Mobile Driver's License Criteria: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
Line 28: Line 28:


==Problems==
==Problems==
* REAL ID has yet to approve a single state's [[Mobile Driver's License]] for Federal access.
* REAL ID has yet to approve a single state's [[Mobile Driver's License]] (mDL) for Federal access.
* Supply Chain for components of the mDL has not been a part of existing criteria, but needs to be included based on the Solar Winds attack of government and commercial access.


==Solutions==
==Solutions==

Revision as of 19:29, 19 April 2021

Full Title or Meme

The Mobile Driver's License Criteria for a high level of Identity and Authentication Assurance.

Context

Actors

  1. Holder - the subject of the Mobile Driver's License
  2. Reader - a device that can read and verify the mDL, which is presumably hosted in a native smart phone app
  3. Issuing Authority - typically a state motor vehicle agency.
  4. Trust Authority - some sort of wide ranging list of valid participators - not well defined at this point.
  • Caution on terms. mDL and mDL app get conflated in the specs. The full mDL is seldom/never released by the app to the reader/verifier.
  • Compare there terms Verifiable Credential and Presentation Exchange from the DIF folk. The VC (like the mDL or mdoc) may be in the smartphone, but only a part is "presented" to the reader.

Use Cases

Problems

  • REAL ID has yet to approve a single state's Mobile Driver's License (mDL) for Federal access.
  • Supply Chain for components of the mDL has not been a part of existing criteria, but needs to be included based on the Solar Winds attack of government and commercial access.

Solutions

References