Scope and Applicability
Page Status: DRAFT
Scope
The intended audience of this implementer's guidance report includes architects, designers, developers, organization policy setters, standards organizations implementing mobile credentials and digital identity products. The report will provide implementation guidance to address privacy gaps within the standard ISO/IEC 18013-5 mobile driver's license transactions, but the privacy principles presented are applicable to the use of all privacy-enhancing mobile credentials used for digital identity transactions. The goal of this report is to provide sufficient guidance such that an individual who holds a mobile credential can reasonably assume an organization implementing the report's guidance is meeting expectations for privacy best practices.
[The Issuing Authority must be the legitimate issuer of a Digital ID credential (FIC 1.1), where ISO18013-5 section 3.13 defines as issuing authority, which may be at a national level (ISO18013-5 section 3.11 issuing country) or a local level jurisdiction of that country.]
Privacy Principles
- All data will be protected in transit
- Verifiers will request only the minimum data required for a business process
- Proposed
- mDL provider should not know what, where, when users presented their ID
- The intent to retain variable should be clearly communicated to the user
Expected Best Practices
- Verifiers will not retain any non-attributed transaction data provided by the Holder
- Verifiers will always seek consent before reading data from a digital ID
- Holders should never be required to hand their device to any verifier
- Attribute data will only be retained if sufficient notice has been provided and a business need exists for the purpose of the transaction.
- Proposed
- Data attributes should only be released upon user consent
- User should know in advance whom is requesting their ID data
- User should have visibility into what data was shared, when it was shared and to whom it was shared
- Holders should not be required to show their device to any verifier.
- If attribute data is retained, the reason and retention period should be clearly outlined in the relying party's identity data privacy document.
Applicability
Page Tasks
- Christopher Williams Please review and update the content on the Scope and Applicability page.