Mobile Driver's License Criteria: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
Line 31: Line 31:
* Supply Chain for components of the mDL has not been a part of existing criteria, but needs to be included based on the Solar Winds attack of government and commercial access.
* Supply Chain for components of the mDL has not been a part of existing criteria, but needs to be included based on the Solar Winds attack of government and commercial access.


==Solutions==
==Comments==
* [https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/driving-licence/digital-driver-license NIST pilot run by Thales] This page has a list (20201-10) of states that have mDL tests in progress.
* [https://www.aamva.org/Mobile-Drivers-License/  AAMVA page dedicated to Mobile Driver's License (mDL)]


==References==
==References==

Revision as of 19:43, 19 April 2021

Full Title or Meme

The Mobile Driver's License Criteria for a high level of Identity and Authentication Assurance.

Context

Actors

  1. Holder - the subject of the Mobile Driver's License
  2. Reader - a device that can read and verify the mDL, which is presumably hosted in a native smart phone app
  3. Issuing Authority - typically a state motor vehicle agency.
  4. Trust Authority - some sort of wide ranging list of valid participators - not well defined at this point.
  • Caution on terms. mDL and mDL app get conflated in the specs. The full mDL is seldom/never released by the app to the reader/verifier.
  • Compare there terms Verifiable Credential and Presentation Exchange from the DIF folk. The VC (like the mDL or mdoc) may be in the smartphone, but only a part is "presented" to the reader.

Use Cases

Problems

  • REAL ID has yet to approve a single state's Mobile Driver's License (mDL) for Federal access.
  • Supply Chain for components of the mDL has not been a part of existing criteria, but needs to be included based on the Solar Winds attack of government and commercial access.

Comments

References