W3C home > Mailing lists > Public > public-credentials@w3.org > October 2021

Re: W3C Credentials CG Call Tues: mobile DL deck

From: Andrew Hughes <andrewhughes3000@gmail.com>
Date: Fri, 8 Oct 2021 08:31:42 -0700
Message-ID: <CAGJp9UbzU06S_0HDSmT4pahBxF8OovvCmbt6ZVRBZY8YQr-G1g@mail.gmail.com>
To: "John, Anil" <anil.john@hq.dhs.gov>
Cc: W3C Credentials CG <public-credentials@w3.org>
All:
Sorry to have missed that ccg call! However, I've seen (and lived) Arjan's
deck many times over the last year...

I am an active contributor at ISO in the two WG working on 18013-5 (and
additional specs related to mDL) and 23220 (for mobile eID credentials).
You can take whatever reassurance you wish from that statement ;-)

I'm concerned about the various statements I've seen about motives - for
sure there are paths that go down the 'closed' road - but there are a
significant number of us committed to the 'open' path as well. Please don't
write off our efforts too soon and think of this relationship as
adversarial (that last is not directed at any individual person).

Many of the core writers at the ISO WG are grounded in PKI - so the key
rotation and revocation mechanisms are thorny if we wish the issuer to be
blind to revocation checks. Maybe there's an opportunity to explore
distributed revocation registries as a mechanism for mDL?
23220-3 (Building blocks for Issuance) is in an advanced draft stage now,
and is getting stable enough to move to the next development phase (in an
ISO time-scale, of course).
Please remember that 18013-5 was initiated in 2015 (well before I joined) -
and over the first several years the WG had to decide on what to work on
and what to set aside for later. Eventually, the Issuing Authorities were
able to confirm the "offline, attended" use case as the first priority -
because 18013-5 was/is intended to augment/replace plastic DLs as a tactic
to gain broader acceptance. It was the right decision for the moment - new
approaches and techniques appeared later on.

My personal goal with each of my three feet in different worlds is to find
that path to coexistence and interoperability.
To that end (I might regret this!) I'm willing to host an IIW session to
hear about "we would have designed/approached Driving Licenses on Mobile
Devices this way instead" - as long as it does not devolve into a
complaining session, I think we could glean some good input for the ISO WGs.
————————
*Andrew Hughes *CISM CISSP
Identity Standards @ Ping Identity
m +1 250.888.9474
AndrewHughes3000@gmail.com



On Thu, Oct 7, 2021 at 10:06 AM John, Anil <anil.john@hq.dhs.gov> wrote:

> Thank you to Heather, Mike and Wayne (W3C Co-Chairs) for arranging this
> briefing.
>
> Thank you to the UL folks for their briefing and their willingness to
> answer  the questions from the audience.
>
>
>
> This was a very helpful, informative and educational session.
>
>
>
> Without getting sidetracked into Standards Politics/Drama, I came away
> from this session with two specific points as it relates to
> Interoperability.
>
>
>
>    - The interface between the Issuing Authority (“Issuer”) and the
>    Mobile Device (“Holder”) is deliberately out of scope of the ISO/IEC
>    18913-5 Standard. The impact of this choice is that it provides technology
>    vendors the ability to lock in DMVs into their proprietary provisioning API
>    while implementing this standard. I can foresee a messaging that will
>    revolve around their future support of a future provisioning standard
>    (ISO/IEC TS 23220-3), which will rapidly fall by the wayside of operational
>    realties and budgets  i.e. If a DMV in the future asks them to support that
>    as-yet-undefined-API/Standard, the vendor will almost certainly ask them
>    for additional funding to implement that – with the DMV being loath to do
>    so given that they already have an provisioning API (albeit proprietary) in
>    place – the classic definition of vendor lock-in.
>    - The ISO standard also deliberately puts out of scope any
>    standardized way to check the revocation / credential status of the mDL.
>    Which means is that each vendor is implementing a proprietary mechanism for
>    doing so that further locks in a DMV to a particular vendor.
>
>
>
> At the same time, I saw some potential glimmers of a shared path towards
> interoperabilty:
>
>    - The VC API work that is an approach to a standardized API between an
>    Issuing Authority and a Mobile and between the Mobile Device and the
>    Verifier.
>    - If you combine the VC API with the “Model 2 Considerations” which
>    speaks to a shared wallet (I have no idea what a “ISO Compliant App” is –
>    so am not using that terminology) that can store both an mDL and a VC, with
>    the VC also able to “Share QR and/or NFC functions” and “Share user
>    interface, secured data storage”, that feels like a narrow path towards a
>    possible interoperable future…
>
>
>
>
>
> What did I get wrong above?
>
> What did others in the community take away from the presentation?
>
>
>
> Best Regards,
>
>
>
> Anil
>
>
>
> Anil John
>
> Technical Director, Silicon Valley Innovation Program
>
> Science and Technology Directorate
>
> US Department of Homeland Security
>
> Washington, DC, USA
>
>
>
> Email Response Time – 24 Hours
>
>
>
> [image: https://www.dhs.gov/science-and-technology/svip]
>
>
>
>
>
> *From:* steve.e.magennis@gmail.com <steve.e.magennis@gmail.com>
> *Sent:* Wednesday, October 6, 2021 10:42 AM
> *To:* 'W3C Credentials CG' <public-credentials@w3.org>
> *Subject:* W3C Credentials CG Call Tues: mobile DL deck
>
>
>
> *CAUTION: *This email originated from outside of DHS. DO NOT click links
> or open attachments unless you recognize and/or trust the sender. Contact
> your component SOC with questions or concerns.
>
>
>
> Thanks to everyone for the engaging call yesterday, attached is the deck
> Arjan presented. mDL is gaining momentum in the states and while it may
> take a while to get utility scale coverage for its’ 230M people, it does
> hold the promise of a being a privacy preserving, portable, cryptographic
> identity credential that leverages an established and proven identity
> proofing ecosystem. With aspirations of expanding beyond the core ‘right to
> drive’ use cases and identity-specific credential issuance I believe ISO’s
> work could benefit greatly from the advances we are developing that
> addresses the myriad issues associated with broader use cases and adoption.
>
>
>
> -Steve
>
>
>
> *From:* Mike Prorock <mprorock@mesur.io>
> *Sent:* October 3, 2021 4:15 PM
> *To:* W3C Credentials CG <public-credentials@w3.org>
> *Subject:* [Agenda] W3C Credentials CG Call Tues, Oct 5, 9am PT, 12pm ET,
> 5pm GMT, 6pm CET / 6AM+1 NZDT
>
>
>
> TL;DR: An overview of mDL
>
> NEXT MEETING:
> A few folks from UL have graciously agreed to get the CCG an overview of
> mDL
>
> Topics Covered and open for discussion:
>
> * the scope of the current ISO standard
> * the context for some of the key choices made by the working groups
> * the components comprising, and the anticipated challenges of developing,
> an ecosystem based on the standard
> * comments and discussion around potential alignment and/or compatibility
> with the VC Data Model
>
>
> Tuesday, October 5, 2021
> Time: Tuesdays, at 9am PT, Noon ET, 5pm GMT, 6pm CET / 6AM+1 NZDT
> (see:
> https://www.timeanddate.com/worldclock/converter.html?iso=20211005T160000&p1=tz_pt&p2=tz_et&p3=tz_cest
> <https://urldefense.us/v3/__https:/www.timeanddate.com/worldclock/converter.html?iso=20211005T160000&p1=tz_pt&p2=tz_et&p3=tz_cest__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V2jphUeX$>
> )
>
>
>
> If you need this added to your calendar, you may access the CCG Calendar
> here (which contains times, meeting links, etc):
>
>
> https://calendar.google.com/calendar/u/0/embed?src=6a4bq17no84ssnadccm0j2133g@group.calendar.google.com
> <https://urldefense.us/v3/__https:/calendar.google.com/calendar/u/0/embed?src=6a4bq17no84ssnadccm0j2133g@group.calendar.google.com__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V4BoK3Le$>
> and in .ics format at the following link:
>
>
> https://calendar.google.com/calendar/ical/6a4bq17no84ssnadccm0j2133g%40group.calendar.google.com/public/basic.ics
> <https://urldefense.us/v3/__https:/calendar.google.com/calendar/ical/6a4bq17no84ssnadccm0j2133g*40group.calendar.google.com/public/basic.ics__;JQ!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V29iOO1K$>
>
>
> Text Chat:
>       http://irc.w3.org/?channels=ccg
> <https://urldefense.us/v3/__http:/irc.w3.org/?channels=ccg__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2VzJCiJzk$>
>       irc://irc.w3.org:6665/#ccg
> <https://urldefense.us/v3/__http:/irc.w3.org:6665/*ccg__;Iw!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V9DCgMBJ$>
>
> Jitsi Teleconf:
>       https://meet.w3c-ccg.org/weekly
> <https://urldefense.us/v3/__https:/meet.w3c-ccg.org/weekly__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V_XNgFDS$>
>
> Voice:
>      US phone: tel:+1.602.932.2243;1 <+1.602.932.2243;1>
>
> We are working on SIP dial-in and international phone numbers.
>
> Duration: 60 minutes
>
> MINUTES FROM LAST MEETING:
> https://w3c-ccg.github.io/meetings/
> <https://urldefense.us/v3/__https:/w3c-ccg.github.io/meetings/__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2VyI6PTHy$>
>
> MEETING MODERATOR: Michael Prorock <mprorock@mesur.io>
> PROPOSED AGENDA:
> 1. Agenda Review (2 minutes)
> 2. IP Note: (1 minute)
> Anyone can participate in these calls. However, all substantive
> contributors to any CCG Work Items must be members of the CCG with full IPR
> agreements signed. https://www.w3.org/community/credentials/join
> <https://urldefense.us/v3/__https:/www.w3.org/community/credentials/join__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V7_bWUv2$>
>     a. Ensure you have a W3 account: https://www.w3.org/accounts/request
> <https://urldefense.us/v3/__https:/www.w3.org/accounts/request__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V03W4sjP$>
>     b. W3C COMMUNITY CONTRIBUTOR LICENSE AGREEMENT (CLA):
> https://www.w3.org/community/about/agreements/cla/
> <https://urldefense.us/v3/__https:/www.w3.org/community/about/agreements/cla/__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V12mej_i$>
> 3. Call Notes (1 minute)
>     a. These minutes and an audio recording of everything said on this
> call are archived at https://w3c-ccg.github.io/meetings/
> <https://urldefense.us/v3/__https:/w3c-ccg.github.io/meetings/__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2VyI6PTHy$>
>     b. We use IRC to queue speakers during the call as well as to take
> minutes. http://irc.w3.org/?channels=ccg
> <https://urldefense.us/v3/__http:/irc.w3.org/?channels=ccg__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2VzJCiJzk$>
>  or http://irc.w3.org:6665/#ccg
> <https://urldefense.us/v3/__http:/irc.w3.org:6665/*ccg__;Iw!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V9DCgMBJ$> or
> the Jitsi text chat.
>     c. All attendees should type “present+” to get your name on the
> attendee list in the transcript.
>     d. In IRC type “q+” to add yourself to the queue, with an optional
> reminder, e.g., “q+ to mention something”. The “to” is required.
>     e. If you’re not on IRC, simply ask to be put on the queue.
>     f. Please be brief so the rest of the queue get a chance to chime in.
> You can always q+ again.
>     g. NOTE: This meeting is held by voice, not by IRC. Off-topic IRC
> comments are subject to deletion from the record. We work hard to manage a
> single thread of conversation so everyone can participate and be heard.
> Please respect the group process by joining the queue when you have
> something to contribute.
> 4. Scribe Selection (2 minutes)
> We need a volunteer to scribe. Scribe List:
> https://docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit?usp=sharing
> <https://urldefense.us/v3/__https:/docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit?usp=sharing__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V3vFN6b8$>
> 5. Introductions & Reintroductions (5 minutes --> :11) (see scribe doc for
> reintroduce column)
> 6. Announcements & Reminders (2 minutes)
> https://w3c-ccg.github.io/announcements/
> <https://urldefense.us/v3/__https:/w3c-ccg.github.io/announcements/__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V24w4DqM$>
> 7. Progress on Action Items (5 minutes --> :18)
>
> https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22
> <https://urldefense.us/v3/__https:/github.com/w3c-ccg/community/issues?q=is*3Aopen*is*3Aissue*label*3A*22action*3A*review*next*22__;JSslKyUlJSsrJQ!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V_QdyIzr$>
> 8. mDL Presentation
> 9. Community discussion and feedback
>
>
>

image001.png
(image/png attachment: image001.png)

Received on Friday, 8 October 2021 15:33:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 8 October 2021 15:33:11 UTC