Re: W3C Credentials CG Call Tues: mobile DL deck

David Chadwick wrote:

> At the same time I advised the W3C VC WG about mDL and suggested that we
could utilise their well developed protocols as we had none. But again that
request fell on deaf ears.

I suspect part of the issue here is just culture clash. All of us (most of
us?) want as much wide interop as possible, and to respect prior art.
However, for any given W3C WG member, the idea of paying $200 or whatever
it is to just LOOK at the ISO spec... that's a hard sell.

Dmitri


On Fri, Oct 8, 2021 at 12:57 PM David Chadwick <
d.w.chadwick@verifiablecredentials.info> wrote:

> I have participated in the ISO mDL meetings since 2019. This was rather
> late in the day as the DIS was out for ballot. My UK BSI ballot comments
> were that mDL should support the W3C VC Data Model (and myself and Oliver
> subsequently provided a draft Annex to show how), but this was rejected by
> the ISO committee. However, it did bring VCs to their awareness, and we got
> a half hearted committent to add VCs to v2 of the standard when it is
> eventually published, and this committent has strengthened over the last 2
> years so that now this will become a reality. At the same time I advised
> the W3C VC WG about mDL and suggested that we could utilise their well
> developed protocols as we had none. But again that request fell on deaf
> ears. It seemed to me at the time that working together, then both
> standards could be stronger than working apart. Fortunately I believe that
> considerably more people now share this viewpoint, but I am not sure that
> it is yet the majority. Lets hope it soon will be, since the VC use cases
> has always had a driving license as one of its examples.
>
> Kind regards
> David
>
> "If one standard is good, then surely more standards must be better" :-(
>
> On 08/10/2021 16:31, Andrew Hughes wrote:
>
> All:
> Sorry to have missed that ccg call! However, I've seen (and lived) Arjan's
> deck many times over the last year...
>
> I am an active contributor at ISO in the two WG working on 18013-5 (and
> additional specs related to mDL) and 23220 (for mobile eID credentials).
> You can take whatever reassurance you wish from that statement ;-)
>
> I'm concerned about the various statements I've seen about motives - for
> sure there are paths that go down the 'closed' road - but there are a
> significant number of us committed to the 'open' path as well. Please don't
> write off our efforts too soon and think of this relationship as
> adversarial (that last is not directed at any individual person).
>
> Many of the core writers at the ISO WG are grounded in PKI - so the key
> rotation and revocation mechanisms are thorny if we wish the issuer to be
> blind to revocation checks. Maybe there's an opportunity to explore
> distributed revocation registries as a mechanism for mDL?
> 23220-3 (Building blocks for Issuance) is in an advanced draft stage now,
> and is getting stable enough to move to the next development phase (in an
> ISO time-scale, of course).
> Please remember that 18013-5 was initiated in 2015 (well before I joined)
> - and over the first several years the WG had to decide on what to work on
> and what to set aside for later. Eventually, the Issuing Authorities were
> able to confirm the "offline, attended" use case as the first priority -
> because 18013-5 was/is intended to augment/replace plastic DLs as a tactic
> to gain broader acceptance. It was the right decision for the moment - new
> approaches and techniques appeared later on.
>
> My personal goal with each of my three feet in different worlds is to find
> that path to coexistence and interoperability.
> To that end (I might regret this!) I'm willing to host an IIW session to
> hear about "we would have designed/approached Driving Licenses on Mobile
> Devices this way instead" - as long as it does not devolve into a
> complaining session, I think we could glean some good input for the ISO WGs.
> ————————
> *Andrew Hughes *CISM CISSP
> Identity Standards @ Ping Identity
> m +1 250.888.9474
> AndrewHughes3000@gmail.com
>
>
>
> On Thu, Oct 7, 2021 at 10:06 AM John, Anil <anil.john@hq.dhs.gov> wrote:
>
>> Thank you to Heather, Mike and Wayne (W3C Co-Chairs) for arranging this
>> briefing.
>>
>> Thank you to the UL folks for their briefing and their willingness to
>> answer  the questions from the audience.
>>
>>
>>
>> This was a very helpful, informative and educational session.
>>
>>
>>
>> Without getting sidetracked into Standards Politics/Drama, I came away
>> from this session with two specific points as it relates to
>> Interoperability.
>>
>>
>>
>>    - The interface between the Issuing Authority (“Issuer”) and the
>>    Mobile Device (“Holder”) is deliberately out of scope of the ISO/IEC
>>    18913-5 Standard. The impact of this choice is that it provides technology
>>    vendors the ability to lock in DMVs into their proprietary provisioning API
>>    while implementing this standard. I can foresee a messaging that will
>>    revolve around their future support of a future provisioning standard
>>    (ISO/IEC TS 23220-3), which will rapidly fall by the wayside of operational
>>    realties and budgets  i.e. If a DMV in the future asks them to support that
>>    as-yet-undefined-API/Standard, the vendor will almost certainly ask them
>>    for additional funding to implement that – with the DMV being loath to do
>>    so given that they already have an provisioning API (albeit proprietary) in
>>    place – the classic definition of vendor lock-in.
>>    - The ISO standard also deliberately puts out of scope any
>>    standardized way to check the revocation / credential status of the mDL.
>>    Which means is that each vendor is implementing a proprietary mechanism for
>>    doing so that further locks in a DMV to a particular vendor.
>>
>>
>>
>> At the same time, I saw some potential glimmers of a shared path towards
>> interoperabilty:
>>
>>    - The VC API work that is an approach to a standardized API between
>>    an Issuing Authority and a Mobile and between the Mobile Device and the
>>    Verifier.
>>    - If you combine the VC API with the “Model 2 Considerations” which
>>    speaks to a shared wallet (I have no idea what a “ISO Compliant App” is –
>>    so am not using that terminology) that can store both an mDL and a VC, with
>>    the VC also able to “Share QR and/or NFC functions” and “Share user
>>    interface, secured data storage”, that feels like a narrow path towards a
>>    possible interoperable future…
>>
>>
>>
>>
>>
>> What did I get wrong above?
>>
>> What did others in the community take away from the presentation?
>>
>>
>>
>> Best Regards,
>>
>>
>>
>> Anil
>>
>>
>>
>> Anil John
>>
>> Technical Director, Silicon Valley Innovation Program
>>
>> Science and Technology Directorate
>>
>> US Department of Homeland Security
>>
>> Washington, DC, USA
>>
>>
>>
>> Email Response Time – 24 Hours
>>
>>
>>
>> [image: https://www.dhs.gov/science-and-technology/svip]
>>
>>
>>
>>
>>
>> *From:* steve.e.magennis@gmail.com <steve.e.magennis@gmail.com>
>> *Sent:* Wednesday, October 6, 2021 10:42 AM
>> *To:* 'W3C Credentials CG' <public-credentials@w3.org>
>> *Subject:* W3C Credentials CG Call Tues: mobile DL deck
>>
>>
>>
>> *CAUTION: *This email originated from outside of DHS. DO NOT click links
>> or open attachments unless you recognize and/or trust the sender. Contact
>> your component SOC with questions or concerns.
>>
>>
>>
>> Thanks to everyone for the engaging call yesterday, attached is the deck
>> Arjan presented. mDL is gaining momentum in the states and while it may
>> take a while to get utility scale coverage for its’ 230M people, it does
>> hold the promise of a being a privacy preserving, portable, cryptographic
>> identity credential that leverages an established and proven identity
>> proofing ecosystem. With aspirations of expanding beyond the core ‘right to
>> drive’ use cases and identity-specific credential issuance I believe ISO’s
>> work could benefit greatly from the advances we are developing that
>> addresses the myriad issues associated with broader use cases and adoption.
>>
>>
>>
>> -Steve
>>
>>
>>
>> *From:* Mike Prorock <mprorock@mesur.io>
>> *Sent:* October 3, 2021 4:15 PM
>> *To:* W3C Credentials CG <public-credentials@w3.org>
>> *Subject:* [Agenda] W3C Credentials CG Call Tues, Oct 5, 9am PT, 12pm
>> ET, 5pm GMT, 6pm CET / 6AM+1 NZDT
>>
>>
>>
>> TL;DR: An overview of mDL
>>
>> NEXT MEETING:
>> A few folks from UL have graciously agreed to get the CCG an overview of
>> mDL
>>
>> Topics Covered and open for discussion:
>>
>> * the scope of the current ISO standard
>> * the context for some of the key choices made by the working groups
>> * the components comprising, and the anticipated challenges of
>> developing, an ecosystem based on the standard
>> * comments and discussion around potential alignment and/or compatibility
>> with the VC Data Model
>>
>>
>> Tuesday, October 5, 2021
>> Time: Tuesdays, at 9am PT, Noon ET, 5pm GMT, 6pm CET / 6AM+1 NZDT
>> (see:
>> https://www.timeanddate.com/worldclock/converter.html?iso=20211005T160000&p1=tz_pt&p2=tz_et&p3=tz_cest
>> <https://urldefense.us/v3/__https:/www.timeanddate.com/worldclock/converter.html?iso=20211005T160000&p1=tz_pt&p2=tz_et&p3=tz_cest__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V2jphUeX$>
>> )
>>
>>
>>
>> If you need this added to your calendar, you may access the CCG Calendar
>> here (which contains times, meeting links, etc):
>>
>>
>> https://calendar.google.com/calendar/u/0/embed?src=6a4bq17no84ssnadccm0j2133g@group.calendar.google.com
>> <https://urldefense.us/v3/__https:/calendar.google.com/calendar/u/0/embed?src=6a4bq17no84ssnadccm0j2133g@group.calendar.google.com__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V4BoK3Le$>
>> and in .ics format at the following link:
>>
>>
>> https://calendar.google.com/calendar/ical/6a4bq17no84ssnadccm0j2133g%40group.calendar.google.com/public/basic.ics
>> <https://urldefense.us/v3/__https:/calendar.google.com/calendar/ical/6a4bq17no84ssnadccm0j2133g*40group.calendar.google.com/public/basic.ics__;JQ!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V29iOO1K$>
>>
>>
>> Text Chat:
>>       http://irc.w3.org/?channels=ccg
>> <https://urldefense.us/v3/__http:/irc.w3.org/?channels=ccg__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2VzJCiJzk$>
>>       irc://irc.w3.org:6665/#ccg
>> <https://urldefense.us/v3/__http:/irc.w3.org:6665/*ccg__;Iw!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V9DCgMBJ$>
>>
>> Jitsi Teleconf:
>>       https://meet.w3c-ccg.org/weekly
>> <https://urldefense.us/v3/__https:/meet.w3c-ccg.org/weekly__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V_XNgFDS$>
>>
>> Voice:
>>      US phone: tel:+1.602.932.2243;1 <+1.602.932.2243;1>
>>
>> We are working on SIP dial-in and international phone numbers.
>>
>> Duration: 60 minutes
>>
>> MINUTES FROM LAST MEETING:
>> https://w3c-ccg.github.io/meetings/
>> <https://urldefense.us/v3/__https:/w3c-ccg.github.io/meetings/__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2VyI6PTHy$>
>>
>> MEETING MODERATOR: Michael Prorock <mprorock@mesur.io>
>> PROPOSED AGENDA:
>> 1. Agenda Review (2 minutes)
>> 2. IP Note: (1 minute)
>> Anyone can participate in these calls. However, all substantive
>> contributors to any CCG Work Items must be members of the CCG with full IPR
>> agreements signed. https://www.w3.org/community/credentials/join
>> <https://urldefense.us/v3/__https:/www.w3.org/community/credentials/join__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V7_bWUv2$>
>>     a. Ensure you have a W3 account: https://www.w3.org/accounts/request
>> <https://urldefense.us/v3/__https:/www.w3.org/accounts/request__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V03W4sjP$>
>>     b. W3C COMMUNITY CONTRIBUTOR LICENSE AGREEMENT (CLA):
>> https://www.w3.org/community/about/agreements/cla/
>> <https://urldefense.us/v3/__https:/www.w3.org/community/about/agreements/cla/__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V12mej_i$>
>> 3. Call Notes (1 minute)
>>     a. These minutes and an audio recording of everything said on this
>> call are archived at https://w3c-ccg.github.io/meetings/
>> <https://urldefense.us/v3/__https:/w3c-ccg.github.io/meetings/__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2VyI6PTHy$>
>>     b. We use IRC to queue speakers during the call as well as to take
>> minutes. http://irc.w3.org/?channels=ccg
>> <https://urldefense.us/v3/__http:/irc.w3.org/?channels=ccg__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2VzJCiJzk$>
>>  or http://irc.w3.org:6665/#ccg
>> <https://urldefense.us/v3/__http:/irc.w3.org:6665/*ccg__;Iw!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V9DCgMBJ$> or
>> the Jitsi text chat.
>>     c. All attendees should type “present+” to get your name on the
>> attendee list in the transcript.
>>     d. In IRC type “q+” to add yourself to the queue, with an optional
>> reminder, e.g., “q+ to mention something”. The “to” is required.
>>     e. If you’re not on IRC, simply ask to be put on the queue.
>>     f. Please be brief so the rest of the queue get a chance to chime in.
>> You can always q+ again.
>>     g. NOTE: This meeting is held by voice, not by IRC. Off-topic IRC
>> comments are subject to deletion from the record. We work hard to manage a
>> single thread of conversation so everyone can participate and be heard.
>> Please respect the group process by joining the queue when you have
>> something to contribute.
>> 4. Scribe Selection (2 minutes)
>> We need a volunteer to scribe. Scribe List:
>> https://docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit?usp=sharing
>> <https://urldefense.us/v3/__https:/docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit?usp=sharing__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V3vFN6b8$>
>> 5. Introductions & Reintroductions (5 minutes --> :11) (see scribe doc
>> for reintroduce column)
>> 6. Announcements & Reminders (2 minutes)
>> https://w3c-ccg.github.io/announcements/
>> <https://urldefense.us/v3/__https:/w3c-ccg.github.io/announcements/__;!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V24w4DqM$>
>> 7. Progress on Action Items (5 minutes --> :18)
>>
>> https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22
>> <https://urldefense.us/v3/__https:/github.com/w3c-ccg/community/issues?q=is*3Aopen*is*3Aissue*label*3A*22action*3A*review*next*22__;JSslKyUlJSsrJQ!!BClRuOV5cvtbuNI!WXXjyHTVfEsFVYF0LcaoQWaoMErTHPdAPAGIyT1k7p-OWtW_QCCbLWl8C1l2V_QdyIzr$>
>> 8. mDL Presentation
>> 9. Community discussion and feedback
>>
>>
>>
>
>

Received on Friday, 8 October 2021 17:47:07 UTC