ISO 18013-5

From MgmtWiki
Revision as of 16:51, 9 May 2025 by Tom (talk | contribs) (Status)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Full Title

ISO standard for a Mobile Driver's License

Status

Published 2021-09-30

  • Introduction to ISO/IEC 18013-5 - The new ISO/IEC 18013-5 standard was officially be published 2021-09-30. This standard Is primarily about mobile driver’s licenses (mDL), but is set up in such a way that it can easily be used to create other mobile credentials. This presentation by Karl Kneis will introduce ISO/IEC 18013-5, and will touch upon the following topics:
    • ISO/IEC 18013- scope and purpose
    • Communication protocols
    • Security mechanisms
    • Privacy enhancing features
    • Past, present & future standardization
    • Building an ecosystem
    • ISO/IEC 18013-5 & Verifiable Credentials

David Bakker and Arjan Geluk are working as Senior and Principle Advisors for UL’s Identity Management and Security division in Leiden, The Netherlands. They were extensively involved in the drafting of the ISO/IEC 18013-5 standard.

Iso18013diagram.jpg

Solutions

AAMVA

2025-05-08 Lorrie Jordaan reported that issuing authorities that want their keys to be added to the AAMVA Digital Trust Service (the VICAL, or trust list for North America) will be prohibited from using server retrieval. AAMVA does not prescribe to our members. The members collectively decided that they want to prohibit server retrieval for issuers wanting to join the AAMVA DTS.

He also shared the following:

ISO/IEC 18013-5 explicitly points out the potential privacy danger associated with server retrieval. An issuing authority has to explicitly decide to (a) user server retrieval, and (b) to track user activity, should they want to do so. And then build the infrastructure to support this. It is not something that can be activated “with the flip of a switch” or happens accidentally. WG10 (the custodian of ISO/IEC 18013-5) is currently working on a next edition of ISO/IEC 18013-5 (containing non-breaking additional functions). Many WG10 members have voiced support for completely removing server retrieval from the standard. The only thing that we have to work out is how to support a known existing implementation that uses mdoc for health information that, because of the use case, has to come directly from the issuer.

References

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=ISO_18013-5&oldid=23795"