Derived Mobile Credential
Full Title or Meme
A digital Credential that is created from one or more credentials, typically with a digital presentation, that all can be found to a single subject.
Context
- This wiki page is addressed to credentials about human subjects, often called holders of the credential.
- There are many other synonyms for a Derived Mobile Credential, some of which are:
- Aggregated credential which is a combination of holder attributes and proof statements.
- Grant or ticket which allows the holder access to some resource. This may require further binding to the holder on presentation, typically via biometric matching.
- Translated token from a Secure Token Service.
- A very specific "Derived Credential" that is generated by the US Government from a PIV or CAC card.
Discussion
Here is a good idea for age verification that I learned from Joe Andreau. I have not been able to understand how they protect privacy, which brings us to an interesting question. We have been discussing what the user sees in terms of privacy protection, but there are other stakeholders that need to get a verification of the services policies as well. Food for thought. https://www.businesswire.com/news/home/20210511005386/en/NACS-Announces-TruAge%E2%84%A2-Digital-ID-Verification-Solution
What this is, is a derived credential, or a ticket that allows access to a particular venue, that is, to purchase age related goods from a convenience store.
This is also the description of an identity federation which is determined by its focus on a single attribute - age.
Be the change you want to see in the world ..tom
Noreen Whysel 6:15 AM (5 hours ago) to me, pemc
Lik a digital hand stamp. Does it expire or is it permanent?
Noreen
Salvatore DAgostino 6:43 AM (4 hours ago)
Some thoughts,
So multiple angles here, determining an age vs. age appropriate design, and I’d think there are some differences between age to acquire license (firearm, fishing, …), buying beer or accessing adult content, in the credential apart from the age field in each of these cases.
lots in the UK on topic as most here likely know, e.g. https://ico.org.uk/for-organisations/guide-to-data-protection/ico-codes-of-practice/age-appropriate-design-a-code-of-practice-for-online-services/
I don’t need a 3rd party to validate my age, I have a relationship with that authority, they provide me with credential I can then use to derive others (“micro-credentials), also if I am in charge of the release then this is the best way to address privacy concerns…
I think you are missing something more interesting here. My point is not specifically about age. Many of us will never bother to get an mDL, but can use the machine readable 18013 card to acquire one of these that will reside on the phone.
So the cred that can be used to derive this cred can be much broader than mDL. The question is not what each person needs, but rather what grant each person wants to acquire and there may be many paths to acquire that derived cred.
From my perspective, the 18103 card IS A MOBILE CRED and needs the sort of privacy protections we are describing here.
Be the change you want to see in the world ..tom
Salvatore DAgostino
Is it the grant they want to acquire or can a person actually authorize the grant/permission?
Tom Jones
7:13 AM (4 hours ago)
To me one thing that is interesting about this is the conjunction of the real and the virtual worlds. The place where the human engages varies by use case. For
Peter Davis
Can you elaborate on what you mean by an “18013 card”? Peter Davis Chief Technology Officer, Chief Privacy Officer peter.davis@airsidemobile.com
Tom Jones
9:27 AM (2 hours ago)
to Peter, Salvatore, pemc
the driver's license card (or state ID) that you most likely have in your wallet right now.
Trust
- Three is very little in common between human trust and digital trust.
- The idea that blockchain can be a source of human trust is ridiculed by the news every day.
References
- See the wiki page Derived Credential for the original meaning from NIST that started with a PIV (CAC) card and crated a credential that could be used in other environments.