References: Principles for Electronic Authentication
General
Domestic - Background
Domestic - Related Initiatives and Reference Documents
International - Related Initiatives and Reference Documents
Principles
Principle 1: Responsibilities of Parties
Principle 2: Risk Management
Principle 3: Security
Principle 4: Privacy
Principle 5: Disclosure Requirements
Principle 6: Complaints Handling
General
Domestic: Background
Industry Canada Electronic Commerce Policy - Authentication
A Cryptography Policy Framework for Electronic Commerce: Building Canada's Information Economy and Society (Canada's Cryptography Policy (1998)
Government of Canada
Domestic: Related Initiatives and Reference Documents
a) General
Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, Part 2
Government of Canada
Uniform Electronic Commerce Act
Uniform Law Conference of Canada
An Act to establish a legal framework for information technology (2001)
Government of Quebec
Current Statutory Reform Initiatives in Canada: Electronic Commerce
Department of Justice Canada
Policy on Electronic Authorization and Authentication
Treasury Board of Canada Secretariat
Policy for Public Key Infrastructure Management in the Government of Canada
Treasury Board of Canada Secretariat
Digital Signature Certificate Policies
Public Works and Government Services Canada
Voluntary Codes: A Guide for their Development and Use (1998)
Industry Canada, Treasury Board Secretariat
b) Consumer Protection
Principles of Consumer Protection for Electronic Commerce (1999)
Industry Canada
Canadian Code of Practice for Consumer Protection in Electronic Commerce
Industry Canada
Canadian Code of Practice for Consumer Debit Card Services (1992, rev. 1996 and 2002)
Industry Canada
International - Related Initiatives and Reference Documents
Directive 1999/93/EC on a community framework for electronic signatures (1999)
The European Parliament and the Council of the European Union
OECD Guidelines for Consumer Protection in the Context of Electronic Commerce (2000)
Organization for Economic Co-operation and Development
Consumers in the Online Marketplace: The OECD Guidelines Three Years Later (2003)
Organization for Economic Co-operation and Development
International Consensus Principles for Electronic Authentication
(1999) Internet Law and Policy Forum
Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (1999)
The Internet Engineering Task Force
Electronic Authentication: Issues Relating to its Selection and Use (2002)
Asia-Pacific Economic Co-operation
UNCITRAL Model Law on Electronic Signatures with Guide to Enactment (2001)
United Nations Commission on International Trade Law
Digital Signature Guidelines
(1996)
American Bar Association
Principles
Principle 1: Responsibilities of Parties
Standards for a Global Digital Marketplace: A Canadian Standards Framework for Electronic Commerce (1998)
Principle 2: Risk Management
BITS Framework for Managing Technology Risk for Information Technology (IT) Service Provider Relationships (2001)
BITS Financial Services Roundtable
Electronic Commerce: Who Carries the Risk of Fraud (2000)
Foundation for Information Policy Research, U.K.
Principle 3: Security
OECD Guidelines for the Security of Information Systems and Networks (2002)
Organisation for Economic Co-operation and Development
Information Technology Security
Treasury Board of Canada Secretariat
Information Technology Security Standard
Treasury Board of Canada Secretariat
Government of Canada Public Key Infrastructure
Treasury Board of Canada Secretariat
AICPA/CICA Trust Services Principles and Criteria (2003)
American Institute of Certified Public Accountants (AICPA)/Canadian Institute of Chartered Accountants (CICA)
PKI Assessment Guidelines (2001) [PDF]
American Bar Association
International Organization for Standardization (ISO)
All publications are listed in the ISO Catalogue:
ISO/IECTR 14516: 2002 - Guidelines for the use and management of Trusted Third Party services
ISO/IEC21827: 2002 - Systems Security Engineering: Capability Maturity Model (SSE-CMM®)
ISO/IEC15408: 1999 - Evaluation criteria for IT security - Part 1: Introduction and general model.
ISO/IEC17799: 2000 - Code of practice for information security management.
European Electronic Signatures Standards Initiative
ICT Standards Board
Principle 4: Privacy
Personal Information Protection and Electronic Documents Act, S.C. 2000, c.5, Part 1(2000)
Government of Canada
Who Goes There? Authentication Through the Lens of Privacy (2003)
Computer Science and Telecommunications Board, U.S.
Webtrust Program for Online Privacy ( 2000)
American Institute of Certified Public Accountants (AICPA)/Canadian Institute of Chartered Accountants (CICA)
Privacy and Public Key Infrastructure: Guidelines for Agencies using PKI to communicate or transact with individuals (2001)
Office of the Federal Privacy Commissioner, Australia
Principle 5: Disclosure Requirements
Principles of Consumer Protection for Electronic Commerce (1999)
Industry Canada
Canadian Code of Practice for Consumer Protection in Electronic Commerce (2003)
Industry Canada
Principle 6: Complaints Handling
ISO Committee Draft, ISO/CD 10018: Complaints Handling
International Organization for Standardization
AS/NZS4269 Complaints Handling (1995)
Standards Australia