It all begins with trust, and here’s a framework
October 13, 2015

A Trust Framework is at its core a collection of documentation that establishes a foundation of trust between participants in an identity ecosystem. We’ve put together a technical paper that details the Trust Framework that powers the SecureKey Concierge service in Canada.

The SecureKey Concierge™ service, operated by SecureKey Technologies Inc. in Canada, has experienced a doubling of user credentials in each of the past two years with millions of Canadians using the service to connect with online public sector destinations. The types of transactions Canadians conduct using the service and the scale involved demands transparency, performance and security at the highest levels. The service is powered by a Trust Framework that incorporates the requirements for use of technical standards and the implementation of privacy and security mechanisms necessary to enable secure online authentication transactions between Users and Relying Parties (RPs) through a network of trusted Credential Providers (CPs).

The publication of the Trust Framework aligns with SecureKey’s commitment to openness and transparency with respect to its consumer identity and authentication services and is available for review here. This white paper provides details on the business, privacy, legal and technical requirements of the SecureKey Concierge service, and outlines key criteria and attributes for a consumer service that requires both privacy and security while offering consumers a service that they love to use.

“The Trust Framework serves as a model to emulate when building identity services built for scale, security and convenience while ensuring the highest levels of privacy that citizens deserve and demand,” said Rene McIver, Chief Security Officer for SecureKey, and primary author of the white paper.

As with any identity ecosystem, the SecureKey Concierge Trust Framework incorporates the use of particular technology and standards, identifies roles and responsibilities of each participant, formalizes participation through contractual relationships and has a governance structure in place to ensure ecosystem development and enhancement.

By delivering both privacy and security in an identity service that both consumers and providers of online services can embrace is an important step toward stemming the password proliferation problem – and it all begins with trust.