Introduction for stakeholders
I was explaining the workgroup to someone in an email and the explanation included this:
We are trying to address the issue of how an “Alice” using a mobile credential, such as an ISO-compliant mobile Driving License (mDL) can trust that digital identity ecosystem she uses when she gets or uses a mobile credential. It’s not enough that the transactions themselves are secure. Alice should be able to trust not just the person or entity that she gets her mobile credential from (University ID card, Government ID card, Super Bowl ticket, etc). She should have a reasonable expectation that every entity upstream or downstream of her actual transaction will respect her privacy — i.e. only use or share her credentials for purposes related to why she used her mobile credential in the first place. This requires an ecosystem level of interoperable technical protocols and governance.
This struck me as a good start to explain what we want to do to potential implementors. Thoughts or comments are welcome.