- From: Andrew Hughes <andrewhughes3000@gmail.com>
- Date: Thu, 24 Mar 2022 08:51:11 -0700
- To: Oliver Terbu <o.terbu@gmail.com>
- Cc: Heather Vescent <heathervescent@gmail.com>, Credentials Community Group <public-credentials@w3.org>, Kaliya Identity Woman <kaliya@identitywoman.net>, Kim Hamilton <kimdhamilton@gmail.com>, Liam McCarty <liam@unumid.co>
- Message-ID: <CAGJp9UYVcyK2hM9m+h_8TPDdWe1TE4BT+=B35-Ls0UyNr+rPfw@mail.gmail.com>
And those of us who are contributing to 23220-3 are working to ensure that there's space for approaches that don't originate from inside the ISO community... The 23220 family contains a bunch of "building blocks" for mobile electronic ID (aka mobile credentials) full lifecycle - issuance, secure provisioning, storage, presentment, revocation, etc. 23220 (all parts) are "Technical Specifications" rather than "International Standards" which allows for more rapid development and more frequent updates/revisions than for the International Standard publication type. The concept is that profiles of 23220 will be created for different verticals, scenarios or use cases as the need arises. In several years time, ISO 18013-5 will appear to be a profile created from ISO 23220-4 (Operation) and ISO 23220-2 (Data structures) to satisfy the requirements of mobile Driving Licenses. If I remember, I'll host an information session at IIW to describe all of the ISO standards projects centered on mDL and also to talk about how/where/when the ISO working groups can/will/are incorporating space for non-ISO-originated mechanisms. ———————— *Andrew Hughes *CISM CISSP m +1 250.888.9474 AndrewHughes3000@gmail.com On Thu, Mar 24, 2022 at 1:13 AM Oliver Terbu <o.terbu@gmail.com> wrote: > Regarding provisioning, other ISO WG are working on that as well: > https://www.iso.org/standard/79125.html (ISO 23220-3). So, I don't think > re-inventing a spec makes sense. > > > On Thu, 24 Mar 2022 at 05:24, Heather Vescent <heathervescent@gmail.com> > wrote: > >> A few months ago, I wrote a balanced (IMO) piece about the situation: >> https://www.biometricupdate.com/202201/apples-promised-mobile-drivers-license-and-the-fear-of-vendor-lock-in >> >> Also +100 to Andrew's comment. >> (Andrew, shall we pick up the CCG-ISO liaison ball again?) >> And bonus points to anyone who has read the ISO spec and understands >> what's covered and what's still undefined. Fun reading! >> Or participated in the mDL conversations a few months ago & the list >> conversations. >> >> Also, who is down to have a conversation about provisioning? Or shall we >> re-invent provisioning?? I know how fun it is to re-invent something just >> because it's been a few years or a decade since it was invented in some >> other community. >> >> -Heather "culture eats the technologically superior solution for >> breakfast" Vescent >> >> On Wed, Mar 23, 2022 at 8:40 PM Kim Hamilton <kimdhamilton@gmail.com> >> wrote: >> >>> Other articles describing the risks of this rollout: >>> >>> - >>> https://www.wired.com/story/apple-wallet-drivers-license-digital-id/ >>> - >>> https://fintechbusinessweekly.substack.com/p/what-apples-secret-dmv-contracts?s=r >>> >>> Hoo boy >>> >>> On Wed, Mar 23, 2022 at 8:03 PM Kaliya Identity Woman < >>> kaliya@identitywoman.net> wrote: >>> >>>> Yep >>>> >>>> Sent from my iPhone >>>> >>>> On Mar 23, 2022, at 7:32 PM, Liam McCarty <liam@unumid.co> wrote: >>>> >>>> >>>> *From Apple Newsroom: "Apple launches the first driver’s license and >>>> state ID in Wallet with Arizona” >>>> <https://www.apple.com/newsroom/2022/03/apple-launches-the-first-drivers-license-and-state-id-in-wallet-with-arizona/>* >>>> "Additional states to follow, including Colorado, Hawaii, Mississippi, >>>> Ohio, and the territory of Puerto Rico" >>>> >>>> It’s sad and frustrating that this isn’t based on verifiable >>>> credentials… it appears vendor lock in is going to be hard to prevent. >>>> >>>> For anyone who missed the November coverage about this, here’s a pretty >>>> outrageous CNBC article: "Apple is sticking taxpayers with part of the >>>> bill for rollout of tech giant's digital ID card” >>>> <https://www.cnbc.com/2021/11/14/apple-sticking-taxpayers-with-part-of-the-bill-for-digital-id-rollout.html>. >>>> Some choice quotes: >>>> >>>> - *Apple has “sole discretion” for key aspects of the program, >>>> including what types of devices will be compatible with the digital IDs, >>>> how states are required to report on the performance of the effort, and >>>> when the program is launched, according to the documents. Apple even gets >>>> to review and approve the marketing that states are required to do.* >>>> - *The dynamic is similar to the way Apple typically deals with >>>> vendors, although instead of getting paid by Apple, the states have to >>>> shoulder the financial burden of administering the programs* >>>> - *All these efforts are paid for by states. The contract says that >>>> “except as otherwise agreed upon between the Parties, neither Party shall >>>> owe the other Party any fees under this Agreement.”* >>>> - *The agreements are also notable for what is missing, in terms of >>>> constraints or guard rails on how Apple can use the powerful capability of >>>> identity verification, according to Mikula. That raises questions about >>>> whether the company can restrict access to the new capability for >>>> competitors’ products.* >>>> >>>> >>>> This strikes me as the exact opposite of what we in this community are >>>> trying to achieve. Do others agree? What, if anything, can we do about this? >>>> >>>> *Liam McCarty* >>>> CEO, Founder of Unum ID <https://www.unumid.co/> >>>> Forbes 30 Under 30 ||| Stanford Physics >>>> www.LiamHaleMcCarty.com >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >> >> -- >> Heather Vescent <http://www.heathervescent.com/> >> Co-Chair, Credentials Community Group @W3C >> <https://www.w3.org/community/credentials/> >> President, The Purple Tornado, Inc <https://thepurpletornado.com/> >> Author, The Secret of Spies <https://amzn.to/2GfJpXH> >> Author, The Cyber Attack Survival Manual >> <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> >> Author, A Comprehensive Guide to Self Sovereign Identity >> <https://ssiscoop.com/> >> >> @heathervescent <https://twitter.com/heathervescent> | Film Futures >> <https://vimeo.com/heathervescent> | Medium >> <https://medium.com/@heathervescent/> | LinkedIn >> <https://www.linkedin.com/in/heathervescent/> | Future of Security >> Updates <https://app.convertkit.com/landing_pages/325779/> >> >
Received on Thursday, 24 March 2022 15:52:36 UTC