Difference between revisions of "Mobile Driver's License Presentation"

From MgmtWiki
Jump to: navigation, search
(Security)
(Security)
Line 30: Line 30:
 
!scope="row" |Encryption
 
!scope="row" |Encryption
 
| Encrypting with authentication of the mdoc requests and mdoc responses protects mdoc data from eavesdropping and alteration.
 
| Encrypting with authentication of the mdoc requests and mdoc responses protects mdoc data from eavesdropping and alteration.
| 1 byte (CBOR data item header)
+
| out-of-scope
 
|etc...
 
|etc...
 
|-
 
|-

Revision as of 15:21, 15 January 2021

Full Title or Meme

Mobile Driver's License Presentation maps ISO 18013-5 wallet presentation to DIF Presentation Exchange.

Context

  • The DIF Presentation Exchange is looking for test cases. This is such a test case (ie a use case with teeth).
  • This use case looks at the wallet as the source of Presentation Statements, which is not necessarily the full scope of the DIF WG.

Actors

  • Holder = The entity that submits proofs to a Verifier to satisfy the requirements described in a Presentation Definition (may or may not be the subject)
  • mDL holder = individual to whom an mDL is issued = legitimate holder of the driving privileges reflected on an mDL = subject of the mDL
  • Device = smartphone or similar with a trusted wallet (in the ISO docs this is conflated with the doc that resides on the device (aka mdoc)
  • Verifier = The entity that defines what proofs they require from a Holder (via a Presentation Definition) in order to proceed with an interaction.
  • mDL verifier = entity using an mDL reader to verify an mDL
  • Issuing Authority = trusted signer of data elements
  • Trust Authority = TBD source of certs

Transaction

  1. The holder and verifier establish a session
  2. The verifier asks for mDL data
  3. mDL send data by value or by reference
  4. The verifier may or may not request other data
  • Transport can be by various NFC or QR code.
  • Format is CBOR - represented here as json.

Security

data mDL DIF Comments
Encryption Encrypting with authentication of the mdoc requests and mdoc responses protects mdoc data from eavesdropping and alteration. out-of-scope etc...
session keys standard ephemeral key ECDH to establish session keys Additional information etc...
Reader <-> Trust authority TLS out-of-scope etc..
Reader <-> Holder n/a assurances as to the provenance, identity, or status of a Presentation Definition from digital signatures may be required DIF seems to be voluntary with no way for holder to make requirements known.

Request

data mDL DIF Comments
Device request The point of this piece is the assurance that the device is trustworthy Presentation Request etc...
version tstr DIF information etc...
Security 3 Bits 5 Bits etc..

DIF Example

{
  "id": "drivers_license_information",
  "name": "Fred's Bar and Grill",
  "purpose": "Proof of age",
  "metadata": {
    "client_id": "4fb540be-3a7f-0b47-bb37-3821bd766ed4",
    "redirect_uri": "https://yourwatchful.gov/verify"
  },
  "schema": [
    {
      "uri": "https://yourwatchful.gov/drivers-license-schema.json",
      "required": true
    }
  ],
  "constraints": {
    "fields": [
      {
        "path": ["$.expirationDate"],
        "filter": {
          "type": "string",
          "format": "date-time",
          "min": "2020-12-31T23:59:59.000Z"
        }
      }
    ]
  }
}

Response

Reference