Difference between revisions of "Derived Mobile Credential"

From MgmtWiki
Jump to: navigation, search
(Created page with "==Full Title or Meme== derived mobile credentials Inbox Tom Jones <thomasclinganjones@gmail.com> 6:08 AM (5 hours ago) to pemc Here is a good idea for age verification that...")
 
(Full Title or Meme)
Line 1: Line 1:
 
==Full Title or Meme==
 
==Full Title or Meme==
derived mobile credentials
 
Inbox
 
 
Tom Jones <thomasclinganjones@gmail.com>
 
6:08 AM (5 hours ago)
 
to pemc
 
  
 
Here is a good idea for age verification that I learned from Joe Andreau. I have not been able to understand how they protect privacy, which brings us to an interesting question.  We have been discussing what the user sees in terms of privacy protection, but there are other stakeholders that need to get a verification of the services policies as well.  Food for thought.  https://www.businesswire.com/news/home/20210511005386/en/NACS-Announces-TruAge%E2%84%A2-Digital-ID-Verification-Solution
 
Here is a good idea for age verification that I learned from Joe Andreau. I have not been able to understand how they protect privacy, which brings us to an interesting question.  We have been discussing what the user sees in terms of privacy protection, but there are other stakeholders that need to get a verification of the services policies as well.  Food for thought.  https://www.businesswire.com/news/home/20210511005386/en/NACS-Announces-TruAge%E2%84%A2-Digital-ID-Verification-Solution
Line 22: Line 16:
  
 
Noreen
 
Noreen
 
On Jun 3, 2022, at 9:09 AM, Tom Jones <thomasclinganjones@gmail.com> wrote:
 
 

 
_______________________________________________
 
Wg-pemc mailing list
 
Wg-pemc@kantarainitiative.org
 
https://kantarainitiative.org/mailman/listinfo/wg-pemc
 
 
  
 
Salvatore DAgostino
 
Salvatore DAgostino
 
6:43 AM (4 hours ago)
 
6:43 AM (4 hours ago)
to Noreen, me, pemc
 
  
 
Some thoughts,
 
Some thoughts,
Line 41: Line 25:
  
 
So multiple angles here, determining an age vs. age appropriate design, and I’d think there are some differences between age to acquire license (firearm, fishing, …), buying beer or accessing adult content, in the credential apart from the age field in each of these cases.
 
So multiple angles here, determining an age vs. age appropriate design, and I’d think there are some differences between age to acquire license (firearm, fishing, …), buying beer or accessing adult content, in the credential apart from the age field in each of these cases.
 
 
  
 
lots in the UK on topic as most here likely know, e.g. https://ico.org.uk/for-organisations/guide-to-data-protection/ico-codes-of-practice/age-appropriate-design-a-code-of-practice-for-online-services/
 
lots in the UK on topic as most here likely know, e.g. https://ico.org.uk/for-organisations/guide-to-data-protection/ico-codes-of-practice/age-appropriate-design-a-code-of-practice-for-online-services/
 
 
  
 
I don’t need a 3rd party to validate my age, I have a relationship with that authority, they provide me with credential I can then use to derive others (“micro-credentials), also if I am in charge of the release then this is the best way to address privacy concerns…
 
I don’t need a 3rd party to validate my age, I have a relationship with that authority, they provide me with credential I can then use to derive others (“micro-credentials), also if I am in charge of the release then this is the best way to address privacy concerns…
  
 
 
Tom Jones <thomasclinganjones@gmail.com>
 
6:50 AM (4 hours ago)
 
to Salvatore, Noreen, pemc
 
  
 
I think you are missing something more interesting here. My point is not specifically about age.  Many of us will never bother to get an mDL, but can use the machine readable 18013 card to acquire one of these that will reside on the phone.
 
I think you are missing something more interesting here. My point is not specifically about age.  Many of us will never bother to get an mDL, but can use the machine readable 18013 card to acquire one of these that will reside on the phone.
Line 66: Line 41:
  
 
Salvatore DAgostino
 
Salvatore DAgostino
7:00 AM (4 hours ago)
 
to me, Noreen, pemc
 
  
 
Is it the grant they want to acquire or can a person actually authorize the grant/permission?
 
Is it the grant they want to acquire or can a person actually authorize the grant/permission?
 
  
  
Line 78: Line 50:
  
 
Peter Davis
 
Peter Davis
7:35 AM (3 hours ago)
 
to me, Salvatore, pemc
 
  
 
Can you elaborate on what you mean by an “18013 card”?
 
Can you elaborate on what you mean by an “18013 card”?
Line 92: Line 62:
  
 
the driver's license card (or state ID) that you most likely have in your wallet right now.
 
the driver's license card (or state ID) that you most likely have in your wallet right now.
 
Be the change you want to see in the world ..tom
 
 
  
 
==References==
 
==References==
  
 
[[Category: Identity]]
 
[[Category: Identity]]

Revision as of 10:40, 3 June 2022

Full Title or Meme

Here is a good idea for age verification that I learned from Joe Andreau. I have not been able to understand how they protect privacy, which brings us to an interesting question. We have been discussing what the user sees in terms of privacy protection, but there are other stakeholders that need to get a verification of the services policies as well. Food for thought. https://www.businesswire.com/news/home/20210511005386/en/NACS-Announces-TruAge%E2%84%A2-Digital-ID-Verification-Solution

What this is, is a derived credential, or a ticket that allows access to a particular venue, that is, to purchase age related goods from a convenience store.

This is also the description of an identity federation which is determined by its focus on a single attribute - age.

Be the change you want to see in the world ..tom

Noreen Whysel 6:15 AM (5 hours ago) to me, pemc

Lik a digital hand stamp. Does it expire or is it permanent?

Noreen

Salvatore DAgostino 6:43 AM (4 hours ago)

Some thoughts,


So multiple angles here, determining an age vs. age appropriate design, and I’d think there are some differences between age to acquire license (firearm, fishing, …), buying beer or accessing adult content, in the credential apart from the age field in each of these cases.

lots in the UK on topic as most here likely know, e.g. https://ico.org.uk/for-organisations/guide-to-data-protection/ico-codes-of-practice/age-appropriate-design-a-code-of-practice-for-online-services/

I don’t need a 3rd party to validate my age, I have a relationship with that authority, they provide me with credential I can then use to derive others (“micro-credentials), also if I am in charge of the release then this is the best way to address privacy concerns…


I think you are missing something more interesting here. My point is not specifically about age. Many of us will never bother to get an mDL, but can use the machine readable 18013 card to acquire one of these that will reside on the phone.

So the cred that can be used to derive this cred can be much broader than mDL. The question is not what each person needs, but rather what grant each person wants to acquire and there may be many paths to acquire that derived cred.

From my perspective, the 18103 card IS A MOBILE CRED and needs the sort of privacy protections we are describing here.

Be the change you want to see in the world ..tom


Salvatore DAgostino

Is it the grant they want to acquire or can a person actually authorize the grant/permission?


Tom Jones 7:13 AM (4 hours ago) To me one thing that is interesting about this is the conjunction of the real and the virtual worlds. The place where the human engages varies by use case. For

Peter Davis

Can you elaborate on what you mean by an “18013 card”? Peter Davis Chief Technology Officer, Chief Privacy Officer peter.davis@airsidemobile.com


Tom Jones 9:27 AM (2 hours ago) to Peter, Salvatore, pemc

the driver's license card (or state ID) that you most likely have in your wallet right now.

References