Implementor's Guidance
Status of this page: DRAFT
This workgroup is trying to address the issue of how an “Alice” using a mobile credential, such as an ISO-compliant mobile Driving License (mDL) can trust that digital identity ecosystem she uses when she gets or uses a mobile credential. It’s not enough that the transactions themselves are secure. Alice should be able to trust not just the person or entity that she gets her mobile credential from (Issuers like driving license departments, schools, health care organisations, and so on). She should have a reasonable expectation that every entity upstream or downstream of her actual transaction will respect her privacy — i.e. only use or share her credentials for purposes related to why she used her mobile credential in the first place. This requires an ecosystem level of interoperable technical protocols and governance. That being said we understand that trust in organizations has to be both built up over time – in this case by working towards a common set of expectations; and actively maintained by each participant actively working to respect Alice's privacy expectations.
The purpose of Implementor's Guidance is to point organizations in the correct direction for ensuring that their products, processes, or systems for mobile credentials are "Privacy Enhancing". Privacy-enhancing technologies (PET) are technologies that embody fundamental data protection principles by minimizing personal data use, maximizing data security, and empowering individuals.
Guidance
References
- ENISA Privacy Enhancing Technologies
- Office of the Privacy Commissioner of Canada: Privacy Enhancing Technologies – A Review of Tools and Techniques
- The Royal Society’s Privacy Enhancing Technologies project
- Wikipedia: Privacy-enhancing technologies
Page Tasks
- Type your task here, using "@" to assign to a user and "//" to select a due date