Get the best cybersecurity science, research, resources and insights to help secure and safeguard the digital world.
No Charge. No Spam. Unsubscribe Anytime.

Where identity will be

Where identity will be

The Digital Identification and Authentication Council of Canada (DIACC), a non-profit coalition of public and private sector leaders, recently released a strategy paper on Building Canada’s Digital Future which articulates a vision of the future of identity and secure online transactions in Canada.

The Canadian public sector identity digital services are among the most advanced in the world, and I was fascinated by the nature of the DIACC when it launched last year.

This strategy paper outlines a shared public and private sector vision with some interesting and important points:

All in all, it is an impressive articulation of a shared public and private sector view of where identity needs to be in order enable Canadians’ full and secure participation in the global digital economy.


Are you certifiable?

It appears that not everyone is happy in the land of OpenID Connect self-certification.

  • As someone who used to manage a public sector certification program, I am mildly amused to see the 'for the public good and equality for all' argument here. OIDF is not a public sector organization accountable to the public. So giving its own membership a fast-pass to the front of the queue, before opening the queue to the general public, is not unexpected. I would have more of a concern if the general queue did not exist, but it certainly appears to exist in this case

  • The actual tools for testing OAuth2/OpenID Connect standard compliance are in the public domain and available to everyone

User-Managed Access (UMA) Version 1.0 specifications have achieved the status of Kantara Initiative Recommendations. UMA is an OAuth-based protocol designed to give a web user a unified control point for authorizing who and what can get access to their online personal data

  • Webcast on UMA on its roadmap for adoption and call for open implementations

cyberforge: random and relevant

  • Interesting user experience work from New Zealand on customer segmentation when it comes to digital service delivery

  • PrivacyCheck is a free browser extension that scans privacy policies online and illustrates the risk of sharing personal data with any given company

  • Harvard Business Review article on customer data. '...Resolving this tension will require companies and policy makers to move the data privacy discussion beyond advertising use and the simplistic notion that aggressive data collection is bad. We believe the answer is more nuanced guidance—specifically, guidelines that align the interests of companies and their customers, and ensure that both parties benefit from personal data collection

  • Exploring the identity economy - Stories produced by Passcode for the ID360 conference hosted by the University of Texas at Austin's Center for Identity


 Tweet  Share  Share  Share  Pin  Email


Get the best cybersecurity science, research, resources and insights to help secure and safeguard the digital world.
No Charge. No Spam. Unsubscribe Anytime.