4J/ Privacy and Identity in mobile Driving License ecosystems

From IIW

Privacy and Identity Considerations in mobile Driving License ecosystems


Tuesday 4J

Convener: John Wunderlich

Notes-taker(s): John Wunderlich

Tags for the session - technology discussed/ideas considered:

mDL; mobile driving license; privacy;


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

This was an introduction to a new Kantara Initiative Discussion Group [1] : Privacy & Identity Protection in mobile Driving License ecosystems [2].

This discussion group arose out of work that Kantara [3] is doing with the Secure Technology Alliance whose members are actively involved in the development of the ISO Standard for mobile driving licenses (18013-5)[4] . See the STA page on their mDL initiative here [5].

The framing for the discussion was that mobile driving licenses as an app on a mobile device is very likely to be the first widely distributed and adopted version of a digital wallet. The intent for the discussion group is to produce a report that will discuss the base mDL architecture and how it can incorporate privacy and identity considerations. This may (depending on the result of the discussion group and the contents of the report) lead to further working groups for conformance assessment and/or a report that makes recommendations for a specification. In short can we create a report that enables policy wonks and technologists to build self sovereign systems, verified credentials, decentralized identifiers and other ecosystems for interoperability with ISO compliant mDL ecosystems.


The following points were made:


While the high level architecture of the mDL system involves an issuer, a reader, and a holder it does not conform to the tenets of SSI, especially disintermediation

mDL ecosystems are not built for anonymous identifiers

Interoperability with/between systems is a solvable engineering issue.

There is a defined data format that needs to be parsed

There will be multiple data types

Multiple engagement modes

It could create problems to combine authentication and authorization in the same wallet

Make it clear that driving licenses are issued by sovereign authorities, not self sovereign individuals.

Need to understand what the likely secondary uses are

mDL as a use case is misleading because it assumes capability on the part of the holder that may not be the case. There needs to be a way of delegation or ensuring agency.

Discussion of the risks of attribute correlation

There are concerns about presentation of the mDL as consent

My summary is that this community can absolutely enrich the discussion and help with the secondary use cases and considerations to develop mDL systems that meet the needs of the identity and privacy communities.

Retrieved from "https://iiw.idcommons.net/index.php?title=4J/_Privacy_and_Identity_in_mobile_Driving_License_ecosystems&oldid=23280"