Policy

Limitations on Commercial Activities

Context

The Digital Identity Laboratory of Canada (“IDLab”) is a Canadian federal Non Profit organization founded to advance digital trust by breaking down barriers to digital ID adoption. IDLab promotes conformity and interoperability of digital ID by delivering education, assessment, advisory and sandbox services. Services provided by IDLab are pursuing theses outcomes with IDLab clients and stakeholders:

  • Awareness of, and education on, digital ID state of the art, challenges and opportunities;
  • Collaboration towards the development of digital ID assessment tools, reference frameworks and standards;
  • Discovery of digital ID solutions, components and standards;
  • Experimentation with digital ID solutions, components and standards;
  • Integration of digital ID solutions and components into larger solutions and platforms;
  • Quality assurance of implementation leveraging digital ID solutions, components and standards;
  • Trust by future proofing identity & access management architecture from a digital ID perspective and trust into conformance of a particular implementation, assessed against digital ID related standards or specifications. The assessment and advisory services of IDLab advancing digital trust include architecture reviews, digital ID industry advisory services, solution readiness assessments, technology tests, audits and certifications.

In order to preserve its role as a trusted and neutral third party in the digital ID ecosystem, it is important for IDLab to not engage in commercial activities that would endanger its ability to fulfil its role. At issue in this policy are commercial activities for which IDLab shall not engage in and other commercial activities for which Management may engage in provided it obtains prior authorization from the Board of Directors.


Objective

The objective of this policy is to describe prohibited commercial activities, commercial activities requiring prior permission from the Board of Directors and commercial activities that are allowed.


Application

This policy is adopted under the authority of the Board of Directors of IDLab and applies to the provision of services by IDLab to clients and stakeholders.


Policy Statement

Prohibited commercial activities. The Laboratory shall not:

  1. Act as a reseller of Digital ID solutions, receive commissions, royalties or any other financial benefit directly resulting from sales made by members or clients of the Laboratory;
  2. Develop commercial digital ID solutions with the intent to sell those solutions;
  3. Provide recommendations about which digital ID related solutions to procure or implement;
  4. Provide advisory services on the necessary corrective action to take in relation to a certification scheme nonconformity when the formal nonconformity finding has been established under an assessment services engagement at IDLab.

Third-Party Service Provider. By exception to the previous prohibition and in situations when a RFP requests that a bidder obtain third-party certifications, validations as part of the deliverable, or hosting a reference implementation, the Laboratory may participate, but only if all the following conditions are met:

  • The IDLab shall refuse bidder requests to enter into any exclusivity agreement; and
  • The IDLab shall offer the exact same service at the same price, terms & conditions to all other companies in relation to the same procurement process.

Peripheral activities. In situations where a public or private sector organization approaches the IDLab and requests the IDLab to offer or complete peripheral activities, an ordinary resolution of the Board of Directors shall be obtained before the execution of any Agreement to that effect. A peripheral activity is an activity not prohibited under this policy that falls outside the scope of the IDLab activities listed under the “Context” section at page 1 of this policy. The Directors representing the private sector category of members shall abstain from voting on this resolution. For the purpose of this provision, a “peripheral commercial activity” is an activity that does not fall in the scope of “Laboratory Activities” as listed in the next section of this policy.


Scope of Approved Activities

The scope of the approved activities for the Laboratory includes:

Facilitated outcome Laboratory Activities
Awareness & Education ●      Developing and maintaining internal knowledge of the “state of the art” factual status of digital ID and sharing of same with IDLab clients and stakeholders.

●      Design and deployment of IDLab Education portal related to digital ID to include:

○       Accounts of the “state of the art” in digital ID;

○       Learning Management System (LMS) related to digital ID; and

○       Digital ID Interactive Visit Program to further customize the learning opportunity.

Development of digital ID assessment tools & frameworks ●      Supporting the development of digital ID related standards, assessment, tools and reference assessment frameworks provided this support cannot reasonably be characterized as IDLab favoring a standard or assessment framework over another.

●      Supporting digital ID related communities of support and open source projects

Discovery ●      Hosting of digital ID related solutions and components (always excluding production data) into the Lab’s sandbox infrastructure.

●      Maintaining a catalogue of sandboxes available at the Lab.

Experimentation ●      Providing a dedicated technology environment to Lab subscribers enabling them to easily have access to  “private sandboxes” for the purpose of experimentation, integration, testing  and quality assurance.

●      Facilitating and conducting “use case experiments” leveraging existing digital ID solutions and components.

Integration
Quality Assurance
Trust ●      Providing advisory services in relation to digital ID that preserve the IDLab mission as well as its neutral and independent position, i.e. such services shall exclude providing advice and recommendations on the selection of specific digital ID solutions, however could include factual characterizations of their compliance and interoperability status.

●      Providing assessment services including readiness assessments, testing & certifications in support of digital ID standards and specifications, such as the DIACC Pan-Canadian FrameworkTM [1].

 


Publication

This policy shall be published on the website of the Laboratory.


Amendments to Policy

Amendments to this policy require an ordinary resolution of the Board of Directors.


Version & Change Table

Version Effective on Changes since last version
2.0 5 Nov 2021 Main changes in addition to editorial changes:

–      Introductory part of the Context section amended to reflect the current IDLab core focus (purpose and niche) and to reflect the new categorization of services of IDLab (education, assessment, advisory and sandbox services)

–      Addition of “Development of digital ID assessment frameworks” in Context section

–      Removal of footnote that added clarification with regards to the Laboratory Sandbox Platform

–      Moved approved activities to a dedicated section titled “Scope of Approved Activities”

–      In the Scope of Approved Activities section, addition of “Development of digital ID assessment frameworks” row

1.0 1 April 2020 NA – first version.

 

[1] The “Pan-Canadian Trust Framework” and “PCTF” terms are trademarks owned by DIACC.

That's what they say ;-)

“We’re excited to be part of an initiative that is key to helping enable trusted digital identity in Canada and unlocking the full potential of our country’s digital economy.” 

“KPMG joining the Digital ID Lab demonstrates our commitment to support a robust pan-Canadian ecosystem that will prioritize security, privacy and interoperability for the benefit of all Canadians.”

Imraan Bashir, Partner & National Public Sector Cyber Leader, KPMG Canada

Blog

Read the blog

Stay tuned!

We are working on it! :-)