Difference between revisions of "Mobile Driver's License Presentation"
From MgmtWiki
(→Security) |
(→Security) |
||
| Line 34: | Line 34: | ||
|- | |- | ||
!scope="row"|session keys | !scope="row"|session keys | ||
| − | + | | standard ephemeral key ECDH to establish session keys | |
|Additional information | |Additional information | ||
|Payload length (optional) | |Payload length (optional) | ||
| Line 40: | Line 40: | ||
|etc... | |etc... | ||
|- | |- | ||
| − | !scope="row"| | + | !scope="row"|Reader <-> Trust authority |
| − | | | + | |TLS |
| − | |||
| − | |||
| − | |||
|3 Bits | |3 Bits | ||
|5 Bits | |5 Bits | ||
Revision as of 12:21, 15 January 2021
Contents
Full Title or Meme
Mobile Driver's License Presentation maps ISO 18013-5 wallet presentation to DIF Presentation Exchange.
Context
- The DIF Presentation Exchange is looking for test cases. This is such a test case (ie a use case with teeth).
- This use case looks at the wallet as the source of Presentation Statements, which is not necessarily the full scope of the DIF WG.
Actors
- Holder = The entity that submits proofs to a Verifier to satisfy the requirements described in a Presentation Definition (may or may not be the subject)
- mDL holder = individual to whom an mDL is issued = legitimate holder of the driving privileges reflected on an mDL = subject of the mDL
- Verifier = The entity that defines what proofs they require from a Holder (via a Presentation Definition) in order to proceed with an interaction.
- mDL verifier = entity using an mDL reader to verify an mDL
- Issuing Authority = trusted signer of data elements
Transaction
- The holder and verifier establish a session
- The verifier asks for mDL data
- mDL send data by value or by reference
- The verifier may or may not request other data
- Transport can be by various NFC or QR code.
- Format is CBOR - represented here as json.
Security
| data | mDL | DIF | Comments | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Encryption | Encrypting with authentication of the mdoc requests and mdoc responses protects mdoc data from eavesdropping and alteration. | 1 byte (CBOR data item header) | Variable | Variable | etc... | ||||
| session keys | standard ephemeral key ECDH to establish session keys | Additional information | Payload length (optional) | Data payload (optional) | etc... | ||||
| Reader <-> Trust authority | TLS | 3 Bits | 5 Bits | 8 Bits × variable | 8 Bits × variable | etc.. | |||
Request
| data | mDL | DIF | Comments | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Device request | The point of this piece is the assurance that the device is trustworthy | 1 byte (CBOR data item header) | Variable | Variable | etc... | ||||
| version | tstr | Additional information | Payload length (optional) | Data payload (optional) | etc... | ||||
| Security | 3 Bits | 5 Bits | 8 Bits × variable | 8 Bits × variable | 3 Bits | 5 Bits | 8 Bits × variable | 8 Bits × variable | etc.. |
Response
Reference
- GitHub issues of the Presentation Exchange.
