Governments are tremendous issuers of paper needed by businesses which they regularly need access to, ranging from licences to reports. But with everything being digitized there’s demand to improve that access.
However, there are two problems governments have been struggling with for years: Verifying digital documents haven’t been altered and verifying user identities.
At this week’s Identity North conference in Toronto, ITWorldCanada.com learned of two digital identity experiments about to start which, along with many others coming, aim to put the federal, provincial, territorial and municipal government closer to a digital economy:
—The first will start shortly when British Columbia launches a beta test of what it for the time being calls TheOrgBook, a service that initially will give access to business incorporation documents. Why? So a business or a government department can quickly have evidence that a potential partner or supplier is legally incorporated.
Ultimately the service hopes to add dozens of other government-issued digital licences and permits to be searched. Perhaps even law societies and professional organizations will also participate so the public can verify the professional credentials of members.
John Jordan, executive director for services strategy in the office of British Columbia’s CIO and the project lead, hopes one province and the federal government will join the Org Book shortly;
—The second is a federal proof of concept project called Sign In Canada, a unified login authentication service to start in the fall.
The proof of concept involved using a digital credential from an unnamed participating province to interact with either Canada Revenue or the department of employment and social development.
Ultimately the goal is to make it easier for people to log into the roughly 100 federal portals using a range of authentications for a variety of services. Social media login credentials to access to simple government services may be acceptable, but tougher credentials may be needed to access personal information.
These projects are aimed at solving different problems but ultimately the goal is the same: To give individuals and organizations faster access to government services, as well as enable them to work with each other. A business, for example, may need the ability to show another business a government-issued digital permit. So interoperability, project leaders say, is always on their minds.
The solution to some of interoperability issues for both the public and private sectors will become clearer when the Digital Identity and Authorization Council of Canada (DIACC) finalizes its Pan Canadian Trust Framework. The framework will outline rules to identify, authenticate, and authorize users to access resources across public and private organizations. However, while some initial components will be issued in September for comment, the final version will be complete in 2020.
The B.C.-led project, which Ontario and the federal government are also working on, is officially called the Verifiable Organizations Network. As John Jordan explained in an interview, governments want to make it easier for business to do work with it for matters like verifying government issued licences and permits instead of using paper. The problem is creating and exchanging data in a trustworthy way.
Jordan, who says he and others have been working on the problem for several years, said an initial solution used federated identity technologies. That allowed government departments to add services, but the platform couldn’t scale to a national level to handle tens of thousands of businesses.
Enter blockchain
Blockchain and public key infrastructure were the solutions. A blockchain is used to house public keys needed to verify signed government documents. So far the project is using .the Hyperledger Indy blockchain run by the not-for-profit Sovrin Foundation, an identity specialist. Ultimately, Jordan said, the platform may be run by a number of operators. Meanwhile work on a verifiable credentials wallet capable of handling large volumes of credentials is underway.
“We’ll have a directory you can search or you can use an API [to a corporate application] to search every incorporated entity in B.C, and other provinces that join.” That will, we hope, start the ability of other services to add their permits and licences to it.” At some point it is hoped the federal government will add its supplier registry to the platform for the beta test.
Because initially the project uses already publicly-accessed data, no login will be needed. Searching for a company will bring up its legal and business name. Beside the name will be a list of available documents about the company. There will be a ‘Verify This Credential” button. Click, the platform goes through the blockchain for the public key of the signed document, to prove it is currently active and the document’s source.
Jordan said one business told him it could save weeks of delay in checking whether a supplier has the proper B.C. workers’ insurance coverage if the Org Book included so-called work-safe clearance letters issued by a government agency. A company could use the platform to verify online in seconds if a potential customer is actually a registered business.
Ken McMillan, acting director of digital identity at Treasury Board of Canada, outlined to the conference the Sign In Canada project. “The is to create an ecosystem where we have different applications co-existing, where you can login with your Facebook or Google [credentials], depending on the application.” For high-risk credentials like that a user may be allowed access to a limited amount of information. Do access more sensitive information a user might need a digital ID from a province (which, as the issuer of birth certificates really knows who you are), a bank or a telco.
“The point is by driving many possible paths to that single identity we’re being open-ended. We’re allowing that technology can change,” McMillan said.
As an example of the multiple ways residents can sign in for a service, people wanting to access their Canada Revenue Agency tax files can use a CRA-issued credential, or SecureKey’s Concierge service, which allows people to the same username and password from their bank. SecureKey eventually will make Concierge part of its new Verified.Me mobile identification service. That too, could be part of Sign In Canada, McMillan said in an interview. Having multiple ways to authenticate future-proofs the architecture.
Where this is going at the federal level is a vision called OneGC program, where a resident can get to any department they want from any device and have a consistent user experience.
The conference also heard that New Brunswick is staging an invitation-only pilot tests of its MyID project to give citizens a single online identity for accessing provincial resources.