The Digital Identity Laboratory of Canada (“IDLab”) is a Canadian federal Non Profit organization founded to advance digital trust by breaking down barriers to digital ID adoption. IDLab promotes conformity and interoperability of digital ID by delivering education, assessment, advisory and sandbox services. Services provided by IDLab are pursuing theses outcomes with IDLab clients and stakeholders:
In order to preserve its role as a trusted and neutral third party in the digital ID ecosystem, it is important for IDLab to not engage in commercial activities that would endanger its ability to fulfil its role. At issue in this policy are commercial activities for which IDLab shall not engage in and other commercial activities for which Management may engage in provided it obtains prior authorization from the Board of Directors.
The objective of this policy is to describe prohibited commercial activities, commercial activities requiring prior permission from the Board of Directors and commercial activities that are allowed.
This policy is adopted under the authority of the Board of Directors of IDLab and applies to the provision of services by IDLab to clients and stakeholders.
Prohibited commercial activities. The Laboratory shall not:
Third-Party Service Provider. By exception to the previous prohibition and in situations when a RFP requests that a bidder obtain third-party certifications, validations as part of the deliverable, or hosting a reference implementation, the Laboratory may participate, but only if all the following conditions are met:
Peripheral activities. In situations where a public or private sector organization approaches the IDLab and requests the IDLab to offer or complete peripheral activities, an ordinary resolution of the Board of Directors shall be obtained before the execution of any Agreement to that effect. A peripheral activity is an activity not prohibited under this policy that falls outside the scope of the IDLab activities listed under the “Context” section at page 1 of this policy. The Directors representing the private sector category of members shall abstain from voting on this resolution. For the purpose of this provision, a “peripheral commercial activity” is an activity that does not fall in the scope of “Laboratory Activities” as listed in the next section of this policy.
The scope of the approved activities for the Laboratory includes:
|Facilitated outcome||Laboratory Activities|
|Awareness & Education||● Developing and maintaining internal knowledge of the “state of the art” factual status of digital ID and sharing of same with IDLab clients and stakeholders.
● Design and deployment of IDLab Education portal related to digital ID to include:
○ Accounts of the “state of the art” in digital ID;
○ Learning Management System (LMS) related to digital ID; and
○ Digital ID Interactive Visit Program to further customize the learning opportunity.
|Development of digital ID assessment tools & frameworks||● Supporting the development of digital ID related standards, assessment, tools and reference assessment frameworks provided this support cannot reasonably be characterized as IDLab favoring a standard or assessment framework over another.
● Supporting digital ID related communities of support and open source projects
|Discovery||● Hosting of digital ID related solutions and components (always excluding production data) into the Lab’s sandbox infrastructure.
● Maintaining a catalogue of sandboxes available at the Lab.
|Experimentation||● Providing a dedicated technology environment to Lab subscribers enabling them to easily have access to “private sandboxes” for the purpose of experimentation, integration, testing and quality assurance.
● Facilitating and conducting “use case experiments” leveraging existing digital ID solutions and components.
|Trust||● Providing advisory services in relation to digital ID that preserve the IDLab mission as well as its neutral and independent position, i.e. such services shall exclude providing advice and recommendations on the selection of specific digital ID solutions, however could include factual characterizations of their compliance and interoperability status.
● Providing assessment services including readiness assessments, testing & certifications in support of digital ID standards and specifications, such as the DIACC Pan-Canadian FrameworkTM .
This policy shall be published on the website of the Laboratory.
Amendments to this policy require an ordinary resolution of the Board of Directors.
|Version||Effective on||Changes since last version|
|2.0||5 Nov 2021||Main changes in addition to editorial changes:
– Introductory part of the Context section amended to reflect the current IDLab core focus (purpose and niche) and to reflect the new categorization of services of IDLab (education, assessment, advisory and sandbox services)
– Addition of “Development of digital ID assessment frameworks” in Context section
– Removal of footnote that added clarification with regards to the Laboratory Sandbox Platform
– Moved approved activities to a dedicated section titled “Scope of Approved Activities”
– In the Scope of Approved Activities section, addition of “Development of digital ID assessment frameworks” row
|1.0||1 April 2020||NA – first version.|
“We’re excited to be part of an initiative that is key to helping enable trusted digital identity in Canada and unlocking the full potential of our country’s digital economy.”
“KPMG joining the Digital ID Lab demonstrates our commitment to support a robust pan-Canadian ecosystem that will prioritize security, privacy and interoperability for the benefit of all Canadians.”
Imraan Bashir, Partner & National Public Sector Cyber Leader, KPMG Canada
We are working on it! :-)