Difference between revisions of "W3C Credential Management"

Latest revision as of 14:43, 10 September 2024

Full Title or Meme

The W3C Credential Management Level 1 specification was published in July 2023.

Context

Google has specified the Identity Credential type for Android as part of the W3C Credential Management framework.
Apple has specified the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO 18013-5.

Solutions

Google

Post from Gianluca Varisco Security @ Google Cloud
Introducing the Digital Credentials API origin trial 2024-08 Supporting OID4VP which is not yet a standard

Digital Credential API

Digital Credentials - Draft Community Group Report last download 2024-08-29

Comentary

Sep 19, 2023 Open Wallet Architecture WG

On Tue, Sep 19, 2023 at 7:22 AM Torsten Lodderstedt via lists.openwallet.foundation <torsten=lodderstedt.net@lists.openwallet.foundation> wrote: As far as I’m informed, the WICG just incubated the credential topic last week and will be pursuing a process to come up with a consolidated proposal for a browser API. I think the proposals on the table are a great staring point but are a bit narrow (esp. the Mobile Document Request API). A solution should support the credential formats that can be found in the market and not limit implementers. I have argued to specify an API that focuses on wallet discovery and invocation as I believe those are the core challenges current protocols for credential issuance and presentation are facing. I think we need to carefully watch the further development and contribute.

Am 19. Sept. 2023, 13:55 +0200 schrieb Sebastian Elfors via lists.openwallet.foundation <sebastian.elfors=idnow.io@lists.openwallet.foundation>:

W3C WICG, Google and Apple have made some advancements on identity credentials APIs.

The W3C Credential Management Level 1 specification was published in July 2023. Google has specified the Identity Credential type for Android as part of the W3C Credential Management framework. Apple has specificed the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO/IEC 18013-5.

E sebastian.elfors@idnow.io

John, Anil via lists.openwallet.foundation <anil.john=hq.dhs.gov@lists.openwallet.foundation> Sep 25, 2023, 7:06 AM (1 day ago) to technical-discuss@lists.openwallet.foundation

There appear to be critical differences between the “Mobile Document Request API” (Originally proposed by Apple but also supported by Google at that time) and the “Identity Credential” work (proposed by Google).

The following is my understanding in non-spec-speak (which may be incomplete or wrong, so would appreciate corrections):

Both seek to define a standardized way for a browser to present digital credentials stored in a digital wallet to a web site; this is good Potentially competes with or could serve to enhance any web based credential presentation protocols

Then they go their separate ways …

Mobile Document Request API

Supports only ISO/IEC 18013-5 mDLs Marks as being ‘out-of-scope’ the manner in which the browser interacts with the digital wallet. Implications of this are profound in that If you are a platform that has a digital wallet (Apple Wallet / Google Wallet / Microsoft Authenticator? ) AND are also a browser vendor (Safari / Chrome / Edge), the platform gets to connect their wallet to their browser because that connection is not open but under their control.

“Identity Credential” API

References – Meeting Minutes & Presentation Slides by folks from the WICG to the W3C VC WG Group at the TPAC @ https://www.w3.org/2017/vc/WG/Meetings/Minutes/2023-09-15-vcwg#section2 Support multiple credential types (gratified to see prototype/demos of both mDL and W3C VCs in the presentation) Support for multiple wallets << I am making an assumption here that ensuring this support requires standardizing and opening up the API connecting the wallet to the browser; which, if true, is A.Good.Thing!

This is my understanding of the primary differences … Corrections welcome!

From: technical-discuss@lists.openwallet.foundation <technical-discuss@lists.openwallet.foundation> On Behalf Of Sebastian Elfors via lists.openwallet.foundation Sent: Tuesday, September 19, 2023 7:56 AM To: technical-discuss@lists.openwallet.foundation Subject: [technical-discuss] W3C WICG Identity Credentials API

All,

W3C WICG, Google and Apple have made some advancements on identity credentials APIs.

The W3C Credential Management Level 1 specification was published in July 2023. Google has specified the Identity Credential type for Android as part of the W3C Credential Management framework. Apple has specificed the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO/IEC 18013-5.

Is this something that should be considered by the OpenWallet Foundation – or is it already under consideration? (I’m asking because I’ve missed most of the OWF architecture meetings since they occur at night CET, so this may have been discussed already.)

Sebastian Elfors

Senior Architect

Adrian Hope-Bailie via lists.openwallet.foundation AttachmentsSep 25, 2023, 7:55 AM (1 day ago) Hi Anil, I chaired the payments WG at W3C for almost 8 years. In my experience Apple's approach to this work is to be a passive supporter of the standards but t

David Zeuthen via lists.openwallet.foundation <zeuthen=google.com@lists.openwallet.foundation> Attachments Sep 25, 2023, 2:07 PM (22 hours ago) to anil.john, technical-discuss@lists.openwallet.foundation

Hi,

On Mon, Sep 25, 2023 at 10:06 PM John, Anil via lists.openwallet.foundation <anil.john=hq.dhs.gov@lists.openwallet.foundation> wrote: There appear to be critical differences between the “Mobile Document Request API” (Originally proposed by Apple but also supported by Google at that time) and the “Identity Credential” work (proposed by Google).

The following is my understanding in non-spec-speak (which may be incomplete or wrong, so would appreciate corrections):

Both seek to define a standardized way for a browser to present digital credentials stored in a digital wallet to a web site; this is good Potentially competes with or could serve to enhance any web based credential presentation protocols

Then they go their separate ways …

Mobile Document Request API

Supports only ISO/IEC 18013-5 mDLs Marks as being ‘out-of-scope’ the manner in which the browser interacts with the digital wallet. Implications of this are profound in that If you are a platform that has a digital wallet (Apple Wallet / Google Wallet / Microsoft Authenticator? ) AND are also a browser vendor (Safari / Chrome / Edge), the platform gets to connect their wallet to their browser because that connection is not open but under their control.

Someone recently told me that https://developer.apple.com/wallet/get-started-with-verify-with-wallet/ had an update to say something about the Mobile Document Request API and third party applications. I think that may be of interest to people here.

“Identity Credential” API

References – Meeting Minutes & Presentation Slides by folks from the WICG to the W3C VC WG Group at the TPAC @ https://www.w3.org/2017/vc/WG/Meetings/Minutes/2023-09-15-vcwg#section2 Support multiple credential types (gratified to see prototype/demos of both mDL and W3C VCs in the presentation) Support for multiple wallets << I am making an assumption here that ensuring this support requires standardizing and opening up the API connecting the wallet to the browser; which, if true, is A.Good.Thing!

This is my understanding of the primary differences … Corrections welcome!

Yes, so, the "Identity Credential" API proposal is closely based on Apple's Mobile Document Request API but - for a multitude of reasons - we wanted to change the API so it isn't tied to mdoc/mDL credential format. I obviously can't speak for Apple but my read is that they are OK with this change and will continue to participate in the WICG.

The last point about support for multiple wallets, yes, Chrome has made statements about this being a goal for the implementation of Chrome on Android (see https://groups.google.com/a/chromium.org/g/blink-dev/c/O9A9fq-0IdI/m/sqdVA17iBQAJ) and this is also how you could read Apple's page linked to in the paragraph above.

We are starting to make this API available behind flags in Android and Chrome so RPs and Wallets can experiment with it. The attached presentation is what we shared with ISO SC17 WG10 (the ISO WG working on Mobile Driving Licenses and 18913-5 and -7) and has more information about how we think this API could work on Android. There's nothing mdoc/mDL specific about this API and any Android application can be a credential provider for this API.

Hope this clarifies!

Thanks, David

to zeuthen@google.com, technical-discuss@lists.openwallet.foundation

Hi David,

Request for one additional clarification as people a whole lot smarter pointed out to me that there is a gap in the current proposal for supporting “web wallets” i.e. web app based wallets as opposed to wallet applications on mobile devices, as that functionality appears to be missing in the current proposal.

Speaking to the needs of my organization, we are very interested in ensuring that both web and native wallets are equally supported. What is Google’s intention/perspective regarding support for both in the work you are putting forward?

To: John, Anil <anil.john@hq.dhs.gov> Cc: technical-discuss@lists.openwallet.foundation

On Mon, Sep 25, 2023 at 10:06 PM John, Anil via lists.openwallet.foundation <anil.john=hq.dhs.gov@lists.openwallet.foundation> wrote:

There appear to be critical differences between the “Mobile Document Request API” (Originally proposed by Apple but also supported by Google at that time) and the “Identity Credential” work (proposed by Google).

The following is my understanding in non-spec-speak (which may be incomplete or wrong, so would appreciate corrections):

Both seek to define a standardized way for a browser to present digital credentials stored in a digital wallet to a web site; this is good Potentially competes with or could serve to enhance any web based credential presentation protocols

Then they go their separate ways …

Mobile Document Request API

Supports only ISO/IEC 18013-5 mDLs Marks as being ‘out-of-scope’ the manner in which the browser interacts with the digital wallet. Implications of this are profound in that If you are a platform that has a digital wallet (Apple Wallet / Google Wallet / Microsoft Authenticator? ) AND are also a browser vendor (Safari / Chrome / Edge), the platform gets to connect their wallet to their browser because that connection is not open but under their control.

Someone recently told me that https://developer.apple.com/wallet/get-started-with-verify-with-wallet/ had an update to say something about the Mobile Document Request API and third party applications. I think that may be of interest to people here.

“Identity Credential” API

References – Meeting Minutes & Presentation Slides by folks from the WICG to the W3C VC WG Group at the TPAC @ https://www.w3.org/2017/vc/WG/Meetings/Minutes/2023-09-15-vcwg#section2 Support multiple credential types (gratified to see prototype/demos of both mDL and W3C VCs in the presentation) Support for multiple wallets << I am making an assumption here that ensuring this support requires standardizing and opening up the API connecting the wallet to the browser; which, if true, is A.Good.Thing!

This is my understanding of the primary differences … Corrections welcome!

Yes, so, the "Identity Credential" API proposal is closely based on Apple's Mobile Document Request API but - for a multitude of reasons - we wanted to change the API so it isn't tied to mdoc/mDL credential format. I obviously can't speak for Apple but my read is that they are OK with this change and will continue to participate in the WICG.

The last point about support for multiple wallets, yes, Chrome has made statements about this being a goal for the implementation of Chrome on Android (see https://groups.google.com/a/chromium.org/g/blink-dev/c/O9A9fq-0IdI/m/sqdVA17iBQAJ) and this is also how you could read Apple's page linked to in the paragraph above.

We are starting to make this API available behind flags in Android and Chrome so RPs and Wallets can experiment with it. The attached presentation is what we shared with ISO SC17 WG10 (the ISO WG working on Mobile Driving Licenses and 18913-5 and -7) and has more information about how we think this API could work on Android. There's nothing mdoc/mDL specific about this API and any Android application can be a credential provider for this API.

David

W3C WICG, Google and Apple have made some advancements on identity credentials APIs.

The W3C Credential Management Level 1 specification was published in July 2023. Google has specified the Identity Credential type for Android as part of the W3C Credential Management framework. Apple has specified the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO/IEC 18013-5.

Is this something that should be considered by the OpenWallet Foundation – or is it already under consideration? (I’m asking because I’ve missed most of the OWF architecture meetings since they occur at night CET, so this may have been discussed already.)

Sebastian Elfors

References

Difference between revisions of "W3C Credential Management"

Latest revision as of 14:43, 10 September 2024

Contents

Full Title or Meme

Context

Solutions

Google

Digital Credential API

Comentary

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools

Sidebar Links

@@ Line 1: / Line 1: @@
+==Full Title or Meme==
+[https://w3c.github.io/webappsec-credential-management/ The W3C Credential Management Level 1 specification] was published in July 2023.
-Sebastian Elfors via lists.openwallet.foundation
-Sep 19, 2023, 4:55 AM (7 days ago)
-All, W3C WICG, Google and Apple have made some advancements on identity credentials APIs. - The W3C Credential Management Level 1 specification was published in
-Torsten Lodderstedt via lists.openwallet.foundation
+==Context==
-Sep 19, 2023, 7:22 AM (7 days ago)
+* Google has specified the Identity Credential type for Android as part of the W3C Credential Management framework.
-Hi, as far as I’m informed, the WICG just incubated the credential topic last week and will be pursuing a process to come up with a consolidated proposal for a
+* Apple has specified the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO 18013-5.
-Andrew Hughes via lists.openwallet.foundation <andrewhughes=pingidentity.com@lists.openwallet.foundation>
+==Solutions==
-Sep 19, 2023, 7:55 AM (7 days ago)
+===Google===
-to torsten, technical-discuss@lists.openwallet.foundation, sebastian.elfors
+* [https://www.linkedin.com/feed/update/urn:li:activity:7237086383712985088/ Post from Gianluca Varisco Security @ Google Cloud]
+* [https://developer.chrome.com/blog/digital-credentials-api-origin-trial Introducing the Digital Credentials API origin trial] 2024-08 Supporting OID4VP which is not yet a standard
-I noticed that in the meeting notes for this topic nobody talked about how this would work on mobile devices - it sounded like people were thinking about desktop OS/browser implementations.
-I'm learning more about the sandboxing and other restrictions on mobile devices - and how this prevents / controls native app invocation and discovery in ways that force use of OS/mobile browser facilities, and precludes use of third party systems.
-Does anyone else observe similar things?
-Andrew Hughes
-Director - Identity Standards
-andrewhughes@pingidentity.com
-Mobile/Signal: +1 250 888 9474
+==Digital Credential API==
+* [https://wicg.github.io/digital-credentials/ Digital Credentials - Draft Community Group Report] last download 2024-08-29
+===Comentary===
+Sep 19, 2023 Open Wallet Architecture WG
 On Tue, Sep 19, 2023 at 7:22 AM Torsten Lodderstedt via lists.openwallet.foundation <torsten=lodderstedt.net@lists.openwallet.foundation> wrote:
-Hi,
+As far as I’m informed, the WICG just incubated the credential topic last week and will be pursuing a process to come up with a consolidated proposal for a browser API. I think the proposals on the table are a great staring point but are a bit narrow (esp. the Mobile Document Request API). A solution should support the credential formats that can be found in the market and not limit implementers. I have argued to specify an API that focuses on wallet discovery and invocation as I believe those are the core challenges current protocols for credential issuance and presentation are facing.  I think we need to carefully watch the further development and contribute.
-as far as I’m informed, the WICG just incubated the credential topic last week and will be pursuing a process to come up with a consolidated proposal for a browser API. I think the proposals on the table are a great staring point but are a bit narrow (esp. the Mobile Document Request API). A solution should support the credential formats that can be found in the market and not limit implementers. I have argued to specify an API that focuses on wallet discovery and invocation as I believe those are the core challenges current protocols for credential issuance and presentation are facing.
-I think we need to carefully watch the further development and contribute.
-best regards,
-Torsten.
 Am 19. Sept. 2023, 13:55 +0200 schrieb Sebastian Elfors via lists.openwallet.foundation <sebastian.elfors=idnow.io@lists.openwallet.foundation>:
-All,
 W3C WICG, Google and Apple have made some advancements on identity credentials APIs.
 The W3C Credential Management Level 1 specification was published in July 2023.
 Google has specified the Identity Credential type for Android as part of the W3C Credential Management framework.
 Apple has specificed the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO/IEC 18013-5.
-Is this something that should be considered by the OpenWallet Foundation – or is it already under consideration? (I’m asking because I’ve missed most of the OWF architecture meetings since they occur at night CET, so this may have been discussed already.)
-Kind regards,
-Sebastian Elfors
-Senior Architect
-M           +49 174 17 22 150
 E            sebastian.elfors@idnow.io
-IDnow.io  |  LinkedIn
-IDnow GmbH Auenstraße 100 |  80469 Munich | Germany
-Registration Court: Amtsgericht München HRB 283590  VAT Reg.No. DE360162051
-Managing Directors: Andreas Bodczek, Joseph Lichtenberger, Armin Bauer
-<image001.png>
-CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.
-_._,_._,_
-Links:
-You receive all messages sent to this group.
-View/Reply Online (#164) | Reply To Sender | Reply To Group | Mute This Topic | New Topic
-Adrian Gropper via lists.openwallet.foundation
-Sep 19, 2023, 8:18 AM (7 days ago)
-to andrewhughes, sebastian.elfors, technical-discuss@lists.openwallet.foundation, torsten
-I’m unfamiliar with the various protocols for issue and presentation of VCs but I’m under the impression that many of them make assumptions about whether the user agent is a browser or an app. I believe IETF GNAP is intentionally designed to work securely with both. Is this a consideration we can use to categorize the various protocols options?
-Adrian
-View/Reply Online (#165) | Reply To Sender | Reply To Group | Mute This Topic | New Topic
@@ Line 105: / Line 37: @@
 There appear to be critical differences between the “Mobile Document Request API” (Originally proposed by Apple but also supported by Google at that time) and the “Identity Credential” work (proposed by Google).
 The following is my understanding in non-spec-speak (which may be incomplete or wrong, so would appreciate corrections):
 Both seek to define a standardized way for a browser to present digital credentials stored in a digital wallet to a web site; this is good
 Potentially competes with or could serve to enhance any web based credential presentation protocols
 Then they go their separate ways …
 Mobile Document Request API
@@ Line 124: / Line 49: @@
 Supports only ISO/IEC 18013-5 mDLs
 Marks as being ‘out-of-scope’ the manner in which the browser interacts with the digital wallet. Implications of this are profound in that If you are a platform that has a digital wallet (Apple Wallet / Google Wallet / Microsoft Authenticator? ) AND are also a browser vendor (Safari / Chrome / Edge), the platform gets to connect their wallet to their browser because that connection is not open but under their control.
 “Identity Credential” API
@@ Line 131: / Line 55: @@
 Support multiple credential types (gratified to see prototype/demos of both mDL and W3C VCs in the presentation)
 Support for multiple wallets << I am making an assumption here that ensuring this support requires standardizing and opening up the API connecting the wallet to the browser; which, if true, is A.Good.Thing!
 This is my understanding of the primary differences … Corrections welcome!
-Best Regards,
-Anil
-Anil John
-Technical Director, Silicon Valley Innovation Program
-Science and Technology Directorate
-US Department of Homeland Security
-Washington, DC, USA
-Email Response Time – 24 Hours or more; I sometimes send emails outside of business days/times because it works for me; please do not feel any obligation to reply to them outside of your normal working patterns.
-A picture containing graphical user interface
-Description automatically generated/Users/holly.johnson/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_1972159395
-This document contains pre-decisional and/or deliberative process information exempt from mandatory disclosure under the Freedom of Information Act, 5 U.S.C. 552(b)(5). Do not release without prior approval of the Department of Homeland Security.
 From: technical-discuss@lists.openwallet.foundation <technical-discuss@lists.openwallet.foundation> On Behalf Of Sebastian Elfors via lists.openwallet.foundation
@@ Line 177: / Line 65: @@
-CAUTION: This email originated from outside of DHS. DO NOT click links or open attachments unless you recognize and/or trust the sender. Contact your component SOC with questions or concerns.
 All,
 W3C WICG, Google and Apple have made some advancements on identity credentials APIs.
@@ Line 194: / Line 74: @@
 Apple has specificed the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO/IEC 18013-5.
 Is this something that should be considered by the OpenWallet Foundation – or is it already under consideration? (I’m asking because I’ve missed most of the OWF architecture meetings since they occur at night CET, so this may have been discussed already.)
-Kind regards,
 Sebastian Elfors
 Senior Architect
-M           +49 174 17 22 150
-E            sebastian.elfors@idnow.io
-IDnow.io  |  LinkedIn
-IDnow GmbH Auenstraße 100 |  80469 Munich | Germany
-Registration Court: Amtsgericht München HRB 283590  VAT Reg.No. DE360162051
-Managing Directors: Andreas Bodczek, Joseph Lichtenberger, Armin Bauer
-A picture containing monitor, large
-Description automatically generated
-_._,_._,_
-Links:
-You receive all messages sent to this group.
-View/Reply Online (#166) | Reply To Sender | Reply To Group | Mute This Topic | New Topic
 Adrian Hope-Bailie via lists.openwallet.foundation
@@ Line 255: / Line 97: @@
 The following is my understanding in non-spec-speak (which may be incomplete or wrong, so would appreciate corrections):
 Both seek to define a standardized way for a browser to present digital credentials stored in a digital wallet to a web site; this is good
@@ Line 275: / Line 115: @@
 “Identity Credential” API
@@ Line 297: / Line 136: @@
 David
---
-David Zeuthen |	 zeuthen@google.com |
- Google
-| Android Hardware-Backed Security
-_._,_._,_
-Links:
-You receive all messages sent to this group.
-View/Reply Online (#168) | Reply To Sender | Reply To Group | Mute This Topic | New Topic
-Your Subscription | Contact Group Owner | Unsubscribe [thomasclinganjones@gmail.com]
-_._,_._,_
- One attachment
-  •  Scanned by Gmail
-John, Anil via lists.openwallet.foundation <anil.john=hq.dhs.gov@lists.openwallet.foundation>
-Sep 25, 2023, 4:09 PM (19 hours ago)
-to zeuthen@google.com, technical-discuss@lists.openwallet.foundation
-David,
-Thank you for the additional information and the clarification.
-Best Regards,
-Anil
-Email Response Time – 24 Hours or more; I sometimes send emails outside of business days/times because it works for me; please do not feel any obligation to reply to them outside of your normal working patterns.
-This document contains pre-decisional and/or deliberative process information exempt from mandatory disclosure under the Freedom of Information Act, 5 U.S.C. 552(b)(5). Do not release without prior approval of the Department of Homeland Security.
-_._,_._,_
-Links:
-View/Reply Online (#169) | Reply To Sender | Reply To Group | Mute This Topic | New Topic
-John, Anil via lists.openwallet.foundation <anil.john=hq.dhs.gov@lists.openwallet.foundation>
-:36 AM (3 hours ago)
 to zeuthen@google.com, technical-discuss@lists.openwallet.foundation
 Hi David,
+Request for one additional clarification as people a whole lot smarter pointed out to me that there is a gap in the current proposal for supporting “web wallets” i.e. web app based wallets as opposed to wallet applications on mobile devices, as that functionality appears to be missing in the current proposal.
-Request for one additional clarification as people a whole lot smarter pointed out to me that there is a gap in the current proposal for supporting “web wallets” i.e. web app based wallets as opposed to wallet applications on mobile devices, as that functionality appears to be missing in the current proposal.
-Speaking to the needs of my organization, we are very interested in ensuring that both web and native wallets are equally supported.
-What is Google’s intention/perspective regarding support for both in the work you are putting forward?
-Best Regards,
-Anil
-Anil John
-Technical Director, Silicon Valley Innovation Program
-Science and Technology Directorate
-US Department of Homeland Security
-Washington, DC, USA
-Email Response Time – 24 Hours or more; I sometimes send emails outside of business days/times because it works for me; please do not feel any obligation to reply to them outside of your normal working patterns.
-A picture containing graphical user interface
+Speaking to the needs of my organization, we are very interested in ensuring that both web and native wallets are equally supported. What is Google’s intention/perspective regarding support for both in the work you are putting forward?
-Description automatically generated/Users/holly.johnson/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_1972159395
-This document contains pre-decisional and/or deliberative process information exempt from mandatory disclosure under the Freedom of Information Act, 5 U.S.C. 552(b)(5). Do not release without prior approval of the Department of Homeland Security.
-From: technical-discuss@lists.openwallet.foundation <technical-discuss@lists.openwallet.foundation> On Behalf Of John, Anil via lists.openwallet.foundation
-Sent: Monday, September 25, 2023 7:09 PM
-To: zeuthen@google.com
-Cc: technical-discuss@lists.openwallet.foundation
-Subject: Re: [technical-discuss] W3C WICG Identity Credentials API
-David,
-Thank you for the additional information and the clarification.
-Best Regards,
-Anil
-Email Response Time – 24 Hours or more; I sometimes send emails outside of business days/times because it works for me; please do not feel any obligation to reply to them outside of your normal working patterns.
-This document contains pre-decisional and/or deliberative process information exempt from mandatory disclosure under the Freedom of Information Act, 5 U.S.C. 552(b)(5). Do not release without prior approval of the Department of Homeland Security.
-From: technical-discuss@lists.openwallet.foundation <technical-discuss@lists.openwallet.foundation> On Behalf Of David Zeuthen via lists.openwallet.foundation
-Sent: Monday, September 25, 2023 4:52 PM
 To: John, Anil <anil.john@hq.dhs.gov>
 Cc: technical-discuss@lists.openwallet.foundation
-Hi,
 On Mon, Sep 25, 2023 at 10:06 PM John, Anil via lists.openwallet.foundation <anil.john=hq.dhs.gov@lists.openwallet.foundation> wrote:
@@ Line 449: / Line 152: @@
 There appear to be critical differences between the “Mobile Document Request API” (Originally proposed by Apple but also supported by Google at that time) and the “Identity Credential” work (proposed by Google).
 The following is my understanding in non-spec-speak (which may be incomplete or wrong, so would appreciate corrections):
@@ Line 495: / Line 197: @@
 We are starting to make this API available behind flags in Android and Chrome so RPs and Wallets can experiment with it. The attached presentation is what we shared with ISO SC17 WG10 (the ISO WG working on Mobile Driving Licenses and 18913-5 and -7) and has more information about how we think this API could work on Android. There's nothing mdoc/mDL specific about this API and any Android application can be a credential provider for this API.
-Hope this clarifies!
-Thanks,
 David
-Best Regards,
-Anil
-Anil John
-Technical Director, Silicon Valley Innovation Program
-Science and Technology Directorate
-US Department of Homeland Security
-Washington, DC, USA
-Email Response Time – 24 Hours or more; I sometimes send emails outside of business days/times because it works for me; please do not feel any obligation to reply to them outside of your normal working patterns.
-A picture containing graphical user interface
-Description automatically generated/Users/holly.johnson/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_1972159395
-This document contains pre-decisional and/or deliberative process information exempt from mandatory disclosure under the Freedom of Information Act, 5 U.S.C. 552(b)(5). Do not release without prior approval of the Department of Homeland Security.
-From: technical-discuss@lists.openwallet.foundation <technical-discuss@lists.openwallet.foundation> On Behalf Of Sebastian Elfors via lists.openwallet.foundation
-Sent: Tuesday, September 19, 2023 7:56 AM
-To: technical-discuss@lists.openwallet.foundation
-Subject: [technical-discuss] W3C WICG Identity Credentials API
-CAUTION: This email originated from outside of DHS. DO NOT click links or open attachments unless you recognize and/or trust the sender. Contact your component SOC with questions or concerns.
-All,
 W3C WICG, Google and Apple have made some advancements on identity credentials APIs.
 The W3C Credential Management Level 1 specification was published in July 2023.
 Google has specified the Identity Credential type for Android as part of the W3C Credential Management framework.
-Apple has specificed the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO/IEC 18013-5.
+Apple has specified the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO/IEC 18013-5.
 Is this something that should be considered by the OpenWallet Foundation – or is it already under consideration? (I’m asking because I’ve missed most of the OWF architecture meetings since they occur at night CET, so this may have been discussed already.)
-Kind regards,
 Sebastian Elfors
-Senior Architect
-M           +49 174 17 22 150
+==References==
-E            sebastian.elfors@idnow.io
-IDnow.io  |  LinkedIn
-IDnow GmbH Auenstraße 100 |  80469 Munich | Germany
-Registration Court: Amtsgericht München HRB 283590  VAT Reg.No. DE360162051
-Managing Directors: Andreas Bodczek, Joseph Lichtenberger, Armin Bauer
-A picture containing monitor, large
-Description automatically generated
---
-David Zeuthen |
- zeuthen@google.com |
- Google
-| Android Hardware-Backed Security
+[[Category: Standard]]