Mobile Driver's License Criteria

From IDESG Wiki
Jump to navigation Jump to search

Full Title or Meme

The Mobile Driver's License Criteria for a high level of Identity and Authentication Assurance.

Context

Actors

  1. Holder - the subject of the Mobile Driver's License
  2. Reader - a device that can read and verify the mDL, which is presumably hosted in a native smart phone app
  3. Issuing Authority - typically a state motor vehicle agency.
  4. Trust Authority - some sort of wide ranging list of valid participators - not well defined at this point.
  • Caution on terms. mDL and mDL app get conflated in the specs. The full mDL is seldom/never released by the app to the reader/verifier.
  • Compare there terms Verifiable Credential and Presentation Exchange from the DIF folk. The VC (like the mDL or mdoc) may be in the smartphone, but only a part is "presented" to the reader.

Use Cases

Problems

Solutions

Privacy Considerations

Consent and Notice

The spec is unclear how exactly how the mDL in a smartphone would provide notice or consent. The following are an expectation of a user.

  1. Who wants to know - hopefully this would be a trustworthy statement of the reader's owner.
  2. What will they do with the information?
  3. What data is requested. Most interesting is the picture and ID #.

Notice in a case like this is difficult as the standard does not even require the mDL reader from reporting the name of the entity requesting the id. Assuming that it did the question is whether that would constitute notice or if some sort of consent receipt would be required.

References