Presentation: https://turing.kantarainitiative.org/pipermail/wg-riup/attachments/20230321/dc947c13/attachment-0001.pdf Looking for use cases from verifier POV We could show them a functional model for authentication/verification TomS: Medicare and Medicaid considering supplying recipients with mobile phones. Creates a privacy risk. Federal government has a right to access data (?) since they pay 50% of state programs. (Tom J says they may have the right but not the means Bev: tech reporting requirements may show whether feds have access. Fed doesn’t have access to GIS location data.
Noreen’s notes from NCCoE call Goal: Enable online reference implementation of mDL ISO/IEC 18013-5 MDL ISO/IEC 18013-5:2021 ISO/IEC 18013-7 Unattended Use Cases How to get involved Verifiers should bring in use cases and business processes (RIUP WG) Issuers to provide test MDLs 3p trust service providers to provide trust lists (Kantara trusted providers list?)
mDL implementers must meet minimum requirements Scenarios / Transaction Types (use cases) - goal is to see how trustable the solution is in these use cases Attended Identity Proofing Attribute Presentation Authentication Single Sign-on
Interested in real life verifiers who are interested in using mDL in providing services. More information is available at Digital Identities - mDL | NCCoE Contact: mdl-nccoe@nist.gov to express intent (LoE) Comments due March 31 Final Project description will be in a Federal Registry Notice and formal invitation. Timeline: Project will last one year. Q&A Reference Implementation Sandbox: There will be a GitHub for development reference implementation. Will run an online service/sandbox to text mDL remotely.
A participant asked to consider relaxing some of the implementer requirements. Response was to put request in the comments. CSP can participate How will hardware devices beyond mobile phones be incorporated (eg stationary kiosks): Covered in18013-5. Wants to see solutions that implement other devices As long as it meets mDL security and privacy needs
No plans to document user experience. Out of scope for now. Expects to put something in the practice guide on their observations of user consent, but no formal evaluation of user friendliness is in scope. Would need another task to focus on UX.
Question about privacy, security "Technology doesn't solve all privacy issues." Sal D'Agostino posted the question. It didn't sound like he was satisfied with the answer so maybe he can discuss on the call today.
Equity across demographics "More and more people are using mobile devices. Enabling user of mDL for different services does provide vital service, place to interact and learn from our project. Wil; try our best to have different varieties of devices, different platforms, different hardware orientations, different expenses, etc." They do expect different people to use mDL on many different devices.
How is this linked to work in Europe? A commenter posted: "eIDAS v2 is adopting ISO18013 as well"
|