Related information on digital ID


Sharing our plan

On this page you will find our plan for the technology and standards we are starting with for digital ID in Ontario. They will guide our digital identity projects both internally and within the digital identity ecosystem.

This plan is a starting point and an opportunity to set the initial direction for the province, partners and innovators. We are sharing it to demonstrate our initial direction and intent, and to engage with and prepare the marketplace early in the process.

For now, the information on this page is geared towards those who will create products in the Ontario ecosystem. More accessible information about digital ID technology will be available here as the program matures and we continue to improve and update the site.

Vision

Ontario’s Digital ID will be able to operate at “internet scale” (securely, reliably, at high volumes, globally) and give users a simple, frictionless experience.

Key principles

Ontario’s Digital ID will:

Self-sovereign identity trust model

Ontario’s Digital ID will use self-sovereign identity because it gives the holder control over the credentials in their wallet. In addition, we are layering on these extra privacy-preserving features:

  • Consent — The verifier must ask you to approve their request to confirm your credentials.
  • Data minimization — The verifier can only access what they need to confirm you are eligible for their service. For example, if you need to prove that you are old enough to buy a lottery ticket, the store clerk would only know that you are 18 or older – not your actual age, birth date or anything else about you.
  • Anonymity — Your credentials are not tracked or traced.

Data minimization and anonymity are enabled by zero-knowledge proofs, whereby a verifier can prove that they’ve confirmed a certain thing about you without actually knowing that thing.

Our technology roadmap

We are building the foundation of Ontario’s Digital ID across four major capability areas, including:

Validation

Confirms identity data is accurate and valid
"I use data from my existing physical ID cards during online transactions"

Verification

Confirms the rightful owner of the identity data is present
"Online transactions use photo matching and other technologies to confirm I am who I say I am"

Verifiable credentials

Digital proof of identity is confirmed for integrity and validity
"My digital wallet holds secure, portable and reusable identity records that can be verified in real time both online and in real life"

Ecosystems and platforms

Connections to both internal government and external private-sector data sources to validate identity facts
"I benefit from common standards and linked systems that make it even easier for me to prove who I am online and in person for many uses"

The verification process

The verifiable credential model ensures trust throughout the process.

Image
Diagram of the verification process. Long description is in body text.

First, the holder requests a digital ID and goes through an ID proofing process to establish their identity. Once the identification requirements are satisfied, the issuer will create a digital ID credential, issue it to the holder and publish the public cryptographic keys associated with that digital ID to the verifiable data registry, which uses distributed ledger technology.

When the holder would like to use their digital ID (for example to prove their age at the liquor store), they may tap or scan their digital ID on the verifier’s reader to present (with their consent) the required identity information. This interaction triggers a request to the verifiable data registry to retrieve the Ontario government's public key, which confirms that the holder’s presented credential is accurate and hasn’t been tampered with.

Standards

Verifiable credentials standards

Verifiable credentials are the foundation of digital ID. Ontario’s Digital ID will be based on technology standards from:

Technology standards

These are the technology standards that we are currently considering.

Data model
Verifiable CredentialsW3C

Identity standard
OIDC — OpenID Foundation

Key management
DIDW3C

Data format
JSON-LDW3C

Interoperability
SIOP V2 — OpenID Foundation
Presentation ExchangeDIF
Credential ManifestDIF
Aries Interop Profile 2.0 — Hyperledger

DID method
DID: WEBW3C
DID: KEYW3C
DID: PEERDIF

Signature format
BBS+ (BLS 12-381) —​​​​​​​ W3C
EdDSA (Ed25519) —​​​​​​​ W3C

Communication layer
DIDComm V2DIF