Difference between revisions of "Mobile Driver's License Presentation"

From MgmtWiki
Jump to: navigation, search
(Request)
(Security)
Line 40: Line 40:
 
|etc...
 
|etc...
 
|-
 
|-
!scope="row"|Reader <-> Trust authority
+
!scope="row"|Reader <-> Trust authority|TLS|3 Bits|etc..
|TLS
+
|-
|3 Bits
+
!scope="row"|Reader <-> Holder|n/a|assurances as to the provenance, identity, or status of a Presentation Definition from digital signatures may be required|etc..
|5 Bits
 
|8 Bits × variable
 
|8 Bits × variable
 
|etc..
 
 
|}
 
|}
  

Revision as of 12:53, 15 January 2021

Full Title or Meme

Mobile Driver's License Presentation maps ISO 18013-5 wallet presentation to DIF Presentation Exchange.

Context

  • The DIF Presentation Exchange is looking for test cases. This is such a test case (ie a use case with teeth).
  • This use case looks at the wallet as the source of Presentation Statements, which is not necessarily the full scope of the DIF WG.

Actors

  • Holder = The entity that submits proofs to a Verifier to satisfy the requirements described in a Presentation Definition (may or may not be the subject)
  • mDL holder = individual to whom an mDL is issued = legitimate holder of the driving privileges reflected on an mDL = subject of the mDL
  • Device = smartphone or similar with a trusted wallet (in the ISO docs this is conflated with the doc that resides on the device (aka mdoc)
  • Verifier = The entity that defines what proofs they require from a Holder (via a Presentation Definition) in order to proceed with an interaction.
  • mDL verifier = entity using an mDL reader to verify an mDL
  • Issuing Authority = trusted signer of data elements
  • Trust Authority = TBD source of certs

Transaction

  1. The holder and verifier establish a session
  2. The verifier asks for mDL data
  3. mDL send data by value or by reference
  4. The verifier may or may not request other data
  • Transport can be by various NFC or QR code.
  • Format is CBOR - represented here as json.

Security

data mDL DIF Comments
Encryption Encrypting with authentication of the mdoc requests and mdoc responses protects mdoc data from eavesdropping and alteration. 1 byte (CBOR data item header) etc...
session keys standard ephemeral key ECDH to establish session keys Additional information Payload length (optional) Data payload (optional) etc...
Reader <-> Trust authority|TLS|3 Bits|etc..
Reader <-> Holder|n/a|assurances as to the provenance, identity, or status of a Presentation Definition from digital signatures may be required|etc..

Request

mDL|DIF!Comments
Device request The point of this piece is the assurance that the device is trustworthy Presentation Request etc...
version|tstr Additional information Payload length (optional) Data payload (optional) etc...
Security 3 Bits 5 Bits etc..

Response

Reference