Proposing to include three canonical use cases to help illustrate the general guidance in each section
it may be an interesting exercise for each item in the guidance to address each use canonical use case. This would result in three sets of guidances, each guidance with 10 principles, and each principle with three use cases. This would be significant work, but result in potentially easier downstream results when we develop the requirements
two ways for identity proofing to occur; one through verifier and the other within the device (within the wallet held on the device, wherever it came from). Suggest modifying the use case to support the second case.
concern that this second use case is still being standardized; it’s not quite covered yet in 18013. But this is being used (or is going in this direction) in the real world so guidance is useful
biometric pre-check, the checking is done by the verifier (what’s going on in US airports today; walk through a scanning device that scans a person’s face). This is the name of the use case in Kantara
suggest adding links within the docs to the use cases on the wiki
identity proofing on device in an offline case
Still unclear how the holder, the individual fits in the outline; Salvatore D'Agostino to add some words to the Purposes and Scope section of the PEMC Early Implementor’s Guidance Report
if we’re aligning with 18013, which is what’s indicated in the charter, then the online and on-device use cases are out of scope; they seem to be very useful, however, so we may want to step back and review the charter scope
the wallet has a capability to assert within the transaction that this is the person who they purports to be
the problem originated with the concern that the ACLU had against the use of the driver’s licence and whether the verifier goes back to the issuer because that enables surveillance. That does make this a problem that we might well want to to address.
online can occur at any time; check in online and make a physical presentation, or more asynchronously
biometric-proof of identity on the device: when I present the credential (online or offline), the RP takes the credential device’s word for it that the person is who they say they are; also indicates presentation mode
Tom Jones to draft the biometric use case and online ordering and physical presentation (use Case 2)
Andreas: in order to present your mDL you have to authenticate by the bound biometric added when you set up. The identity reader doesn’t get that biometric itself. They may at that point take your photo and compare it to their database. There may be future issue when it comes to proof of presence mode.
Consensus on the doc structure
10 min.
Government-issued Credentials and the Privacy Landscape Whitepaper - Discussion
Rough outline of the proposed white paper; comments added directly to the doc
Going forward, Heather will hold both group and individual listening sessions to collect content and feedback; goal is to have the rough editor’s draft done by the end of the year
5 min.
Conference highlights
PEMC session at EIC 2023 has been accepted
PEMC proposal submitted for Identity Week and VIPP Identity Summit (Canada)