Categorías: Todo - digital - identity - maintenance - resolution

por Andrew Stephen hace 2 años

253

Pan-Canadian Trust Framework Model

The Pan-Canadian Trust Framework Model focuses on creating and managing digital identities to ensure entities are real, identifiable, and unique within a population. It encompasses the establishment of authoritative identity records, which others can rely on for various programs and services.

Pan-Canadian Trust Framework Model

Pan-Canadian Trust Framework Model Overview

Participant

Role
Defined Roles

Governance

As a trust framework intended for broad adoption, the PCTF defines governance roles for certain ecosystem stakeholders. Participants acting in these roles are responsible for drafting, maintaining, and helping ensure consistent adoption of the various components of the PCTF. Governance roles may also be extended to include governance of the use and application of the PCTF in the digital ecosystem.

Assessors

Participants that assess another participant’s compliance with the PCTF.


Infrastructure providers

Participants that provide the physical and electronic infrastructure needed to enable digital interactions.

Digital representation subjects

The entity that the digital representation is representing. Typically, the entity to whom the digital representation is issued.


In many use cases, the subject of a digital representation will assume explicit functions and/or responsibilities. There may also be implicit functions performed by the subject in the context of the digital identity ecosystem. For example, functions associated with a “motivation to recover” a digital representation when problems or suspicious events are detected.

Relying parties

Participants who rely on digital representations created and managed by other participants.

Subject

The entity represented by and to which data held in a digital object pertains (e.g., the person whose age can be verified using a credential). In this context, the digital representation subject is typically a person who wishes to conduct a transaction, access a system, or interact with a relying party in some other manner. 

Authenticator provider

Participants that create and manage authenticators. Sometimes referred to as credential service providers. These are not the same as PCTF Credential Providers. See section 5.1.2 for details. 


Authenticator providers are responsible for creating and managing authenticators. They perform functions that ensure lifecycle management of the authenticator (including processes for issuance, suspension, recovery, maintenance, and revocation of authenticators).

Credential providers

Participants that create and manage credentials. Sometimes referred to as attribute providers.

Identity providers

Participants that create and manage identities. Sometimes referred to as identity service providers or identity issuers. In some cases, the subject is the creator and manager of its own identity.

functions

Defined Functions

Enable digital identity systems

Guidelines and standards for processes that infrastructure providers deliver to other participants. These processes, which fall into technical and operational infrastructure, include:

Operations

Incident & dispute management

Processes to identify, assess, and respond to events that adversely affect supported functions and (in the case of disputes) ecosystem participants – including efforts to reduce or eliminate the likelihood of the incident recurring.

Records management

Processes that support typical record-keeping activities for supported functions. This includes classification, retention schedules, preservation, and disposition.

Risk management

Processes for the identification of direct or indirect risks to supported functions and related efforts to reduce or eliminate the likelihood of these risks occurring. 

Technical

Technical standards

PCTF reference to relevant industry standards in support of specified functions.

Audit & logging

Processes to establish and maintain a chronological record or records that provide evidence of events and activities of events (system, transaction, or otherwise) related to supported functions. 

Data management

Processes and policies for the lifecycle management of digital representation data, including oversight of data collection, validation, storage, and accessibility on an on-going basis. 

Security

IT security practices designed to ensure the confidentiality, integrity, and availability of supporting infrastructure. 

Use digital representations

Relying party processes

Consent

Manage Consent

Update

Updating a consent decision involves the subject establishing a revised consent decision from a previously stored consent decision. This could include the subject revoking the consent. This process results in an updated consent decision (which will require persisting via the Record Consent process). 

Review

The process to review consent involves making the details of a stored consent decision visible to the subject or to a reviewer.

Record Consent

Persists the notice statement and the subject’s consent decision, to storage. In addition, information about the subject, the version of the notice statement that was presented, the date and time that the notice statement was presented, and, if applicable, the expiration date for the consent decision may be stored. Once the consent information has been stored, a notification on the consent decision made is issued to the relevant parties to the consent decision.

Request Consent

Presents the notice statement to the subject and providing a capability for the subject to provide consent or decline consent based on the contents of the notice statement, resulting in a consent decision.

Formulate notice

Produces a statement that describes what personal information is being collected; with which parties the personal information is being shared; for what purposes the personal information is being collected, used, or disclosed; how the personal information will be handled and/or protected; the time period for which the statement will be applicable; and under whose Jurisdiction/Authority the statement is applicable. This statement is presented to the subject (i.e., the natural person to whom the personal information in question pertains) in the form of a notice statement.

Confirming

Identity presentation

The dynamic confirmation that a subject has a continuous existence over time (i.e., “genuine presence”). This can be used to ensure that there is no malicious or fraudulent activity (past or present) and to address identity spoofing concerns.

Identity linking

The process of ensuring that the right subject is properly associated across different service delivery contexts. This process is dependent on authority and privacy constraints and may result in the association of an identity with a service assigned identifier, and/or, the mapping of multiple service assigned identifiers associated with an identity. 

Credential/authenticator authentication

This process establishes a level of confidence that an entity has control over a credential or authenticator issued to that entity. 

Identity Verification

The confirmation that the identity information being presented relates to the subject who is making the claim. It should be noted that Identity Verification is a separate process from Identity Validation and may employ different methods and use personal information that is not related to identity. Different methods may be used (separately or in combination) such as:

Identity Validation

The confirmation of the accuracy of identity information about a subject as established by an authoritative party. It should be noted that identity validation does not ensure that the entity is using their own identity information (this is Identity Verification) – only that the identity information that the subject is using is accurate when compared to an authoritative record.

For most people, proving identity, accessing an account, or demonstrating that certain criteria are met (e.g., residency, age, possession of a permit) is a necessary part of online interactions. Functions in this category concern the use of digital representations for these purposes. The interactions that depend on trusted digital representations are often interactions between a relying party and a digital representations subject: 

Relying parties normally need information to identify subjects, check certain attributes, or grant access to a protected system [AJS: or assess entitlement to a serviceprovided by the relying party]

Subject is typically a person who wishes to conduct a transaction, access a system, or interact with a relying party in some other manner.

Usually interactions between a relying party and a digital representations subject

Create and manages digital representation

Authenticator processes

Authenticator recovery

Transitions a suspended authenticator back to a usable state. The process may be triggered by the subject, system administrator, or automatically by the system. Examples include:

Authenticator suspension

Transitions an issued authenticator to a suspended authenticator. This can be triggered by the subject (e.g., forgotten password) or the system (e.g., lockout due to successive failed authentications, inactivity, suspicious activity). A suspended authenticator is prohibited from being passed to a Relying Party, thereby ensuring that the subject is denied access.

Authenticator maintenance

The process includes lifecycle activities such as removing authenticators, binding new authenticators, and updating authenticators (e.g., password change, updating security questions and answers). This process is typically initiated by the subject but may also be initiated by a system administrator or automatically by the system.

Identity-authenticator binding

The process of associating authenticators to an attributed actor. 

Authenticator issuance

The process during which an authenticator is created and assigned/bound to a subject (i.e., a person, organization, application, or device), and bound to one or more authenticators

Credential processes

Credential authenticaiton

Verifies that a subject has control over their issued credential. 

Credential revocation

Ensures that a credential is permanently disabled or deleted. Once a credential is revoked, it can no longer be used. The process can be initiated by the subject, system administrator, or automatically by the system. 

Credential recovery

Transitions a suspended credential back to a usable state (i.e., an issued credential). The process may be triggered by the subject, system administrator, or automatically by the system. 

Credential suspension

Transitions an issued credential to a suspended credential. This can be triggered by the subject (e.g. forgotten password) or the system (e.g., lockout due to successive failed authentications, inactivity, suspicious activity, etc.). A suspended credential is prohibited from being passed to a Relying Party, thereby ensuring that the subject is denied access.

Credential maintenance

The process includes lifecycle activities such as updating credential details. This process is typically initiated by the subject but may also be initiated by a system administrator or automatically by the system. 

Identity-credential binding

The process of associating credentials to an attributed actor.

Credential issuanace

The process during which a credential is created, assigned to a subject (i.e., a person, organization, application, or device), and optionally bound to one or more authenticators. Authenticators can be subsequently used to prove that a credential is referring to the same subject that was originally bound to the credential.

Identity processes

Identity Maintenance

The process of ensuring that identity information is as accurate, complete, and up-to-date as is required. Identity Maintenance also includes identity notification which is the disclosure of identity information triggered by a change in identity information, (e.g. a vital or a major life event) or an indication that identity information has been exposed to a risk factor. May be time-based or event-based.

Identity Establishment

The creation of an authoritative record of identity that may be relied on by others for subsequent programs, services, and activities. 

Identity resolution

The establishment of the uniqueness of a subject within a program/service population through the use of identity information. A program or service defines its identity resolution requirements in terms of identity attributes; that is, it specifies the set of identity attributes that is required to achieve identity resolution within its population.

Purpose

the digital identity represents the entity to which it was issued.

multiple digital identities cannot be fraudulently created and used;

an entity is unique within a population (e.g., citizens, customers, corporations) so that

an entity is known to be real and identifiable, not a fraudulent creation; and

trusted process

digial identity systems

Assessor

Conformance Criteria

digital representation

A digital representation is an electronic dataset that refers to any type of entity that can be subject to legislation, policy, or regulations within a context, and which may have certain rights, duties, and obligations. Digital representations are intended to be mapped to model real-world actors.


Currently, the PCTF defines three types of digital representation:

  1. Identity – Information that makes it possible to identify a unique entity (e.g., personal 359 information), either on its own or with supporting related information. Examples for 360 persons include names, dates of birth, birth registrations (in the future), or 361 biometrics. Examples for machines could include the serial number, a trusted digital 362 certificate, or network MAC address.
  2. Credential – Information describing attributes or properties of an entity. This information 364 may exist on its own (e.g., as a credential that contains no personal information, only a 365 unique string identifier) or be related to personal information. Examples include 366 education levels (e.g., a university degree in engineering), permission to operate a 367 vehicle (e.g., a driver’s license), income level, or status as an employee at a given firm.
  3. Authenticator – Data issued to an entity that provides access to restricted or protected 369 systems. Examples of common authenticators are use

Representation Types

Authenticator

Authenticators are data used to access managed or protected systems (e.g., a financial institution’s website). An authenticator may be a simple username-password pair or a more complex object like an access token or biometric data.

Credential

Relationship

A credential that attests to the fact that an entity is connected to, affiliated with, or otherwise related in some way to a second entity. Example: A credential issued by a corporate registrar attesting to the fact that a person is an officer of a corporation or credentials issued by the corporation to its personnel that prove they are employed by the firm. A delegation of authority is a particular type of relationship. These credentials attest to the fact that an entity has delegated certain rights, privileges, authorities, etc. to a second entity. Example: A simple credential attesting to the fact that a corporate officer has delegated financial authority to an entity.

Attribute

A credential that provides one or more pieces of information about a single entity. Examples: A simple credential issued by a province that contains a single piece of information attesting to the entity’s age. A simple credential attesting to the entity’s security clearance level. A credential attesting to the fact that a certain mobile phone number is assigned to the entity’s handset. A more complex credential that is a university transcript consisting of data that identifies the courses a student has taken.

Identity

Contextual

Establishes identity and digital representations of entities in specific contexts or use cases. This type includes IDs that are selfissued or assigned.

Foundational

Establishes the existence and digital representation of real, legally recognized entities. 

Real-world Entity