...
| Actor | Role in the use case |
|---|---|
| Holder | Holds a mobile credential with a picture. Wants to take a trip or enter a (e.g.) sports venue. |
| PDP - Seller | Is a web site that is accessed by the Holder and creates the ticket using one or more mobile credential. |
| PEP - Verifier | Policy Enforcement Point Biometric scanner verifies the person as the holder of the ticket (access token). |
| Policy Maker | Government or business that creates a policy that is used for access check. The policy is subject to fairly frequent updates. |
| Issuers | of the various mobile credentials held in the user's wallet. For this case they are (1) Driver's license, (2) Covid Immunization, and (3) Credit Card |
...
The seller needs to acquire a REAL ID for the holder which must include biometric data. This is highly sensitive and must not be shared. The verification device can send a real-time biometric scan, but does not see the store biometric data.
| Access Token | The holder of the mobile credential is given yet another credential with provides access to the venue. This proof that can be used if the biometric check fails. |
Data Retained
The seller may maintain the holder's legal name for as long as a relationship exists with the holder. The holder may terminate the relationship at any time. The seller will delete all references to the holder as soon as legally permitted.
...