{"id":24727,"date":"2023-08-30T11:36:58","date_gmt":"2023-08-30T18:36:58","guid":{"rendered":"https:\/\/diacc.ca\/?page_id=24727"},"modified":"2025-12-01T14:46:24","modified_gmt":"2025-12-01T22:46:24","slug":"trust-framework","status":"publish","type":"page","link":"https:\/\/diacc.ca\/trust-framework\/","title":{"rendered":"Trust Framework"},"content":{"rendered":"<header class=\"header-slider-image-copy height-80vh m-height-75vh relative mt-48 sm:mt-20 sm:mb-20 \" style=\"background-color: #FFFFFF\">\n                        <div class=\"height-80vh bg-cover m-height-75vh\" style=\"background-image: linear-gradient(0deg,rgba(255, 249, 249, 0.7),rgba(255, 249, 249, 0.7)), url(https:\/\/diacc.ca\/wp-content\/uploads\/2016\/08\/railway-diacc.jpg); background-position: center center\" title=\"railway diacc\">\n                <div class=\"container flex justify-center items-start h-full flex-col\" data-aos=\"fade\" data-aos-easing=\"ease-in-out\" data-aos-anchor-placement=top-bottom\" data-aos-delay=\"1000\" data-aos-offset=\"0\">\n                                            <h1 class=\"fs48 mfs28 font-bold max-w-5xl sm:w-full mb-12\">Trust Framework<\/h1>\n                    \n                                    <\/div>\n            <\/div>\n            <\/header>\n\n<section class=\"mt-10 mb-48 sm:mt-20 sm:mb-20 \" style=\"background-color: #FFFFFF\">\n   <div class=\"container\" data-aos=\"fade-up\" data-aos-easing=\"ease-in-out\" data-aos-anchor-placement=top-bottom\" data-aos-delay=\"0\" data-aos-offset=\"0\">\n        <div class=\"wysiwyg-block w-full sm:w-full\">\n            <p><span style=\"font-family: helvetica, arial, sans-serif;\">The Pan-Canadian Trust Framework\u2122 (PCTF) addresses current and future Canadian digital identity ecosystem innovation needs by verifying the trust of services and networks.<\/span><\/p>\n<p><span style=\"font-family: helvetica, arial, sans-serif;\">PCTF documents and artifacts help to secure the interoperability of public and private sector identity capabilities while prioritizing user-centred design, privacy, security, and convenience of use.<\/span><\/p>\n<p><span style=\"font-family: helvetica, arial, sans-serif;\">PCTF is an open public resource. It will always be freely available to the public for review and adoption. Drafts are made available for public review and input. PCTF develops under DIACC\u2019s neutral good governance policies and procedures.<\/span><\/p>\n<h3><span style=\"color: #000080; font-family: helvetica, arial, sans-serif;\">Quick Links<\/span><\/h3>\n<ul>\n<li><span style=\"font-family: helvetica, arial, sans-serif;\"><a href=\"https:\/\/diacc.ca\/overview\/\">Overview<\/a><\/span><\/li>\n<li><a href=\"https:\/\/diacc.ca\/certification-program\/\">Certification Program<\/a><\/li>\n<li><a href=\"https:\/\/diacc.ca\/certification-program\/trusted-list\/\">Trusted List of Certified Providers<\/a><\/li>\n<\/ul>\n<h3><span style=\"color: #283780; font-family: helvetica, arial, sans-serif;\">One Framework, Many Partners<\/span><\/h3>\n<p><span style=\"font-weight: 400; font-family: helvetica, arial, sans-serif;\">Benefits <span style=\"font-weight: 400;\">from the inputs of Canada\u2019s federal, provincial, and territorial representatives within the Joint Councils (a multi-jurisdictional collaborative body supported by the Institute for Citizen-Centred Services), the Canadian public sector, international stakeholders, and the broad economic sector.<\/span><\/span><\/p>\n<h3><span style=\"color: #283780; font-family: helvetica, arial, sans-serif;\">PCTF Documents<\/span><\/h3>\n<p><span style=\"font-weight: 400; font-family: helvetica, arial, sans-serif;\">To respond to the complexities that digital identity and trust entail, the PCTF has a modular approach, which provides a comprehensive set of documents aligned to the various functionalities and core aspects of identity management services.\u00a0<\/span><\/p>\n\n<table id=\"tablepress-18\" class=\"tablepress tablepress-id-18\">\n<thead>\n<tr class=\"row-1\">\n\t<th class=\"column-1\">Title<\/th><th class=\"column-2\">Status<\/th><th class=\"column-3\">Scope<\/th><th class=\"column-4\">Notice<\/th><th class=\"column-5\">Number<\/th><th class=\"column-6\">Type<\/th><th class=\"column-7\">Ready for Certification<\/th>\n<\/tr>\n<\/thead>\n<tbody class=\"row-striping row-hover\">\n<tr class=\"row-2\">\n\t<td class=\"column-1\"><a href=\"https:\/\/diacc.ca\/wp-content\/uploads\/2023\/10\/PCTF-Overview_Final-V1.0_ENG-.pdf\" rel=\"noopener\" target=\"_blank\">Overview<\/a><\/td><td class=\"column-2\">Final<\/td><td class=\"column-3\">Explaining the Pan-Canadian Trust Framework background, scope, relevance, value proposition, applicability, target audience, development and maintenance process, relationship with other frameworks and third-party conformity assessment.  <\/td><td class=\"column-4\">2023-10-30<\/td><td class=\"column-5\">DIACC PCTF00<\/td><td class=\"column-6\">Informative<\/td><td class=\"column-7\">Not Applicable<\/td>\n<\/tr>\n<tr class=\"row-3\">\n\t<td class=\"column-1\"><a href=\"https:\/\/diacc.ca\/wp-content\/uploads\/2025\/05\/PCTF-Glossary-Final-Reco-V1.1_ENG.pdf\" target=\"_blank\">Glossary<\/a><\/td><td class=\"column-2\">Final Recommendation V1.1<\/td><td class=\"column-3\">Outlining terms and definitions used by DIACC across the PCTF to ensure all stakeholders have a shared and consistent understanding of terms used in the context of the framework.<\/td><td class=\"column-4\">2025-05-20<\/td><td class=\"column-5\">DIACC PCTF10<\/td><td class=\"column-6\">Informative<\/td><td class=\"column-7\">Not Applicable<\/td>\n<\/tr>\n<tr class=\"row-4\">\n\t<td class=\"column-1\"><a href=\"https:\/\/diacc.ca\/wp-content\/uploads\/2024\/10\/PCTF-Authentication_Final-Rec-V1.2_Compressed_ENG.pdf\" rel=\"noopener\" target=\"_blank\">Authentication<\/a><\/td><td class=\"column-2\">Final Recommendation V1.2<\/td><td class=\"column-3\">Describes how verifying identity allows access to digital systems. Defines the trusted processes (Credential Issuance, Authentication, Session Initiation\/Termination, Credential Suspension\/Recovery\/Maintenance\/Revocation), roles (Authentication and Credential Service Providers), risks and proposed safeguards, use cases (e.g., verifiable credentials in mobile digital wallets; biometric authenticators, etc.) and conformance requirements to specific levels of confidence. It ensures consistent login processes across platforms, enhancing security and usability, and assures that identified users can securely engage in authorized interactions with remote systems.<\/td><td class=\"column-4\">2024-08-09<\/td><td class=\"column-5\">DIACC PCTF03<\/td><td class=\"column-6\">Normative<\/td><td class=\"column-7\">Yes<\/td>\n<\/tr>\n<tr class=\"row-5\">\n\t<td class=\"column-1\"><a href=\"https:\/\/diacc.ca\/wp-content\/uploads\/2024\/10\/PCTF-Verified-Person_Final-Rec-V1.2-Errata_Compressed_ENG.pdf\" rel=\"noopener\" target=\"_blank\">Verified Person<\/a><\/td><td class=\"column-2\">Final Recommendation V1.2 Errata<\/td><td class=\"column-3\">Describes identity proofing, which involves linking a subject accessing online services to a real-life person. Addresses techniques for verifying a person is a real, unique, and identifiable human being and trusted processes (establishing sources of identity evidence, identity resolution, identity establishment, validating identity information, identity verification, evidence validation, identity presentation and identity maintenance ), roles, and conformance requirements according to the levels of assurance needed.<\/td><td class=\"column-4\">2022-03-31<\/td><td class=\"column-5\">DIACC PCTF05<\/td><td class=\"column-6\">Normative<\/td><td class=\"column-7\">Yes<\/td>\n<\/tr>\n<tr class=\"row-6\">\n\t<td class=\"column-1\"><a href=\"https:\/\/diacc.ca\/wp-content\/uploads\/2024\/10\/PCTF-Privacy_Final-Rec-V1.2_Compressed_ENG.pdf\" rel=\"noopener\" target=\"_blank\">Privacy<\/a><\/td><td class=\"column-2\">Final Recommendation V1.2<\/td><td class=\"column-3\">Describes requirements for handling personal information associated with digital identity, designed to demonstrate that participants (Disclosing Organizations, Requesting Organizations, Notice and Consent Processors, Network Facilitators) are handling digital identity information in alignment with the ten Principles defined in Canada&#8217;s Personal Information Protection and Electronic Documents Act (PIPEDA) legislation. <\/td><td class=\"column-4\">2022-03-31<\/td><td class=\"column-5\">DIACC PCTF04<\/td><td class=\"column-6\">Normative<\/td><td class=\"column-7\">Yes<\/td>\n<\/tr>\n<tr class=\"row-7\">\n\t<td class=\"column-1\"><a href=\"https:\/\/diacc.ca\/wp-content\/uploads\/2024\/10\/PCTF-Infrastructure-Technology-Operations_Final-Rec-V1.2_Compressed_ENG.pdf\" rel=\"noopener\" target=\"_blank\">Infrastructure (Technology &amp; Operations)<\/a><\/td><td class=\"column-2\">Final Recommendation V1.2<\/td><td class=\"column-3\">Describes the capabilities required to operate a trusted infrastructure as a platform for delivering digital identity-related services, including policies and plans, technology and operations related to information security management and technical security controls, risk and fraud management, information and integrity management, and incident response, among others. <\/td><td class=\"column-4\">2023-04-25<\/td><td class=\"column-5\">DIACC PCTF08<\/td><td class=\"column-6\">Normative<\/td><td class=\"column-7\">Yes<\/td>\n<\/tr>\n<tr class=\"row-8\">\n\t<td class=\"column-1\"><a href=\"https:\/\/diacc.ca\/wp-content\/uploads\/2024\/10\/PCTF-Digital-Wallet_Final-Rec-V1.0_Compressed_ENG.pdf\" rel=\"noopener\" target=\"_blank\">Digital Wallet<\/a><\/td><td class=\"column-2\">Final Recommendation V1.0<\/td><td class=\"column-3\">Describes an approach to assess the degree to which a digital wallet that contains digital identities and related assets accomplishes specific goals, including privacy preservation, consent-driven interactions, interoperability, increased protection against cyber threats and creating a trusted environment for wallet holders to interact with its ecosystem participants. It addresses trust relationships (applicant- issuer-holder-verifier-repository); trusted processes (Wallet Instantiation and Security, Credential Management and Use, Consent Management), roles, risk repository and mitigation strategies, and conformance requirements. <\/td><td class=\"column-4\">2023-04-25<\/td><td class=\"column-5\">DIACC PCTF12<\/td><td class=\"column-6\">Normative<\/td><td class=\"column-7\">Yes<\/td>\n<\/tr>\n<tr class=\"row-9\">\n\t<td class=\"column-1\"><a href=\"https:\/\/diacc.ca\/wp-content\/uploads\/2024\/10\/PCTF-Trust-Registries_Final-Rec-V1.0_Compressed_ENG.pdf\" rel=\"noopener\" target=\"_blank\">Trust Registries<\/a><\/td><td class=\"column-2\">Final Recommendation V1.0<\/td><td class=\"column-3\">Describes the means for participants of a digital identity ecosystem to verify that other ecosystem participants are trustworthy. Participants registered in the Trust Registry include Issuers, Verifiers, and Wallet Providers. Providing conformance requirements concerning the trust registry&#8217;s governance, operations, registration, and certification management. <\/td><td class=\"column-4\">2023-11-10<\/td><td class=\"column-5\">DIACC PCTF13<\/td><td class=\"column-6\">Normative<\/td><td class=\"column-7\">Yes<\/td>\n<\/tr>\n<tr class=\"row-10\">\n\t<td class=\"column-1\"><a href=\"https:\/\/diacc.ca\/wp-content\/uploads\/2024\/10\/PCTF-Credentials-Relationships-Attributes_Final-Rec-V1.0_Compressed_ENG.pdf\" rel=\"noopener\" target=\"_blank\">Credentials (Relationships &amp; Attributes)<\/a><\/td><td class=\"column-2\">Final Recommendation V1.0<\/td><td class=\"column-3\">Establishes requirements for the conformity of credential lifecycle management at determined levels of assurance, including trusted relationships processes (define, declare, endorse, validate, disclaim)  and trusted attributes processes (define, bind, maintain, revoke) and risk evaluation. It emphasizes trust beyond technical data, focusing on transparency, reliability, and secure connections between entities, enabling the routine acceptance of digital credentials.<\/td><td class=\"column-4\">2020-06-01<\/td><td class=\"column-5\">DIACC PCTF07<\/td><td class=\"column-6\">Normative<\/td><td class=\"column-7\">No<\/td>\n<\/tr>\n<tr class=\"row-11\">\n\t<td class=\"column-1\"><a href=\"https:\/\/diacc.ca\/wp-content\/uploads\/2024\/10\/PCTF-Verified-Organization_Final-Rec-V1.0_Comrpessed_ENG.pdf\" rel=\"noopener\" target=\"_blank\">Verified Organization<\/a><\/td><td class=\"column-2\">Final Recommendation V1.0<\/td><td class=\"column-3\">Defining processes and specifying conformance criteria for establishing and verifying an organization&#8217;s identity, including processes to ensure that an organization has been adequately verified and creating a trusted digital representation for an organization.<\/td><td class=\"column-4\">2020-02-17<\/td><td class=\"column-5\">DIACC PCTF06<\/td><td class=\"column-6\">Normative<\/td><td class=\"column-7\">No<\/td>\n<\/tr>\n<tr class=\"row-12\">\n\t<td class=\"column-1\"><a href=\"https:\/\/diacc.ca\/wp-content\/uploads\/2024\/10\/PCTF-Notice-Consent_Final-Rec-V1.0_Compressed_ENG.pdf\" rel=\"noopener\" target=\"_blank\">Notice &amp; Consent<\/a><\/td><td class=\"column-2\">Final Recommendation V1.0<\/td><td class=\"column-3\">Defines criteria used to formulate a statement about the collection, use and disclosure of personal information, and to obtain a consent decision on that statement from a person authorized to do so.<\/td><td class=\"column-4\">2019-04-03<\/td><td class=\"column-5\">DIACC PCTF02<\/td><td class=\"column-6\">Normative<\/td><td class=\"column-7\">No<\/td>\n<\/tr>\n<tr class=\"row-13\">\n\t<td class=\"column-1\"><a href=\"https:\/\/diacc.ca\/wp-content\/uploads\/2025\/10\/PCTF-Legal-Professionals-Profile-Final-Recommendation-V1.1_ENG.pdf\">Legal Professionals Profile<\/a><\/td><td class=\"column-2\">Final Recommendation V1.1<\/td><td class=\"column-3\">The PCTF Legal Professionals Profile is the first industry-focused profile of the PCTF and is intended to help regulated lawyers make informed decisions on how best to adopt digital trust services and solutions for things like remote client verification and fraud reduction.<\/td><td class=\"column-4\">2025-09-22<\/td><td class=\"column-5\">DIACC PCTF14<\/td><td class=\"column-6\">Normative<\/td><td class=\"column-7\">Yes<\/td>\n<\/tr>\n<tr class=\"row-14\">\n\t<td class=\"column-1\"><a href=\"https:\/\/diacc.ca\/wp-content\/uploads\/2021\/06\/PCTF-Assurance-Maturity-Model-Draft-Recommendation-V1.0r.pdf\" rel=\"noopener\" target=\"_blank\">Assurance Maturity Model<\/a><\/td><td class=\"column-2\">Draft Recommendation V1.0<\/td><td class=\"column-3\">Provides guidance regarding how to use PCTF conformance criteria in order to properly classify Levels of Assurance.<\/td><td class=\"column-4\">2021-06-28<\/td><td class=\"column-5\">DIACC PCTF11<\/td><td class=\"column-6\">Informative<\/td><td class=\"column-7\">Not Applicable<\/td>\n<\/tr>\n<tr class=\"row-15\">\n\t<td class=\"column-1\"><a href=\"https:\/\/diacc.ca\/2026\/05\/05\/request-for-comment-ipr-review-pctf-automotive-identity-profile\/\">Automotive Identity Profile<\/a><\/td><td class=\"column-2\">Draft Recommendation V1.0<\/td><td class=\"column-3\">Defines auditable identity assurance criteria for vehicle purchasing and financing to meet Canadian bank expectations and reduce fraud.<\/td><td class=\"column-4\">2025-05-05<\/td><td class=\"column-5\">DIACC PCTF 15<\/td><td class=\"column-6\">Normative<\/td><td class=\"column-7\">No<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n<h3><span style=\"color: #283780; font-family: helvetica, arial, sans-serif;\">Development &amp; Maintenance<\/span><\/h3>\n<p><span style=\"font-weight: 400; font-family: helvetica, arial, sans-serif;\">The PCTF is developed and maintained through an open and collaborative process defined in the DIACC Operating Procedures. The DIACC\u2019s Trust Framework Expert Committee (TFEC) is the working group responsible for developing and maintaining the PCTF. The TFEC consists of members from the public and private sectors who work collaboratively through a Peer-Review and Development Process to maintain the PCTF, ensuring it\u2019s up to date with evolving ecosystems.\u00a0<\/span><\/p>\n<p><span style=\"font-family: helvetica, arial, sans-serif;\"><span style=\"font-weight: 400;\">The TFEC defines the PCTF&#8217;s informative and normative documents, adhering to <\/span><a href=\"https:\/\/diacc.ca\/controlling-policies\/\"><span style=\"font-weight: 400;\">DIACC\u2019s Operating Procedures<\/span><\/a><span style=\"font-weight: 400;\">, and describes the applicable value propositions across Canada\u2019s public and private sectors. The TFEC ensures audibility, suitability, and consistency of its defined conformance criteria operationalized in the DIACC\u2019s Certification Program. <\/span><\/span><\/p>\n<h3><span style=\"color: #283780; font-family: helvetica, arial, sans-serif;\">PCTF Conformance Criteria Development Process<\/span><\/h3>\n<p><span style=\"font-weight: 400; font-family: helvetica, arial, sans-serif;\">The PCTF requirements are developed following an open and standardized process as specified in the following graphic. These include initial draft development, committee review, DIACC Board approval for public input, revisions to incorporate public feedback, and approval from DIACC membership for final publication. <\/span><\/p>\n<p><span style=\"font-family: helvetica, arial, sans-serif;\"><img decoding=\"async\" class=\" wp-image-24737 aligncenter\" src=\"https:\/\/diacc.ca\/wp-content\/uploads\/2023\/08\/PCTF-Peer-Review-Development-Process-Final-300x201.png\" alt=\"\" width=\"771\" height=\"516\" srcset=\"https:\/\/diacc.ca\/wp-content\/uploads\/2023\/08\/PCTF-Peer-Review-Development-Process-Final-300x201.png 300w, https:\/\/diacc.ca\/wp-content\/uploads\/2023\/08\/PCTF-Peer-Review-Development-Process-Final-1024x685.png 1024w, https:\/\/diacc.ca\/wp-content\/uploads\/2023\/08\/PCTF-Peer-Review-Development-Process-Final-768x514.png 768w, https:\/\/diacc.ca\/wp-content\/uploads\/2023\/08\/PCTF-Peer-Review-Development-Process-Final.png 1369w\" sizes=\"(max-width: 771px) 100vw, 771px\" \/><\/span><\/p>\n<p><span style=\"font-weight: 400; font-family: helvetica, arial, sans-serif;\">As specified in the Operating Procedures, reviewing the informative and normative documents is a public and open process where any interested party can participate and provide feedback. The public Call for Comments &amp; IPR Review period is vital to the DIACC multistakeholder model. It provides a mechanism to ensure a balanced representation of interested parties&#8217; opinions, views, and suggestions.\u00a0<\/span><\/p>\n<p><span style=\"font-family: helvetica, arial, sans-serif;\"><span style=\"font-weight: 400;\">In addition to the public comment review periods, DIACC offers an ongoing channel for anyone interested in providing feedback using the <\/span><a href=\"https:\/\/docs.google.com\/forms\/d\/e\/1FAIpQLSesBmiNp0RXkAdJTaiDpJPw42B-BAVaUCeksupJtYOQoetOYg\/viewform\"><span style=\"font-weight: 400;\">PCTF Out of Band Feedback form<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0<\/span><\/span><\/p>\n<p><span style=\"font-weight: 400; font-family: helvetica, arial, sans-serif;\">This form collects PCTF public community feedback outside the prescribed public review &amp; comment periods. The DIACC team monitors this form&#8217;s responses every quarter. The DIACC\u2019s TFEC will consider comments for inclusion.<\/span><\/p>\n        <\/div>\n           <\/div>\n<\/section>","protected":false},"excerpt":{"rendered":"","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":33,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"sfsi_plus_gutenberg_text_before_share":"","sfsi_plus_gutenberg_show_text_before_share":"","sfsi_plus_gutenberg_icon_type":"","sfsi_plus_gutenberg_icon_alignemt":"","sfsi_plus_gutenburg_max_per_row":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-24727","page","type-page","status-publish","hentry"],"acf":[],"lang":"en","translations":{"en":24727,"fr":24749},"pll_sync_post":[],"_links":{"self":[{"href":"https:\/\/diacc.ca\/wp-json\/wp\/v2\/pages\/24727","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/diacc.ca\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/diacc.ca\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/diacc.ca\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/diacc.ca\/wp-json\/wp\/v2\/comments?post=24727"}],"version-history":[{"count":76,"href":"https:\/\/diacc.ca\/wp-json\/wp\/v2\/pages\/24727\/revisions"}],"predecessor-version":[{"id":88542,"href":"https:\/\/diacc.ca\/wp-json\/wp\/v2\/pages\/24727\/revisions\/88542"}],"wp:attachment":[{"href":"https:\/\/diacc.ca\/wp-json\/wp\/v2\/media?parent=24727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}