mDL app = wallet app from Tom Jones on 2025-10-16 (public-security@w3.org from October 2025)

From: Tom Jones <thomasclinganjones@gmail.com>
Date: Wed, 15 Oct 2025 18:27:09 -0700
To: public-security@w3.org
Message-ID: <CAK2Cwb65xWzD5ijB3w5Cf26d8RB3TcoShJ+WP8Jn5y-0u0Gquw@mail.gmail.com>

At the W3C incubation cg there was some insistence that the mDL does not
need attestation. I am not sure if this security group can look ahead to
avoid security problems, but I find the idea of apps handling user private
data without attestation to be a security nightmare.  Is it appropriate to
create a threat model of an incubation effort to prevent security
problems.  I would do that if it will be reviewed.

Just to be clear, other standards efforts, like the mDL in North America,
require issuers to provide creds only to apps that meet the AAMVA
guidelines. EUDIW has similar requirements. I really don't want to see the
W3C flouting these requirements.

Quote AAMVA >>> In addition, Issuing Authorities must ensure that mDL apps
to which they provision data support at least the following: • In case the
request was received electronically, the mDL app must clearly convey what
data was requested, and whether the mDL verifier intends to retain the
information. If the request is presented in summarized form in the user
interface (e.g. “Identity and driving privilege data” as opposed to “First
Name, Last Name, DOB, Driving privileges”), means must be available to give
the mDL holder visibility of the details of such a summarized form, both
before and during a transaction. • The mDL app must provide the mDL holder
full control over which data elements to share with the mDL verifier. •
ISO/IEC 18013-5 requires the portrait image to be shared if the portrait
was requested and if any other data element is released (to enable the mDL
verifier to tie the mDL information to the person presenting the
information). The app must support a graceful and informed exit from the
request if the holder opts not to share the portrait image when requested.
• If blanket sharing options are used, measures must be implemented to
ensure that the mDL holder remains aware of what is being released when
such an option is in effect. An mDL holder must also be able to opt out of
or cancel any blanket sharing function.

Peace ..tom jones

Received on Thursday, 16 October 2025 01:27:27 UTC