Holder

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

The Holder of a Credential or Certificate will typically be the Subject of that document except is cases where the holder is acting as an guardian for the Subject.

Context

Smartphone were designed to be the property one one person and so developed use cases where all of the contents of the phone were to property of the holder of the phone to use as desired by the holder.

In North America “mDL holder” is understood to include another named person legally authorized by a court or by law to act on behalf of the mDL holder. For example, a parent would need access to a minor child’s mDL, and a care giver legally appointed as a guardian would need access to the ward’s mDL.[1]

Problems

The Holder is responsible for the data in Certificates held in the Wallet (or the mDL App as described in ISO 18013-5). Under the rules of Europe and North America (see AAMVA above) the Issuer has the responsibility to get assurance that the data on their device is not released except as required by law or consent. These rules are not part of any of the standards approved by 2025. The following is wording from the above guidelines:

  • In case the request was received electronically, the mDL app must clearly convey what data was requested, and whether the mDL verifier intends to retain the information. If the request is presented in summarized form in the user interface (e.g. “Identity and driving privilege data” as opposed to “First Name, Last Name, DOB, Driving privileges”), means must be available to give the mDL holder visibility of the details of such a summarized form, both before and during a transaction.
  • The mDL app must provide the mDL holder full control over which data elements to share with the mDL verifier.
  • ISO/IEC 18013-5 requires the portrait image to be shared if the portrait was requested and if any other data element is released (to enable the mDL verifier to tie the mDL information to the person presenting the information). The app must support a graceful and informed exit from the request if the holder opts not to share the portrait image when requested.
  • If blanket sharing options are used, measures must be implemented to ensure that the mDL holder remains aware of what is being released when such an option

Note that if the wallet is able to provide an attested assurance that the holder is the subject, then the picture should not be required, but that is also up to the Digital Public Infrastructure.

References

  1. AAMVA Mobile Driver’s License Implementation Guidelines, r1.3 https://www.aamva.org/getmedia/261ed16b-3f5c-4678-a2db-cc3016934234/MobileDLImplementationGuidelines-Version1-3.pdf
Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Holder&oldid=25196"