Difference between revisions of "Mobile Driver's License Presentation"

From MgmtWiki
Jump to: navigation, search
(Security)
(Request)
Line 75: Line 75:
  
 
DIF Example
 
DIF Example
</pre>
+
<pre>
 
{
 
{
 
   "id": "drivers_license_information",
 
   "id": "drivers_license_information",
   "name": "Verify Valid License",
+
   "name": "Fred's Bar and Grill",
   "purpose": "We need to know you have a license valid through December.",
+
   "purpose": "Proof of age",
 
   "metadata": {
 
   "metadata": {
 
     "client_id": "4fb540be-3a7f-0b47-bb37-3821bd766ed4",
 
     "client_id": "4fb540be-3a7f-0b47-bb37-3821bd766ed4",

Revision as of 13:16, 15 January 2021

Full Title or Meme

Mobile Driver's License Presentation maps ISO 18013-5 wallet presentation to DIF Presentation Exchange.

Context

  • The DIF Presentation Exchange is looking for test cases. This is such a test case (ie a use case with teeth).
  • This use case looks at the wallet as the source of Presentation Statements, which is not necessarily the full scope of the DIF WG.

Actors

  • Holder = The entity that submits proofs to a Verifier to satisfy the requirements described in a Presentation Definition (may or may not be the subject)
  • mDL holder = individual to whom an mDL is issued = legitimate holder of the driving privileges reflected on an mDL = subject of the mDL
  • Device = smartphone or similar with a trusted wallet (in the ISO docs this is conflated with the doc that resides on the device (aka mdoc)
  • Verifier = The entity that defines what proofs they require from a Holder (via a Presentation Definition) in order to proceed with an interaction.
  • mDL verifier = entity using an mDL reader to verify an mDL
  • Issuing Authority = trusted signer of data elements
  • Trust Authority = TBD source of certs

Transaction

  1. The holder and verifier establish a session
  2. The verifier asks for mDL data
  3. mDL send data by value or by reference
  4. The verifier may or may not request other data
  • Transport can be by various NFC or QR code.
  • Format is CBOR - represented here as json.

Security

data mDL DIF Comments
Encryption Encrypting with authentication of the mdoc requests and mdoc responses protects mdoc data from eavesdropping and alteration. 1 byte (CBOR data item header) etc...
session keys standard ephemeral key ECDH to establish session keys Additional information etc...
Reader <-> Trust authority TLS 3 Bits etc..
Reader <-> Holder n/a assurances as to the provenance, identity, or status of a Presentation Definition from digital signatures may be required etc..

Request

data mDL DIF Comments
Device request The point of this piece is the assurance that the device is trustworthy Presentation Request etc...
version|tstr Additional information Payload length (optional) Data payload (optional) etc...
Security 3 Bits 5 Bits etc..

DIF Example

{
  "id": "drivers_license_information",
  "name": "Fred's Bar and Grill",
  "purpose": "Proof of age",
  "metadata": {
    "client_id": "4fb540be-3a7f-0b47-bb37-3821bd766ed4",
    "redirect_uri": "https://yourwatchful.gov/verify"
  },
  "schema": [
    {
      "uri": "https://yourwatchful.gov/drivers-license-schema.json",
      "required": true
    }
  ],
  "constraints": {
    "fields": [
      {
        "path": ["$.expirationDate"],
        "filter": {
          "type": "string",
          "format": "date-time",
          "min": "2020-12-31T23:59:59.000Z"
        }
      }
    ]
  }
}

Response

Reference