...
Our goal is to create a trusted identity presentment experience that aligns with our core privacy tenants of minimization, control, transparency and security. These efforts foster trust across the entire ecosystem and are a fundamental pillar of adoption.
Narrative
In order to foster adoption, it is essential that we create a trusted experience for all participants. During presentment, this consists of elevating awareness around what data is being requested, by whom, whether the relying party intends on storing this data and if so, what are they planning on doing with the stored data. The Wallet provider should incorporate these elements into their presentment UI in order to create a transparent presentment experience.
1) All Charlie is on their way to visit their grandmother out of state. Charlie plans on flying in order to see her grandmother as it is unfeasible to drive. Charlie had heard about the ability for citizens to add their ID to their mobile device and use it while traveling through TSA security checkpoints. Charlie completed the steps necessary to add their ID to their mobile device and was able to successfully provision their ID.
Once at the TSA security checkpoint, Charlie taps on the identity reader in order to begin the transaction. At this point, Charlie can clearly see a couple of items to note of on their mobile device that indicate informed consent.
1) Charlie can clearly see all of the data elements that are being requested by the relying party should be clearly outlined and visible2) The mDL holder should be clearly aware of who is requesting the mDL information. This should be done via displaying TSA. Charlie notices that the TSA is only asking for a specific subset of information from their ID.
2) Charlie can clearly see who is requesting her identity information. This is down via the name and icon for the relying party in the presentment sheet in a way that is clear and legible.
3) The intent to retain variable per data element should be displayed clearly to the user for increased transparency.
4) The intent to retain variable should be supported by an up to date TSA.
3) Charlie can clearly see if the TSA is intending on retaining any particular element via the intent to retain variable. In this case, no information is intended to be retained.
4) After reviewing the information, Charlie decides to proceed with the transaction.
Post transaction, Charlie can clearly see all of the information that was requested by the TSA, if they planned on storing it in addition to having access to the TSA identity data privacy policy. This identity specific data use policy should be accessible from within the mDL holder's Wallet. The data use policy should offer privacy policy offers simple explanations outlining why the relying party TSA plans on storing the any particular data and for how long.
Secondary Use Case (optional)
...