RE: W3C Credentials CG Call Tues: mobile DL deck

David, that’s excellent and I think the time is definitely now. We are moving forward with a new ISO effort led by ANSI/INCITS that will prospectively include SC27 and SC17 (home of ISO 18013 for those who don’t know). Would love to include you/BSi in the conversation.

Best regards,
Jim
_______________
[cid:image001.png@01D7BC3C.98424AE0]
Jim St.Clair
Chief Trust Officer
jim.stclair@lumedic.io<mailto:jim.stclair@lumedic.io> | 228-273-4893
Let’s meet to discuss patient identity exchange: https://calendly.com/jim-stclair-1


From: David Chadwick <d.w.chadwick@verifiablecredentials.info>
Sent: Friday, October 8, 2021 11:55 AM
To: public-credentials@w3.org
Subject: Re: W3C Credentials CG Call Tues: mobile DL deck

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

I have participated in the ISO mDL meetings since 2019. This was rather late in the day as the DIS was out for ballot. My UK BSI ballot comments were that mDL should support the W3C VC Data Model (and myself and Oliver subsequently provided a draft Annex to show how), but this was rejected by the ISO committee. However, it did bring VCs to their awareness, and we got a half hearted committent to add VCs to v2 of the standard when it is eventually published, and this committent has strengthened over the last 2 years so that now this will become a reality. At the same time I advised the W3C VC WG about mDL and suggested that we could utilise their well developed protocols as we had none. But again that request fell on deaf ears. It seemed to me at the time that working together, then both standards could be stronger than working apart. Fortunately I believe that considerably more people now share this viewpoint, but I am not sure that it is yet the majority. Lets hope it soon will be, since the VC use cases has always had a driving license as one of its examples.

Kind regards
David

"If one standard is good, then surely more standards must be better" :-(

On 08/10/2021 16:31, Andrew Hughes wrote:
All:
Sorry to have missed that ccg call! However, I've seen (and lived) Arjan's deck many times over the last year...

I am an active contributor at ISO in the two WG working on 18013-5 (and additional specs related to mDL) and 23220 (for mobile eID credentials). You can take whatever reassurance you wish from that statement ;-)

I'm concerned about the various statements I've seen about motives - for sure there are paths that go down the 'closed' road - but there are a significant number of us committed to the 'open' path as well. Please don't write off our efforts too soon and think of this relationship as adversarial (that last is not directed at any individual person).

Many of the core writers at the ISO WG are grounded in PKI - so the key rotation and revocation mechanisms are thorny if we wish the issuer to be blind to revocation checks. Maybe there's an opportunity to explore distributed revocation registries as a mechanism for mDL?
23220-3 (Building blocks for Issuance) is in an advanced draft stage now, and is getting stable enough to move to the next development phase (in an ISO time-scale, of course).
Please remember that 18013-5 was initiated in 2015 (well before I joined) - and over the first several years the WG had to decide on what to work on and what to set aside for later. Eventually, the Issuing Authorities were able to confirm the "offline, attended" use case as the first priority - because 18013-5 was/is intended to augment/replace plastic DLs as a tactic to gain broader acceptance. It was the right decision for the moment - new approaches and techniques appeared later on.

My personal goal with each of my three feet in different worlds is to find that path to coexistence and interoperability.
To that end (I might regret this!) I'm willing to host an IIW session to hear about "we would have designed/approached Driving Licenses on Mobile Devices this way instead" - as long as it does not devolve into a complaining session, I think we could glean some good input for the ISO WGs.
————————
Andrew Hughes CISM CISSP
Identity Standards @ Ping Identity
m +1 250.888.9474
AndrewHughes3000@gmail.com<mailto:AndrewHughes3000@gmail.com>


On Thu, Oct 7, 2021 at 10:06 AM John, Anil <anil.john@hq.dhs.gov<mailto:anil.john@hq.dhs.gov>> wrote:
Thank you to Heather, Mike and Wayne (W3C Co-Chairs) for arranging this briefing.
Thank you to the UL folks for their briefing and their willingness to answer  the questions from the audience.

This was a very helpful, informative and educational session.

Without getting sidetracked into Standards Politics/Drama, I came away from this session with two specific points as it relates to Interoperability.


  *   The interface between the Issuing Authority (“Issuer”) and the Mobile Device (“Holder”) is deliberately out of scope of the ISO/IEC 18913-5 Standard. The impact of this choice is that it provides technology vendors the ability to lock in DMVs into their proprietary provisioning API while implementing this standard. I can foresee a messaging that will revolve around their future support of a future provisioning standard (ISO/IEC TS 23220-3), which will rapidly fall by the wayside of operational realties and budgets  i.e. If a DMV in the future asks them to support that as-yet-undefined-API/Standard, the vendor will almost certainly ask them for additional funding to implement that – with the DMV being loath to do so given that they already have an provisioning API (albeit proprietary) in place – the classic definition of vendor lock-in.
  *   The ISO standard also deliberately puts out of scope any standardized way to check the revocation / credential status of the mDL. Which means is that each vendor is implementing a proprietary mechanism for doing so that further locks in a DMV to a particular vendor.

At the same time, I saw some potential glimmers of a shared path towards interoperabilty:

  *   The VC API work that is an approach to a standardized API between an Issuing Authority and a Mobile and between the Mobile Device and the Verifier.
  *   If you combine the VC API with the “Model 2 Considerations” which speaks to a shared wallet (I have no idea what a “ISO Compliant App” is – so am not using that terminology) that can store both an mDL and a VC, with the VC also able to “Share QR and/or NFC functions” and “Share user interface, secured data storage”, that feels like a narrow path towards a possible interoperable future…


What did I get wrong above?
What did others in the community take away from the presentation?

Best Regards,

Anil

Anil John
Technical Director, Silicon Valley Innovation Program
Science and Technology Directorate
US Department of Homeland Security
Washington, DC, USA

Email Response Time – 24 Hours

[https://www.dhs.gov/science-and-technology/svip]


From: steve.e.magennis@gmail.com<mailto:steve.e.magennis@gmail.com> <steve.e.magennis@gmail.com<mailto:steve.e.magennis@gmail.com>>
Sent: Wednesday, October 6, 2021 10:42 AM
To: 'W3C Credentials CG' <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: W3C Credentials CG Call Tues: mobile DL deck

CAUTION: This email originated from outside of DHS. DO NOT click links or open attachments unless you recognize and/or trust the sender. Contact your component SOC with questions or concerns.

Thanks to everyone for the engaging call yesterday, attached is the deck Arjan presented. mDL is gaining momentum in the states and while it may take a while to get utility scale coverage for its’ 230M people, it does hold the promise of a being a privacy preserving, portable, cryptographic identity credential that leverages an established and proven identity proofing ecosystem. With aspirations of expanding beyond the core ‘right to drive’ use cases and identity-specific credential issuance I believe ISO’s work could benefit greatly from the advances we are developing that addresses the myriad issues associated with broader use cases and adoption.

-Steve

From: Mike Prorock <mprorock@mesur.io<mailto:mprorock@mesur.io>>
Sent: October 3, 2021 4:15 PM
To: W3C Credentials CG <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: [Agenda] W3C Credentials CG Call Tues, Oct 5, 9am PT, 12pm ET, 5pm GMT, 6pm CET / 6AM+1 NZDT

TL;DR: An overview of mDL

NEXT MEETING:
A few folks from UL have graciously agreed to get the CCG an overview of mDL
Topics Covered and open for discussion:
* the scope of the current ISO standard
* the context for some of the key choices made by the working groups
* the components comprising, and the anticipated challenges of developing, an ecosystem based on the standard
* comments and discussion around potential alignment and/or compatibility with the VC Data Model

Tuesday, October 5, 2021
Time: Tuesdays, at 9am PT, Noon ET, 5pm GMT, 6pm CET / 6AM+1 NZDT
(see: https://www.timeanddate.com/worldclock/converter.html?iso=20211005T160000&p1=tz_pt&p2=tz_et&p3=tz_cest<https://urldefense.us/v3/__https:/www.timeanddate.com/worldclock/converter.html?iso=20211005T160000&p1=tz_pt&p2=tz_et&p3=tz_cest__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V2jphUeX$>)

If you need this added to your calendar, you may access the CCG Calendar here (which contains times, meeting links, etc):
https://calendar.google.com/calendar/u/0/embed?src=6a4bq17no84ssnadccm0j2133g@group.calendar.google.com<https://urldefense.us/v3/__https:/calendar.google.com/calendar/u/0/embed?src=6a4bq17no84ssnadccm0j2133g@group.calendar.google.com__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V4BoK3Le$>
and in .ics format at the following link:
https://calendar.google.com/calendar/ical/6a4bq17no84ssnadccm0j2133g%40group.calendar.google.com/public/basic.ics<https://urldefense.us/v3/__https:/calendar.google.com/calendar/ical/6a4bq17no84ssnadccm0j2133g*40group.calendar.google.com/public/basic.ics__;JQ!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V29iOO1K$>

Text Chat:
      http://irc.w3.org/?channels=ccg<https://urldefense.us/v3/__http:/irc.w3.org/?channels=ccg__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2VzJCiJzk$>
      irc://irc.w3.org:6665/#ccg<https://urldefense.us/v3/__http:/irc.w3.org:6665/*ccg__;Iw!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V9DCgMBJ$>

Jitsi Teleconf:
      https://meet.w3c-ccg.org/weekly<https://urldefense.us/v3/__https:/meet.w3c-ccg.org/weekly__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V_XNgFDS$>

Voice:
     US phone: tel:+1.602.932.2243;1


We are working on SIP dial-in and international phone numbers.

Duration: 60 minutes

MINUTES FROM LAST MEETING:
https://w3c-ccg.github.io/meetings/<https://urldefense.us/v3/__https:/w3c-ccg.github.io/meetings/__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2VyI6PTHy$>

MEETING MODERATOR: Michael Prorock <mprorock@mesur.io<mailto:mprorock@mesur.io>>
PROPOSED AGENDA:
1. Agenda Review (2 minutes)
2. IP Note: (1 minute)
Anyone can participate in these calls. However, all substantive contributors to any CCG Work Items must be members of the CCG with full IPR agreements signed. https://www.w3.org/community/credentials/join<https://urldefense.us/v3/__https:/www.w3.org/community/credentials/join__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V7_bWUv2$>
    a. Ensure you have a W3 account: https://www.w3.org/accounts/request<https://urldefense.us/v3/__https:/www.w3.org/accounts/request__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V03W4sjP$>
    b. W3C COMMUNITY CONTRIBUTOR LICENSE AGREEMENT (CLA): https://www.w3.org/community/about/agreements/cla/<https://urldefense.us/v3/__https:/www.w3.org/community/about/agreements/cla/__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V12mej_i$>
3. Call Notes (1 minute)
    a. These minutes and an audio recording of everything said on this call are archived at https://w3c-ccg.github.io/meetings/<https://urldefense.us/v3/__https:/w3c-ccg.github.io/meetings/__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2VyI6PTHy$>
    b. We use IRC to queue speakers during the call as well as to take minutes. http://irc.w3.org/?channels=ccg<https://urldefense.us/v3/__http:/irc.w3.org/?channels=ccg__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2VzJCiJzk$> or http://irc.w3.org:6665/#ccg<https://urldefense.us/v3/__http:/irc.w3.org:6665/*ccg__;Iw!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V9DCgMBJ$> or the Jitsi text chat.
    c. All attendees should type “present+” to get your name on the attendee list in the transcript.
    d. In IRC type “q+” to add yourself to the queue, with an optional reminder, e.g., “q+ to mention something”. The “to” is required.
    e. If you’re not on IRC, simply ask to be put on the queue.
    f. Please be brief so the rest of the queue get a chance to chime in. You can always q+ again.
    g. NOTE: This meeting is held by voice, not by IRC. Off-topic IRC comments are subject to deletion from the record. We work hard to manage a single thread of conversation so everyone can participate and be heard. Please respect the group process by joining the queue when you have something to contribute.
4. Scribe Selection (2 minutes)
We need a volunteer to scribe. Scribe List: https://docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit?usp=sharing<https://urldefense.us/v3/__https:/docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit?usp=sharing__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V3vFN6b8$>
5. Introductions & Reintroductions (5 minutes --> :11) (see scribe doc for reintroduce column)
6. Announcements & Reminders (2 minutes)
https://w3c-ccg.github.io/announcements/<https://urldefense.us/v3/__https:/w3c-ccg.github.io/announcements/__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V24w4DqM$>
7. Progress on Action Items (5 minutes --> :18)
https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22<https://urldefense.us/v3/__https:/github.com/w3c-ccg/community/issues?q=is*3Aopen*is*3Aissue*label*3A*22action*3A*review*next*22__;JSslKyUlJSsrJQ!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V_QdyIzr$>
8. mDL Presentation
9. Community discussion and feedback