Related information on digital ID
Sharing our plan
On this page you will find our plan for the technology and standards we are starting with for digital ID in Ontario. They will guide our digital identity projects both internally and within the digital identity ecosystem.
This plan is a starting point and an opportunity to set the initial direction for the province, partners and innovators. We are sharing it to demonstrate our initial direction and intent, and to engage with and prepare the marketplace early in the process.
For now, the information on this page is geared towards those who will create products in the Ontario ecosystem. More accessible information about digital ID technology will be available here as the program matures and we continue to improve and update the site.
Vision
Ontario’s Digital ID will be able to operate at “internet scale” (securely, reliably, at high volumes, globally) and give users a simple, frictionless experience.
Key principles
Ontario’s Digital ID will:
- comply with government and industry standards, frameworks and laws including:
- The CIO Strategy Council’s Digital Trust and Identity – Part 1: Fundamentals (CAN/CIOSC 103-1:2020)
- Government of Canada’s Verified Person Conformance Criteria
- DIACC-Pan-Canadian Trust Framework
- Web Content Accessibility Guidelines (WCAG)
- Ontario Digital Service’s Digital Service Standard
- Anti-Racism Data Standards
- Municipal Freedom of Information and Protection of Privacy Act (MFIPPA)
- Freedom of Information and Protection of Privacy Act (FIPPA)
- Personal Health Information Protection Act (PHIPA)
- Accessibility for Ontarians with Disabilities Act (AODA)
- align with emerging technology standards
- be flexible and allow us to pivot as standards evolve
- support a frictionless and equitable user experience
- be interoperable and developed to align and work with other Canadian jurisdictions
- use open-source solutions wherever possible while contributing what we’ve learned and developed with the digital identity community
- use open standards and encourage private-sector market innovation
Self-sovereign identity trust model
Ontario’s Digital ID will use self-sovereign identity because it gives the holder control over the credentials in their wallet. In addition, we are layering on these extra privacy-preserving features:
- Consent — The verifier must ask you to approve their request to confirm your credentials.
- Data minimization — The verifier can only access what they need to confirm you are eligible for their service. For example, if you need to prove that you are old enough to buy a lottery ticket, the store clerk would only know that you are 18 or older – not your actual age, birth date or anything else about you.
- Anonymity — Your credentials are not tracked or traced.
Data minimization and anonymity are enabled by zero-knowledge proofs, whereby a verifier can prove that they’ve confirmed a certain thing about you without actually knowing that thing.
Our technology roadmap
We are building the foundation of Ontario’s Digital ID across four major capability areas, including:
Validation
Confirms identity data is accurate and valid
"I use data from my existing physical ID cards during online transactions"
Verification
Confirms the rightful owner of the identity data is present
"Online transactions use photo matching and other technologies to confirm I am who I say I am"
Verifiable credentials
Digital proof of identity is confirmed for integrity and validity
"My digital wallet holds secure, portable and reusable identity records that can be verified in real time both online and in real life"
Ecosystems and platforms
Connections to both internal government and external private-sector data sources to validate identity facts
"I benefit from common standards and linked systems that make it even easier for me to prove who I am online and in person for many uses"
The verification process
The verifiable credential model ensures trust throughout the process.
First, the holder requests a digital ID and goes through an ID proofing process to establish their identity. Once the identification requirements are satisfied, the issuer will create a digital ID credential, issue it to the holder and publish the public cryptographic keys associated with that digital ID to the verifiable data registry, which uses distributed ledger technology.
When the holder would like to use their digital ID (for example to prove their age at the liquor store), they may tap or scan their digital ID on the verifier’s reader to present (with their consent) the required identity information. This interaction triggers a request to the verifiable data registry to retrieve the Ontario government's public key, which confirms that the holder’s presented credential is accurate and hasn’t been tampered with.
Standards
Verifiable credentials standards
Verifiable credentials are the foundation of digital ID. Ontario’s Digital ID will be based on technology standards from:
- The World Wide Web Consortium (W3C)
- The Decentralized Identity Foundation (DIF)
- Trust Over IP Foundation
- OpenID connect
Technology standards
These are the technology standards that we are currently considering.
Data model
Verifiable Credentials — W3C
Identity standard
OIDC — OpenID Foundation
Interoperability
SIOP V2 — OpenID Foundation
Presentation Exchange — DIF
Credential Manifest — DIF
Aries Interop Profile 2.0 — Hyperledger
Signature format
BBS+ (BLS 12-381) — W3C
EdDSA (Ed25519) — W3C
Communication layer
DIDComm V2 — DIF