Shared use between Holder and Verifier

Page Status: DRAFT

Priority: P2


Description (User Story)

For this case we consider the mobile verifier.  Note that this may turn out to be an anti-pattern that is disallowed by the spec.

Note that this could also be called peer-to-peer trust validation or self-sovereign did-comm wallet (ie wallet<=>wallet) connection use case.

Narrative

The following is an actual use case for a Louisiana Driver's license Verify You. (click there to see their web page.  Following is quote from that page.)

VerifyYou™ is a unique feature that allows one LA Wallet user to validate another LA Wallet license holder. By scanning a custom generated QR code, a “Verifier” can validate the license validity, coarse age, full name and/or driver’s license number of another LA Wallet user. Meanwhile, the “Presenter” maintains full possession of his or her phone and controls which information is temporarily presented. Only the information the "Presenter" allows to be communicated is visible to the "Verifier." The received information is securely presented and not stored.

Specific Use Case

One specific use case is a delivery person that requires age verification.  The same app that the holder uses for verifying their age can be used to verify another's age.

Another use case is a bouncer at a bar.

Alternate Use Case

It is fairly easy for anyone to build a smartphone app that will ask the user for access to their mDL. It's hard to imagine how this will not be perverted to any use the user of the verifier app wants.  For an example see the SCYTÁLES ISO MOBILE VALIDATOR BETA APP. Or just down-load it and try it your self.

Actors

ActorRole in the use case
HolderOf the license to be scanned.
VerifierUsing the same app to scan another.



User Stories

ElementDetailNotes
As a,per trip driver
I wantdelivery regulated goods like alchhol
so thatmake more deliveries and get home
Acceptance Criteria
GivenAn order to be delivered that needs a user over the age of (say) 21
Whenthe delivery requires proof of age
Thenwhen the customer has a mobile driver's license on their phone, I can get approval more quickly


Prerequisites / Assumptions

  •  Both Holder and Verifier have the "official" LA wallet.


Use Case Details

Privacy

As pointed out in the alternate use case above it is hard to create a model where such an app is not misused.

Data Provided

Since the user has not control over the app in the hands of the verifier, the manner in which the app requests data is critical to the user's privacy. Here some strict limitations on the requests from such an app must be carefully defined so that the user has no choice about what data is provided if the user wants whatever it is that the verifier is delivering to the user.

Data Retained

The received information is securely presented and not stored. (according to the web site.)

Diagram


Steps

Primary Use Case

A gig driver comes to the door with a bottle of wine.

#StepDescription
1

2

3

4


Secondary Use Case(s)

A young woman goes to a bar.

#StepDescription
1

2

3

4


Sequence Diagram


End State

Very transactional - two user's touch phone and walk away.

If the verifier accepts the response, the holder gets what she wants.


Success

  • The verifier accepts the data. 


Failure

  • The verifier is unable to connect to the holder.
  • The verifier will not accept the data presented as adequate to the purpose. 


References

Champion / Stakeholder

Tom Jones and the state of Louisiana


Related Material

Resources and Links





Page Tasks

  • Type your task here, using "@" to assign to a user and "//" to select a due date