Re: "Apple launches the first driver’s license and state ID in Wallet with Arizona” from Manu Sporny on 2022-03-27 (public-credentials@w3.org from March 2022)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sun, 27 Mar 2022 16:15:43 -0400
To: public-credentials@w3.org
Message-ID: <498840c3-548e-0bc6-84fc-22ff08a44797@digitalbazaar.com>

On 3/23/22 10:52 PM, Andrew Hughes wrote:
> One could ask why VC isn’t based on ISO specs - but that would be silly,
> wouldn’t it.

No, it wouldn't be -- that's a great question!

The reason VCs aren't based on ISO 18013-5 is because:

1. They originated in 2012, well before the ISO work
   started. We wrote about them publicly[1] in 2014.
   ISO 18013-5 just simply didn't exist when the VC
   work started.

2. VCs were a generalized solution for digital
   credentials, and have always been. The ISO 18013-5 work
   was a point solution for driver's licenses and
   did not have the flexibility necessary to meet the
   VC use cases.

I wish I could share more about what happened at ISO, but as you know, we
can't do that due to ISO confidentiality rules... which is why the VC work
isn't being done at ISO -- we made a conscious decision that the VC work was
going to benefit from public discourse and debate, the way all W3C standards do.

> What year did the VC work start in earnest? How close is it to the same
> degree of specification as exists in the narrow mDL spec?
> 
> So fine, bemoan it. But also try to understand why it exists.

Here's my opinionated hot take on why ISO 18013-5 exists:

AAMVA, a few state governments, and a bunch of private companies that wanted
to solve for a digital driver's license use case got together, behind closed
doors, where the public had no chance to comment on what they were doing, and
rushed a point solution for driver's licenses into the market.

They were aware of Verifiable Credentials work (chartered in 2017) during the
ISO 18013-5 work (which wasn't ratified until 2021... a full 2 years AFTER VCs
became a global standard), but chose to ignore them and trudge forward with a
focused, end-to-end solution. That was a smart strategic move, it got them to
market faster than the more deliberate pace that VCs and DIDs are on.

However, now the ISO folks are trying to transition the specific ISO 18013-5
solution into a more generalized digital credentialing solution WHILE KNOWING
FULL AND WELL that Verifiable Credentials exist as a global standard because
1) the protocol work for VCs isn't done -- because there's real public debate
going on, and 2) it would be politically disastrous for the ISO 18013-5
technology vendors and the state governments to back away from their current
trajectory.

The problem with end-to-end, point solutions with little architectural
layering, tuned for specific use cases is that they're really hard to improve
or even change after the ink has dried. I don't envy the ISO 23220 folks that
have to sort out how to do all of that in a generalized way -- which is
looking likely to compete head-to-head with VCs, DIDs, and wallet protocols
unless people like Andrew can turn the ISO ship away from that collision course.

How'd I do, Andrew? :P

-- manu

[1] http://manu.sporny.org/2014/credential-based-login/

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/

Received on Sunday, 27 March 2022 20:15:59 UTC