A Trust Triangle for PEMC
Based on some recent conversations in the workgroup, I’ve updated my thinking on the entities involved in the PEMC ecosystem. We talk about the three endpoints in trusted credentialing systems, using “Issuer,” “Verifier,” and “Holder” or variations of those three in our conversations. This aligns with various versions of the trust triangle that is spoken about in the identity community:
ISO/IEC 18013-5 mDL Interfaces | Sample Verifiable Credentials ecosystem |
In this workgroup’s discussions about protecting the privacy of individuals and identifying the entities that will be accountable or responsible for meeting requirements for creating and supporting Privacy Enhancing Mobile Credentials, it seems that some roles are being conflated. To that end, I created the following diagram to help me distinguish between the hardware, software, or systems that are the endpoints of the data flows in such a data system and the entities that should use those tools to build trust between themselves. I suggest below that each entity uses an agent, which may be composed of one or more systems for identity.
A Holder Agent would be the combination of mobile devices and apps that contain the Holder’s mobile credential (mDL, Health Card, Student ID, etc.)
A Verifier Agent would be the combination of credential reader and software the Verifiers uses to collect credentials when presented by the Holder.
An Issuer Agent would be the system used by an Issuer to provision a Holder Agent. For the purposes of the PEMC, systems and processes used by the Issuer to collect and verify the information about the Holder are out of scope.
In the diagram below the interior triangle are machine-readable data flows between endpoints. The exterior dotted lines represent the human understandable processes between the entities that use the data flow to accomplish their purposes. This helps me to disentangle, for example, the requirement for a Verifier organization to have policies and training in place for its' staff concerning data collected from a Holder from the requirement of Verifier Agents to implement data minimization in their systems.
Comments are welcome below.