Interview: Tim Bouma (Senior Policy Analyst for Identity Management at the Treasury Board Secretariat of the Government of Canada)
We started this interview with Tim Bouma talking about his expertise in digital identity and we ended up trying to solve the puzzle of a mysterious death.
On July 8, 1917, Canadian painter Tom Thomson disappeared while on a canoeing trip on Canoe Lake. Eight days later, his body was found in the lake, with a four-inch cut on his right temple. Although the cause of death was determined as “accidental drowning”, the mystery of Tom Thomson’s death, and the speculation of a potential murder, is something that persists in Canadian lore.
Tim Bouma had been a fan of Thomson’s work for years. Reading biographies and collecting sketches of his work. Being a cybersecurity expert specialized in Digital Identity, Tim had a splinter of an idea forming in his mind: creating a fictional digital identity. The mystery of Thomson’s death created the perfect canvas. From March to July that year, during 100 uninterrupted days, Tim Bouma tweeted fictional journal entries channeling Tom Thomson’s persona and what he might be doing that day.
But less about fiction writing and more about digital identity. Tim Bouma coined the phrase Legally-Enabled Self-Sovereign Identity. LESS Identity. That is how he wants his identity to be. These are the four characteristics of a LESS Identity:
- – Minimum Disclosure: Being able to disclose the minimum personal data possible in order to use/access a service.
- – Full Control: The user must have full control over what personal information he chooses to disclose (at any point in time).
- – Necessary Proof: In case the verifying party needs proof about the claim a user is making, the user has to be able to provide proof that sustain his claim. (i.e: attestations by a legal authority, etc)
- – Legally-Enabled: The existence of a legal framework that protects the users and the organisations providing the services while using this digital identity.
Bouma is a proponent of Self-Sovereign Identity. An approach to Digital Identity that puts the user at the center of the locus of control.
The locus of control is the “degree to which people believe that they have control over the outcome of events in their lives, as opposed to external forces beyond their control” (Source).
Self-Sovereign Identity removes the middle man as a vehicle of trust. An individual can prove claims about him or herself to an organisation without the need for that organisation to verify the authenticity of the claim with a third party. This is done through the use of blockchain technology.
Though Self-Sovereign Identity still has some issues to be figured out. Like how to make sure that a digital identity corresponds to an existing person in the analogue world. According to Tim, humans will always have to be involved in the “origin” moment. The initial registration process of the digital identity. “However, once that origin registration is carried out, your digital identity can be easily assured on an ongoing basis, using cryptography, verifiable claims, etc. But that digital identity, to be trusted, must be traceable back to that origin registration.” (Source)
Pan-Canadian Trust Framework
Tim is also one of the masterminds behind the Pan-Canadian Trust Framework.
Given Canada’s different levels of Government – Provincial, Territorial and Federal – this framework aims to avoid the creation of program-centred identities and ensure “the integrity of identity management business processes”, so that everyone can rely on each other’s digital identities.
Through this framework, Canadians will be able to “seamlessly access government services on-demand across jurisdictions in a matter of moments” (Source) and the government will be able to accept “trusted digital identities from other jurisdictions, greatly streamlines program enrolment processes and reduces costs — because the client is already known and trusted.” (Source).
The ultimate goal is to be able to use a Provincially or Territorially issued digital identity to access a federal program. What Canada’s government see as a “big win for all Canadians”. (Source)
What are your responsibilities as Senior Policy Analyst for Identity Management at the Treasury Board Secretariat of the Government of Canada?
My role is to develop identity management policy instruments for Treasury Board Secretariat (TBS). TBS is a central agency for the Government of Canada and is responsible for management oversight for federal departments and agencies. Our policy instruments are the basis for aligning identity management capabilities across government. We also work with the Provinces and Territories to ensure alignment across Canada, which we call the Pan-Canadian Approach. Much of the work on the Pan-Canadian Trust Framework evolved from the collaborative work we have done with our different levels of government.
In the field of Digital Identity, what is the question that people should be asking more but aren’t?
The question people should be asking – ‘Why are you setting up your own identity management systems?’ If you are setting up your own systems, you are placing an even greater burden on your clients, who have to prove themselves one more time, and remember yet another password.
What are the specific roadblocks other people in this space should look out for?
The identity management technology is largely there. Centralized and federated approaches have existed for years. Decentralized and self-sovereigns are rapidly evolving and will become mainstream soon. So the roadblocks are largely conceptual – it’s about understanding how your program or business fits into a larger ecosystem. Two decades ago, during the dot-com boom, everyone was setting up their own servers, now nobody does that – it’s a cloud now. Soon identity, or self-sovereign-identity will be available as a utility and controlled by the users.
What are your hopes for the digital identity field in the future?
My hope is that Canadians will be able to access services without having second thought to their safety and security. The systems that will enable digital identity, or more generally verifiable credentials, will be open, interoperable and be as ubiquitous as GPS.
What is the book you have recommended most to others?
I could recommend my own book that would be self-serving. The latest book I am reading is The Blockchain and the New Architecture for Trust, by Kevin Werbach. A book which I really enjoyed, challenging my perspective, was Metaphors We Live By, by George Lakoff and Mark Johnson. I also have a few technical books on the go. I can’t say enough good things about Mastering Bitcoin, by Andreas Antonopoulos. Finally, for relaxation, I subscribe to Kindle Unlimited and churn through CIA spy-thrillers.
We, at Tykn, would like to thank Tim Bouma for his time and for sharing his ideas and knowledge with us. Thank you, Tim! Be sure to follow him on Twitter.
If you’re keen on reading more, we’ve published a thorough guide on how Self-Sovereign Identity is innovating in different industries. Also, there’s this guide on how identity management works with blockchain.