Mobile Driver's License Criteria: Difference between revisions
Jump to navigation
Jump to search
| Line 32: | Line 32: | ||
* [https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/driving-licence/digital-driver-license NIST pilot run by Thales] This page has a list (20201-10) of states that have mDL tests in progress. | * [https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/driving-licence/digital-driver-license NIST pilot run by Thales] This page has a list (20201-10) of states that have mDL tests in progress. | ||
* [https://www.aamva.org/Mobile-Drivers-License/ AAMVA page dedicated to Mobile Driver's License (mDL)] | * [https://www.aamva.org/Mobile-Drivers-License/ AAMVA page dedicated to Mobile Driver's License (mDL)] | ||
==References== | ==References== | ||
Revision as of 19:22, 19 April 2021
Full Title or Meme
The Mobile Driver's License Criteria for a high level of Identity and Authentication Assurance.
Context
- The issuance of ISO 18013-5 for a Mobile Driver's License an increasing level of trials towards getting driver's licenses installed on Smartphones.
- The US Office of Strategy, Policy and Planns, of the Department of Homeland Security (DHS) has issued a RFC for security standards and requirements to enable Federal agencies to accept them if compliant with the REAL ID.
- There are 49 states that accept driver's license on smartphones for some purposes.
- Report from the Privacy & Identity Protection in mobile Driving License ecosystems Discussion Group working draft.
- Google announced (2020-11-04) privacy-preserving features in Android's Mobile Driving License framework including the credential API in Android 11.
- The Kantara's discussion group on Privacy and Identity in the mobile driver' license aka PImDL focus is now on North America where individual provinces and states are responsible for issuing Identity Cards based for a wide variety of purposes beyond just the attributes present on a driver's license.
Actors
- Holder - the subject of the Mobile Driver's License
- Reader - a device that can read and verify the mDL, which is presumably hosted in a native smart phone app
- Issuing Authority - typically a state motor vehicle agency.
- Trust Authority - some sort of wide ranging list of valid participators - not well defined at this point.
- Caution on terms. mDL and mDL app get conflated in the specs. The full mDL is seldom/never released by the app to the reader/verifier.
- Compare there terms Verifiable Credential and Presentation Exchange from the DIF folk. The VC (like the mDL or mdoc) may be in the smartphone, but only a part is "presented" to the reader.
Use Cases
- TSA acceptance at transportation check-in lines.
- Building access for many Federal buildings.
- Mobile_Driver's License in Healthcare
- State Issued ID for Healthcare on this wiki lists other uses states might have for the mDL standard format.
- Currently kiosks have been deployed that accept ISO 18013 compatible Driver's License cards. The same capability is likely to be required for ISO 18013-5 Mobile Driver's Licenses.
Problems
- REAL ID has yet to approve a single state's Mobile Driver's License for Federal access.
Solutions
- NIST pilot run by Thales This page has a list (20201-10) of states that have mDL tests in progress.
- AAMVA page dedicated to Mobile Driver's License (mDL)
References
- Also see the companion document on Mobile Driver's License Criteria for a high level of assurance.
- nice description on Medium
- Pew Research mobile fact sheet
- review the mDL resources available from the Secure Technology Alliance on the mDLConnection website
- What does REAL-ID Act “enforcement” really mean? The Identity Project.
- Va Code Chapter 50. Electronic Identity Management Act
- Va § 2.2-436. Approval of electronic identity standards.
- Va § 2.2-437. Va Identity Management Standards Advisory Council.
- Identity Management Standards Advisory Council (IMSAC) with links to the parts.
- Rules for Virginia special ID cards.