Difference between revisions of "W3C Credential Management"
(→Context) |
(→=) |
||
(9 intermediate revisions by the same user not shown) | |||
Line 9: | Line 9: | ||
==Solutions== | ==Solutions== | ||
===Google=== | ===Google=== | ||
− | * [https://developer.chrome.com/blog/digital-credentials-api-origin-trial Introducing the Digital Credentials API origin trial] | + | * [https://www.linkedin.com/feed/update/urn:li:activity:7237086383712985088/ Post from Gianluca Varisco Security @ Google Cloud] |
− | + | * [https://developer.chrome.com/blog/digital-credentials-api-origin-trial Introducing the Digital Credentials API origin trial] 2024-08 Supporting OID4VP which is not yet a standard | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | ==Digital Credential API== | ||
+ | * [https://wicg.github.io/digital-credentials/ Digital Credentials - Draft Community Group Report] last download 2024-08-29 | ||
+ | ===Comentary=== | ||
+ | Sep 19, 2023 Open Wallet Architecture WG | ||
On Tue, Sep 19, 2023 at 7:22 AM Torsten Lodderstedt via lists.openwallet.foundation <torsten=lodderstedt.net@lists.openwallet.foundation> wrote: | On Tue, Sep 19, 2023 at 7:22 AM Torsten Lodderstedt via lists.openwallet.foundation <torsten=lodderstedt.net@lists.openwallet.foundation> wrote: | ||
− | + | As far as I’m informed, the WICG just incubated the credential topic last week and will be pursuing a process to come up with a consolidated proposal for a browser API. I think the proposals on the table are a great staring point but are a bit narrow (esp. the Mobile Document Request API). A solution should support the credential formats that can be found in the market and not limit implementers. I have argued to specify an API that focuses on wallet discovery and invocation as I believe those are the core challenges current protocols for credential issuance and presentation are facing. I think we need to carefully watch the further development and contribute. | |
− | + | ||
− | |||
− | |||
− | I think we need to carefully watch the further development and contribute. | ||
− | |||
− | |||
− | |||
Am 19. Sept. 2023, 13:55 +0200 schrieb Sebastian Elfors via lists.openwallet.foundation <sebastian.elfors=idnow.io@lists.openwallet.foundation>: | Am 19. Sept. 2023, 13:55 +0200 schrieb Sebastian Elfors via lists.openwallet.foundation <sebastian.elfors=idnow.io@lists.openwallet.foundation>: | ||
− | |||
− | |||
− | |||
W3C WICG, Google and Apple have made some advancements on identity credentials APIs. | W3C WICG, Google and Apple have made some advancements on identity credentials APIs. | ||
− | |||
− | |||
The W3C Credential Management Level 1 specification was published in July 2023. | The W3C Credential Management Level 1 specification was published in July 2023. | ||
Google has specified the Identity Credential type for Android as part of the W3C Credential Management framework. | Google has specified the Identity Credential type for Android as part of the W3C Credential Management framework. | ||
Apple has specificed the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO/IEC 18013-5. | Apple has specificed the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO/IEC 18013-5. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
E sebastian.elfors@idnow.io | E sebastian.elfors@idnow.io | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Line 113: | Line 37: | ||
There appear to be critical differences between the “Mobile Document Request API” (Originally proposed by Apple but also supported by Google at that time) and the “Identity Credential” work (proposed by Google). | There appear to be critical differences between the “Mobile Document Request API” (Originally proposed by Apple but also supported by Google at that time) and the “Identity Credential” work (proposed by Google). | ||
− | |||
− | |||
The following is my understanding in non-spec-speak (which may be incomplete or wrong, so would appreciate corrections): | The following is my understanding in non-spec-speak (which may be incomplete or wrong, so would appreciate corrections): | ||
− | |||
− | |||
Both seek to define a standardized way for a browser to present digital credentials stored in a digital wallet to a web site; this is good | Both seek to define a standardized way for a browser to present digital credentials stored in a digital wallet to a web site; this is good | ||
Potentially competes with or could serve to enhance any web based credential presentation protocols | Potentially competes with or could serve to enhance any web based credential presentation protocols | ||
− | |||
Then they go their separate ways … | Then they go their separate ways … | ||
− | |||
− | |||
Mobile Document Request API | Mobile Document Request API | ||
Line 132: | Line 49: | ||
Supports only ISO/IEC 18013-5 mDLs | Supports only ISO/IEC 18013-5 mDLs | ||
Marks as being ‘out-of-scope’ the manner in which the browser interacts with the digital wallet. Implications of this are profound in that If you are a platform that has a digital wallet (Apple Wallet / Google Wallet / Microsoft Authenticator? ) AND are also a browser vendor (Safari / Chrome / Edge), the platform gets to connect their wallet to their browser because that connection is not open but under their control. | Marks as being ‘out-of-scope’ the manner in which the browser interacts with the digital wallet. Implications of this are profound in that If you are a platform that has a digital wallet (Apple Wallet / Google Wallet / Microsoft Authenticator? ) AND are also a browser vendor (Safari / Chrome / Edge), the platform gets to connect their wallet to their browser because that connection is not open but under their control. | ||
− | |||
“Identity Credential” API | “Identity Credential” API | ||
Line 139: | Line 55: | ||
Support multiple credential types (gratified to see prototype/demos of both mDL and W3C VCs in the presentation) | Support multiple credential types (gratified to see prototype/demos of both mDL and W3C VCs in the presentation) | ||
Support for multiple wallets << I am making an assumption here that ensuring this support requires standardizing and opening up the API connecting the wallet to the browser; which, if true, is A.Good.Thing! | Support for multiple wallets << I am making an assumption here that ensuring this support requires standardizing and opening up the API connecting the wallet to the browser; which, if true, is A.Good.Thing! | ||
− | |||
This is my understanding of the primary differences … Corrections welcome! | This is my understanding of the primary differences … Corrections welcome! | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
From: technical-discuss@lists.openwallet.foundation <technical-discuss@lists.openwallet.foundation> On Behalf Of Sebastian Elfors via lists.openwallet.foundation | From: technical-discuss@lists.openwallet.foundation <technical-discuss@lists.openwallet.foundation> On Behalf Of Sebastian Elfors via lists.openwallet.foundation | ||
Line 185: | Line 65: | ||
− | |||
− | |||
− | |||
− | |||
− | |||
All, | All, | ||
− | |||
− | |||
W3C WICG, Google and Apple have made some advancements on identity credentials APIs. | W3C WICG, Google and Apple have made some advancements on identity credentials APIs. | ||
− | |||
Line 202: | Line 74: | ||
Apple has specificed the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO/IEC 18013-5. | Apple has specificed the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO/IEC 18013-5. | ||
− | |||
Is this something that should be considered by the OpenWallet Foundation – or is it already under consideration? (I’m asking because I’ve missed most of the OWF architecture meetings since they occur at night CET, so this may have been discussed already.) | Is this something that should be considered by the OpenWallet Foundation – or is it already under consideration? (I’m asking because I’ve missed most of the OWF architecture meetings since they occur at night CET, so this may have been discussed already.) | ||
− | |||
− | |||
− | |||
− | |||
Sebastian Elfors | Sebastian Elfors | ||
Senior Architect | Senior Architect | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Adrian Hope-Bailie via lists.openwallet.foundation | Adrian Hope-Bailie via lists.openwallet.foundation | ||
Line 263: | Line 97: | ||
The following is my understanding in non-spec-speak (which may be incomplete or wrong, so would appreciate corrections): | The following is my understanding in non-spec-speak (which may be incomplete or wrong, so would appreciate corrections): | ||
− | |||
− | |||
Both seek to define a standardized way for a browser to present digital credentials stored in a digital wallet to a web site; this is good | Both seek to define a standardized way for a browser to present digital credentials stored in a digital wallet to a web site; this is good | ||
Line 283: | Line 115: | ||
− | |||
“Identity Credential” API | “Identity Credential” API | ||
Line 305: | Line 136: | ||
David | David | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
to zeuthen@google.com, technical-discuss@lists.openwallet.foundation | to zeuthen@google.com, technical-discuss@lists.openwallet.foundation | ||
Hi David, | Hi David, | ||
− | + | Request for one additional clarification as people a whole lot smarter pointed out to me that there is a gap in the current proposal for supporting “web wallets” i.e. web app based wallets as opposed to wallet applications on mobile devices, as that functionality appears to be missing in the current proposal. | |
− | |||
− | Request for one additional clarification as people a whole lot smarter pointed out to me that there is a gap in the current proposal for supporting “web wallets” i.e. web app based wallets as opposed to wallet applications on mobile devices, as that functionality appears to be missing in the current proposal. | ||
− | + | Speaking to the needs of my organization, we are very interested in ensuring that both web and native wallets are equally supported. What is Google’s intention/perspective regarding support for both in the work you are putting forward? | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
To: John, Anil <anil.john@hq.dhs.gov> | To: John, Anil <anil.john@hq.dhs.gov> | ||
Cc: technical-discuss@lists.openwallet.foundation | Cc: technical-discuss@lists.openwallet.foundation | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
On Mon, Sep 25, 2023 at 10:06 PM John, Anil via lists.openwallet.foundation <anil.john=hq.dhs.gov@lists.openwallet.foundation> wrote: | On Mon, Sep 25, 2023 at 10:06 PM John, Anil via lists.openwallet.foundation <anil.john=hq.dhs.gov@lists.openwallet.foundation> wrote: | ||
Line 457: | Line 152: | ||
There appear to be critical differences between the “Mobile Document Request API” (Originally proposed by Apple but also supported by Google at that time) and the “Identity Credential” work (proposed by Google). | There appear to be critical differences between the “Mobile Document Request API” (Originally proposed by Apple but also supported by Google at that time) and the “Identity Credential” work (proposed by Google). | ||
− | |||
The following is my understanding in non-spec-speak (which may be incomplete or wrong, so would appreciate corrections): | The following is my understanding in non-spec-speak (which may be incomplete or wrong, so would appreciate corrections): | ||
Line 503: | Line 197: | ||
We are starting to make this API available behind flags in Android and Chrome so RPs and Wallets can experiment with it. The attached presentation is what we shared with ISO SC17 WG10 (the ISO WG working on Mobile Driving Licenses and 18913-5 and -7) and has more information about how we think this API could work on Android. There's nothing mdoc/mDL specific about this API and any Android application can be a credential provider for this API. | We are starting to make this API available behind flags in Android and Chrome so RPs and Wallets can experiment with it. The attached presentation is what we shared with ISO SC17 WG10 (the ISO WG working on Mobile Driving Licenses and 18913-5 and -7) and has more information about how we think this API could work on Android. There's nothing mdoc/mDL specific about this API and any Android application can be a credential provider for this API. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
David | David | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
W3C WICG, Google and Apple have made some advancements on identity credentials APIs. | W3C WICG, Google and Apple have made some advancements on identity credentials APIs. | ||
− | |||
− | |||
The W3C Credential Management Level 1 specification was published in July 2023. | The W3C Credential Management Level 1 specification was published in July 2023. | ||
Google has specified the Identity Credential type for Android as part of the W3C Credential Management framework. | Google has specified the Identity Credential type for Android as part of the W3C Credential Management framework. | ||
− | Apple has | + | Apple has specified the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO/IEC 18013-5. |
Is this something that should be considered by the OpenWallet Foundation – or is it already under consideration? (I’m asking because I’ve missed most of the OWF architecture meetings since they occur at night CET, so this may have been discussed already.) | Is this something that should be considered by the OpenWallet Foundation – or is it already under consideration? (I’m asking because I’ve missed most of the OWF architecture meetings since they occur at night CET, so this may have been discussed already.) | ||
− | |||
− | |||
− | |||
− | |||
Sebastian Elfors | Sebastian Elfors | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==References== | ==References== | ||
[[Category: Standard]] | [[Category: Standard]] |
Latest revision as of 14:43, 10 September 2024
Contents
Full Title or Meme
The W3C Credential Management Level 1 specification was published in July 2023.
Context
- Google has specified the Identity Credential type for Android as part of the W3C Credential Management framework.
- Apple has specified the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO 18013-5.
Solutions
- Post from Gianluca Varisco Security @ Google Cloud
- Introducing the Digital Credentials API origin trial 2024-08 Supporting OID4VP which is not yet a standard
Digital Credential API
- Digital Credentials - Draft Community Group Report last download 2024-08-29
Comentary
Sep 19, 2023 Open Wallet Architecture WG
On Tue, Sep 19, 2023 at 7:22 AM Torsten Lodderstedt via lists.openwallet.foundation <torsten=lodderstedt.net@lists.openwallet.foundation> wrote: As far as I’m informed, the WICG just incubated the credential topic last week and will be pursuing a process to come up with a consolidated proposal for a browser API. I think the proposals on the table are a great staring point but are a bit narrow (esp. the Mobile Document Request API). A solution should support the credential formats that can be found in the market and not limit implementers. I have argued to specify an API that focuses on wallet discovery and invocation as I believe those are the core challenges current protocols for credential issuance and presentation are facing. I think we need to carefully watch the further development and contribute.
Am 19. Sept. 2023, 13:55 +0200 schrieb Sebastian Elfors via lists.openwallet.foundation <sebastian.elfors=idnow.io@lists.openwallet.foundation>:
W3C WICG, Google and Apple have made some advancements on identity credentials APIs.
The W3C Credential Management Level 1 specification was published in July 2023. Google has specified the Identity Credential type for Android as part of the W3C Credential Management framework. Apple has specificed the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO/IEC 18013-5.
E sebastian.elfors@idnow.io
John, Anil via lists.openwallet.foundation <anil.john=hq.dhs.gov@lists.openwallet.foundation>
Sep 25, 2023, 7:06 AM (1 day ago)
to technical-discuss@lists.openwallet.foundation
There appear to be critical differences between the “Mobile Document Request API” (Originally proposed by Apple but also supported by Google at that time) and the “Identity Credential” work (proposed by Google).
The following is my understanding in non-spec-speak (which may be incomplete or wrong, so would appreciate corrections):
Both seek to define a standardized way for a browser to present digital credentials stored in a digital wallet to a web site; this is good Potentially competes with or could serve to enhance any web based credential presentation protocols
Then they go their separate ways …
Mobile Document Request API
Supports only ISO/IEC 18013-5 mDLs Marks as being ‘out-of-scope’ the manner in which the browser interacts with the digital wallet. Implications of this are profound in that If you are a platform that has a digital wallet (Apple Wallet / Google Wallet / Microsoft Authenticator? ) AND are also a browser vendor (Safari / Chrome / Edge), the platform gets to connect their wallet to their browser because that connection is not open but under their control.
“Identity Credential” API
References – Meeting Minutes & Presentation Slides by folks from the WICG to the W3C VC WG Group at the TPAC @ https://www.w3.org/2017/vc/WG/Meetings/Minutes/2023-09-15-vcwg#section2 Support multiple credential types (gratified to see prototype/demos of both mDL and W3C VCs in the presentation) Support for multiple wallets << I am making an assumption here that ensuring this support requires standardizing and opening up the API connecting the wallet to the browser; which, if true, is A.Good.Thing!
This is my understanding of the primary differences … Corrections welcome!
From: technical-discuss@lists.openwallet.foundation <technical-discuss@lists.openwallet.foundation> On Behalf Of Sebastian Elfors via lists.openwallet.foundation
Sent: Tuesday, September 19, 2023 7:56 AM
To: technical-discuss@lists.openwallet.foundation
Subject: [technical-discuss] W3C WICG Identity Credentials API
All,
W3C WICG, Google and Apple have made some advancements on identity credentials APIs.
The W3C Credential Management Level 1 specification was published in July 2023.
Google has specified the Identity Credential type for Android as part of the W3C Credential Management framework.
Apple has specificed the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO/IEC 18013-5.
Is this something that should be considered by the OpenWallet Foundation – or is it already under consideration? (I’m asking because I’ve missed most of the OWF architecture meetings since they occur at night CET, so this may have been discussed already.)
Sebastian Elfors
Senior Architect
Adrian Hope-Bailie via lists.openwallet.foundation AttachmentsSep 25, 2023, 7:55 AM (1 day ago) Hi Anil, I chaired the payments WG at W3C for almost 8 years. In my experience Apple's approach to this work is to be a passive supporter of the standards but t
David Zeuthen via lists.openwallet.foundation <zeuthen=google.com@lists.openwallet.foundation> Attachments Sep 25, 2023, 2:07 PM (22 hours ago) to anil.john, technical-discuss@lists.openwallet.foundation
Hi,
On Mon, Sep 25, 2023 at 10:06 PM John, Anil via lists.openwallet.foundation <anil.john=hq.dhs.gov@lists.openwallet.foundation> wrote: There appear to be critical differences between the “Mobile Document Request API” (Originally proposed by Apple but also supported by Google at that time) and the “Identity Credential” work (proposed by Google).
The following is my understanding in non-spec-speak (which may be incomplete or wrong, so would appreciate corrections):
Both seek to define a standardized way for a browser to present digital credentials stored in a digital wallet to a web site; this is good Potentially competes with or could serve to enhance any web based credential presentation protocols
Then they go their separate ways …
Mobile Document Request API
Supports only ISO/IEC 18013-5 mDLs Marks as being ‘out-of-scope’ the manner in which the browser interacts with the digital wallet. Implications of this are profound in that If you are a platform that has a digital wallet (Apple Wallet / Google Wallet / Microsoft Authenticator? ) AND are also a browser vendor (Safari / Chrome / Edge), the platform gets to connect their wallet to their browser because that connection is not open but under their control.
Someone recently told me that https://developer.apple.com/wallet/get-started-with-verify-with-wallet/ had an update to say something about the Mobile Document Request API and third party applications. I think that may be of interest to people here.
“Identity Credential” API
References – Meeting Minutes & Presentation Slides by folks from the WICG to the W3C VC WG Group at the TPAC @ https://www.w3.org/2017/vc/WG/Meetings/Minutes/2023-09-15-vcwg#section2 Support multiple credential types (gratified to see prototype/demos of both mDL and W3C VCs in the presentation) Support for multiple wallets << I am making an assumption here that ensuring this support requires standardizing and opening up the API connecting the wallet to the browser; which, if true, is A.Good.Thing!
This is my understanding of the primary differences … Corrections welcome!
Yes, so, the "Identity Credential" API proposal is closely based on Apple's Mobile Document Request API but - for a multitude of reasons - we wanted to change the API so it isn't tied to mdoc/mDL credential format. I obviously can't speak for Apple but my read is that they are OK with this change and will continue to participate in the WICG.
The last point about support for multiple wallets, yes, Chrome has made statements about this being a goal for the implementation of Chrome on Android (see https://groups.google.com/a/chromium.org/g/blink-dev/c/O9A9fq-0IdI/m/sqdVA17iBQAJ) and this is also how you could read Apple's page linked to in the paragraph above.
We are starting to make this API available behind flags in Android and Chrome so RPs and Wallets can experiment with it. The attached presentation is what we shared with ISO SC17 WG10 (the ISO WG working on Mobile Driving Licenses and 18913-5 and -7) and has more information about how we think this API could work on Android. There's nothing mdoc/mDL specific about this API and any Android application can be a credential provider for this API.
Hope this clarifies!
Thanks, David
to zeuthen@google.com, technical-discuss@lists.openwallet.foundation
Hi David,
Request for one additional clarification as people a whole lot smarter pointed out to me that there is a gap in the current proposal for supporting “web wallets” i.e. web app based wallets as opposed to wallet applications on mobile devices, as that functionality appears to be missing in the current proposal.
Speaking to the needs of my organization, we are very interested in ensuring that both web and native wallets are equally supported. What is Google’s intention/perspective regarding support for both in the work you are putting forward?
To: John, Anil <anil.john@hq.dhs.gov>
Cc: technical-discuss@lists.openwallet.foundation
On Mon, Sep 25, 2023 at 10:06 PM John, Anil via lists.openwallet.foundation <anil.john=hq.dhs.gov@lists.openwallet.foundation> wrote:
There appear to be critical differences between the “Mobile Document Request API” (Originally proposed by Apple but also supported by Google at that time) and the “Identity Credential” work (proposed by Google).
The following is my understanding in non-spec-speak (which may be incomplete or wrong, so would appreciate corrections):
Both seek to define a standardized way for a browser to present digital credentials stored in a digital wallet to a web site; this is good Potentially competes with or could serve to enhance any web based credential presentation protocols
Then they go their separate ways …
Mobile Document Request API
Supports only ISO/IEC 18013-5 mDLs Marks as being ‘out-of-scope’ the manner in which the browser interacts with the digital wallet. Implications of this are profound in that If you are a platform that has a digital wallet (Apple Wallet / Google Wallet / Microsoft Authenticator? ) AND are also a browser vendor (Safari / Chrome / Edge), the platform gets to connect their wallet to their browser because that connection is not open but under their control.
Someone recently told me that https://developer.apple.com/wallet/get-started-with-verify-with-wallet/ had an update to say something about the Mobile Document Request API and third party applications. I think that may be of interest to people here.
“Identity Credential” API
References – Meeting Minutes & Presentation Slides by folks from the WICG to the W3C VC WG Group at the TPAC @ https://www.w3.org/2017/vc/WG/Meetings/Minutes/2023-09-15-vcwg#section2 Support multiple credential types (gratified to see prototype/demos of both mDL and W3C VCs in the presentation) Support for multiple wallets << I am making an assumption here that ensuring this support requires standardizing and opening up the API connecting the wallet to the browser; which, if true, is A.Good.Thing!
This is my understanding of the primary differences … Corrections welcome!
Yes, so, the "Identity Credential" API proposal is closely based on Apple's Mobile Document Request API but - for a multitude of reasons - we wanted to change the API so it isn't tied to mdoc/mDL credential format. I obviously can't speak for Apple but my read is that they are OK with this change and will continue to participate in the WICG.
The last point about support for multiple wallets, yes, Chrome has made statements about this being a goal for the implementation of Chrome on Android (see https://groups.google.com/a/chromium.org/g/blink-dev/c/O9A9fq-0IdI/m/sqdVA17iBQAJ) and this is also how you could read Apple's page linked to in the paragraph above.
We are starting to make this API available behind flags in Android and Chrome so RPs and Wallets can experiment with it. The attached presentation is what we shared with ISO SC17 WG10 (the ISO WG working on Mobile Driving Licenses and 18913-5 and -7) and has more information about how we think this API could work on Android. There's nothing mdoc/mDL specific about this API and any Android application can be a credential provider for this API.
David
W3C WICG, Google and Apple have made some advancements on identity credentials APIs.
The W3C Credential Management Level 1 specification was published in July 2023. Google has specified the Identity Credential type for Android as part of the W3C Credential Management framework. Apple has specified the Mobile Document Request API, which is a new web API that allows websites to request a mobile document as defined in ISO/IEC 18013-5.
Is this something that should be considered by the OpenWallet Foundation – or is it already under consideration? (I’m asking because I’ve missed most of the OWF architecture meetings since they occur at night CET, so this may have been discussed already.)
Sebastian Elfors