Page Status:
| Status | ||||||
|---|---|---|---|---|---|---|
|
...
Information for organizations that provide software or systems for mobile credentials, such as digital wallets or SDKs
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem. Ut enim ad minima veniam, quis nostrum exercitationem ullam corporis suscipit laboriosam, nisi ut aliquid ex ea commodi consequatur? Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum fugiat quo voluptas nulla pariatur?
--------------
Source: FIC "User Controlled Data Sharing" Requirements
Guidance for UX
5.2.1 | Best Practice (BP). | The Issuing Authority must protect the Digital ID information such that only the holder can view the data, or authorize Digital ID data release to a relying party. For example, the App or the Digital ID interface may require a PIN code for authorization, or a FIDO compliant biometric may be integrated into the OS/App (e.g. FaceID on Apple devices). |
5.2.2
| B.P. | User Consent to release each field of data,or decline transaction in physical domain, consistent with the ISO 18013-5 standard supported. |
5.2.3
| B.P. | Relying party’s to request only the minimum amount of data required for a use case, consistent with the ISO 18013-5 standard. |
5.2.4 | B.P. | As use case norms are established and guidelines are developed, the UX for Issuing Authority Digital ID applications and relying party data requests should converge. For example, user may consent to release an “Identity Bundle,” defined here as a predefined set of data agreed by relying parties as the minimum data required for a standard transaction in the relevant use case vertical and region. Any data beyond the minimum data in the Identity bundle would be optional for the user to provide, and Digital ID applications would clearly denote the required and optional fields. The data released and consent may then be captured in a standards driven and certifiable consent receipt. |
5.2.5
| B.P. | If issuing authority offers a non-standard API for access to Digital ID data in unattended use cases (prior to development of the ISO 23220 WG4 standard) they need to inform users and relying parties of additional risk. Examples may include presenting Digital ID via an App/browser without an in person verification of facial biometric, or using kiosks or video chats to replace in person verification in the unattended use case.) |
5.2.6
| B.P. | The relying parties may develop an unattended user experience to allow a user to authorize a transaction brokered between a mobile device and a browser, using the current ISO 18013-5 standard for data exchange. Obligation is on the relying party to understand the risks associated with an unattended channel, and they should have appropriate security measures in place e.g. HTTPS to secure transmission of the data and avert intercept. This scenario may be superseded once the standard in ISO23220 WG4 is defined. |
| Loremipsum | ||||
|---|---|---|---|---|
|
...
Page Tasks
- Type your task here, using "@" to assign to a user and "//" to select a due date