Nikolejsin in an interview. “It will still be early, but if we’re successful in the next year you’ll see that turning from principles and architecture into actual standards.”
Other countries and associations are trying to create digital identity standards, the conference heard – the National Insititute of Standards and Technology in the U.S., the European Union’s PSD2 (Revised Payment Service Directive), Gov.UK Verify, User Managed Access (UMA).
But, Nikolejsin said, Canada is a leader. “People are looking to Canada to see what we’re up to and perhaps they can embrace it.”
The ideal, Ontario CIO Rob Devries, told the conference, is to allow the creation of a re-useable digital identification people can carry around and associate with different credentials – for example, if a teen wants to get into a bar, using a smart phone user could approve the use of her birth information to verify she is of legal age. (Using biometrics the phone would also verify she is the real owner of that device). She would give approval for the use of other personal identification – say a health record — for other transactions.
Nikolejsin admitted the “number one challenge” is still getting business leaders and citizens to understand what digital identity is all about. Some confuse it with single-sign on (the ability to authenticate once to a number of services).
That’s why DIACC’s framework includes not only the ability to digitally verify persons, but also organizations. For example, a law firm will want to verify the other party of a digital transaction really is a lawyer. This capability will help solve the so-called KYC (know your client/customer) problem, he said.
The reason why digital identity is important, Nikolejsin said, is that for most transactions on the Internet who you are isn’t important. Amazon only needs a valid credit card for purchases, he pointed out. It doens’t care who the buyer is.
But for digitally doing other transactions – proving you have a good credit record, or are the proper person buying prescription drugs – there’s a higher level of assurance needed, which usually means verifying identity.
Ultimately countries will want international standards or interoperability of their digital ID systems so someone in Canada can, for example, open a bank account in Brazil online.
“This is about untapping the digital economy in Canada,”Rizwan Khalfan, chief digital officer TD Bank, said in another session. “Its taken lot longer than i thought … but I think we are on the cusp of releasing a solution that will be the envy for the rest of the world.”
Greg Wolfond, CEO of SecureKey and one of those behind the blockchain-based network that will launch in a few months, said in an interview the project still has to run a few pilots to ensure usability and scalability,
The use of IBM’s Blockchain hyperledger will verify a user’s permission to use information held by a content provider for a transaction. No other partner can see the data, and the provider can’t see what the transaction is for – so, for example, a government can’t track how many times a user was in a bar. ”The beauty of this is there’s no central node, no way the operator of the network can see the data.”
“We know in identity and attribute sharing it has to be that simple to use, but if we can make it that simple and hew to privacy … and higher in security, then it’s going to be the envy of the world.”