RE: Binding an iso mDL to VC ecosystem for online verification from nadalin@prodigy.net on 2024-06-21 (public-credentials@w3.org from June 2024)

From: <nadalin@prodigy.net>
Date: Thu, 20 Jun 2024 17:44:33 -0700
To: "'Oliver Terbu'" <o.terbu@gmail.com>, "'Adrian Gropper'" <agropper@healthurl.com>
Cc: "'Andrew Hughes'" <andrewhughes3000@gmail.com>, "'Orie Steele'" <orie@transmute.industries>, "'Steve Capell'" <steve.capell@gmail.com>, "'W3C CG'" <public-credentials@w3.org>
Message-ID: <6bfd01dac374$31eb5560$95c20020$@prodigy.net>

So from a TSA perspective they are currently only accepting the ISO mDL, not the VC  based documents, so the wallet can contain both types of documents, this also creates root of trust issues since these roots are different.

From: Oliver Terbu <o.terbu@gmail.com> 
Sent: Monday, April 29, 2024 10:47 AM
To: Adrian Gropper <agropper@healthurl.com>
Cc: Andrew Hughes <andrewhughes3000@gmail.com>; Orie Steele <orie@transmute.industries>; Steve Capell <steve.capell@gmail.com>; W3C CG <public-credentials@w3.org>
Subject: Re: Binding an iso mDL to VC ecosystem for online verification

See more info here https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#name-mobile-documents-or-mdocs-i how to do ISO mdoc presentment online using OID4VP as well as how ISO 23220 and ISO 18013 relate to each other in that context. 

Oliver

On Mon, 29 Apr 2024 at 19:15, Adrian Gropper <agropper@healthurl.com <mailto:agropper@healthurl.com> > wrote:

The VC ecosystem will have to deal with biometrics in online presentation sooner or later and mDL linkage to VCs is the real world we're in.

The "VC ecosystem" has a choice of presentation protocols. Standardizing a less radical departure from current practice by supporting a user-centric request model based on IETF GNAP will drive adoption for VCs and help support adoption of the more exotic protocols being developed outside the ISO walled garden. 

Adrian

On Mon, Apr 29, 2024 at 12:59 PM Andrew Hughes <andrewhughes3000@gmail.com <mailto:andrewhughes3000@gmail.com> > wrote:

ISO SC 17 / WG 10 is in the final stages of creating ISO 18013-7 with is mDL presentation "remotely/over the internet". 

The current work on the browser API for credential/wallet selection/presentation was initiated by members of that ISO WG.

————————

Andrew Hughes CISM 
m +1 250.888.9474
 <mailto:AndrewHughes3000@gmail.com> AndrewHughes3000@gmail.com 

On Mon, Apr 29, 2024 at 9:48 AM Orie Steele <orie@transmute.industries <mailto:orie@transmute.industries> > wrote:

I suggest you join one of these calls ( check for the one friendliest to your timezone ) :

https://github.com/WICG/digital-identities

See also: https://www.identitycredential.dev/

And the recent comments on: https://github.com/w3c/strategy/issues/450#issuecomment-2062897495

There's been discussion of potential browser APIs to enable the presentation of a mDoc credential to prove age verification, possible integration between OIDC4VP and credential management APIs, etc...

Most of the joining of credential formats I have seen, has been proposed at the OIDC4VP layer, where a verifier website might ask for an mDoc and a W3C JSON-LD VC, and an OAUTH JWT VC, etc...

Imagine a verifier wanted remote presentation of a credential from a mobile wallet to a verifier website using a mobile web browser... or cross device to a desktop web browser.

Would it be possible for the verifier to request a specific credential, specific claims in a credential, specific credential formats, such as by media type?

On one side the problem is mobile OS / browser APIs (holder software), on the other side is credential query / presentation exchange formats (verifier supported protocols).

It's a difficult problem, with lots of important privacy, security, diversity and interoperability challenges.

Regards,

OS

On Mon, Apr 29, 2024 at 11:22 AM Steve Capell <steve.capell@gmail.com <mailto:steve.capell@gmail.com> > wrote:

Hi all,

Just finally getting around to reading the iso mDL spec.  Whether we like it or not it’s definitely a thing that is getting traction and being implemented by licensing authorities 

So far when reading the spec, verification seems to be all about in-person verification via nfc or other device to reader transfer of an mDL.  

Question - has anyone in this community thought about how an mDL in a wallet can be use for online verification cases - eg some kind of binding to did / didcom/ etc?ive use cases where I want to join the w3c vc world with the iso mDL world 

Steven Capell
Mob: 0410 437854

-- 

ORIE STEELE
Chief Technology Officer
www.transmute.industries <http://www.transmute.industries> 

 <https://transmute.industries/>

Received on Friday, 21 June 2024 00:44:49 UTC