Status:
Status | ||||||
---|---|---|---|---|---|---|
|
- The user must review and authorize the release of any data before it is transmitted to the relying party.Only the subset of the mDL data requested by the relying party is shared. If a relying party only needs your date of birth, your address will not be shared even though it is part of your mDL datarelying party should only request the data that is required for the transaction.
- The user must have an assurance that they are releasing the their data to the intended relying party behind the identity reader. The relying party must be honest about their Essentially, the terminal should be under the relying party's control
- The value of the intent to retain flag per data elementmust match the use of the data received and should be consistent with their identity privacy policy.
- The relying party must maintain an identity specific data use policy that clearly indicates what data dat is being requested, and why it's being requested. If the relying party intends on retaining any specific identity data, the relying party must indicate in the This identity data use policy why it's being requested, should include why it's being stored and for how long it will be stored.
- The relying party must adhere to the ISO18013-5 mDL standard in order to properly interface with the mobile devices.
...