After an increasing number of Canadians and businesses moved online throughout the COVID-19 pandemic, three-quarters of the population feels it’s important to have a secure and privacy-enhancing digital ID to safely make transactions online.
Moreover, a survey from Digital ID and Authentication Council of Canada (DIACC) has revealed that the majority of Canadians believe it is important for federal and provincial governments to move quickly on enabling digital ID in a safe and secure manner.
However, the lack of standardization has long been known to hurt the ability of people and businesses to secure or even use the new identity verification tech.
The Ontario government, in a virtual conversation with the Council of Canadian Innovators (CCI) on Ontario’s digital future, has finally revealed information about the technology and standards that the province will use to build its digital identity ecosystem.
Over the past nine months, the province says it has consulted with 68 organizations, more than 100 industry experts, and held five two-hour roundtable discussions on digital identity.
As one of the first jurisdictions in North America to publish this information, Ontario says Digital ID, when fully launched later this fall, will allow people and businesses to prove who they are both online and in person with built-in safety features that protect users’ privacy and personal information.
The DIACC survey also indicated that collaboration between governments and the private sector continues to be considered the best approach to create a pan-Canadian digital ID framework and it looks as though the Ontario government is on track with this.
The Ontario government says the province’s digital ID will comply with emerging digital ID industry standards, and will be designed to interoperate with digital IDs in other Canadian jurisdictions. It also noted that open-source solutions and open standards will be used wherever possible, and private-sector innovation will be encouraged.
Further, to ensure the privacy and security of Ontarians’ digital ID, the provincial government says “appropriate legal, privacy and security measures will be put in place so that users feel confident that their personal information will be kept secure and their privacy will be respected”. Ontario’s Information and Privacy Commissioner Patricia Kosseim continues to be engaged to help inform and guide this work.
Tech standards that will govern your Ontario digital ID
The Ontario government has noted on its website that Ontario’s digital ID will be based on tech standards from the World Wide Web Consortium (W3C), the Decentralized Identity Foundation (DIF), Trust Over IP Foundation, and OpenID connect.
Some of the tech standards that the provincial government says it is currently considering include the Verifiable Credentials Data Model 1.0 for data modeling, Decentralized Identifiers (DIDs) v1.0 for key management, JSON-LD 1.1 for data formatting, OpenID Connect as identity standard, BBS+ Signatures 2020 and Ed25519 Signature 2020 for signature format, Self-Issued OpenID Provider v2 and more for interoperability. Other tech standards that the province says it plans to use for digital ID can be found here.
“Openly sharing our technology approach to digital identity is an essential step in our plan to provide more convenient, private and secure ways to prove who you are,” Kaleed Rasheed, Associate Minister of Digital Government, noted in a news release. “Today’s announcement responds directly to what we continue to hear from sector partners, stakeholders and the public – Ontario’s approach to technology needs to be ambitious, innovative and transparent.”
In addition to tech standards, key principles that will underpin Ontario’s digital identity program, according to the Ontario government, include compliance with current industry standards and laws, including:
- The CIO Strategy Council’s Digital Trust and Identity – Part 1: Fundamentals (CAN/CIOSC 103-1:2020)
- Government of Canada’s Verified Person Conformance Criteria
- DIACC-Pan-Canadian Trust Framework
- Web Content Accessibility Guidelines (WCAG)
- Ontario Digital Service’s Digital Service Standard
- Anti-Racism Data Standards
- Municipal Freedom of Information and Protection of Privacy Act (MFIPPA)
- Freedom of Information and Protection of Privacy Act (FIPPA)
- Personal Health Information Protection Act (PHIPA)
- Accessibility for Ontarians with Disabilities Act (AODA)
Here’s how the Ontario government will verify your digital ID
According to the Ontario government, the verifiable credential model will be used to ensure trust throughout the process of digital ID verification.
First, the holder requests a digital ID and goes through an ID proving process to establish their identity. Once the ID requirements are satisfied, the issuer will create a digital ID credential, issue it to the holder and publish the public cryptographic keys associated with that digital ID to the verifiable data registry, which uses distributed ledger technology, the provincial government explained.
When the holder wants to use their digital ID (for example to prove their age at the liquor store), they may tap or scan their digital ID on the verifier’s reader to present (with their consent) the required identity information. This interaction triggers a request to the verifiable data registry to retrieve the Ontario government’s public key, which confirms that the holder’s presented credential is accurate and hasn’t been tampered with.