Difference between revisions of "Derived Mobile Credential"

From MgmtWiki
Jump to: navigation, search
(Full Title or Meme)
Line 64: Line 64:
* See the wiki page [[Derived Credential]] for the original meaning from NIST that started with a PIV (CAC) card and crated a credential that could be used in other environments.
[[Category: Identity]]
[[Category: Identity]]

Revision as of 10:44, 3 June 2022

Full Title or Meme

Here is a good idea for age verification that I learned from Joe Andreau. I have not been able to understand how they protect privacy, which brings us to an interesting question. We have been discussing what the user sees in terms of privacy protection, but there are other stakeholders that need to get a verification of the services policies as well. Food for thought. https://www.businesswire.com/news/home/20210511005386/en/NACS-Announces-TruAge%E2%84%A2-Digital-ID-Verification-Solution

What this is, is a derived credential, or a ticket that allows access to a particular venue, that is, to purchase age related goods from a convenience store.

This is also the description of an identity federation which is determined by its focus on a single attribute - age.

Be the change you want to see in the world ..tom

Noreen Whysel 6:15 AM (5 hours ago) to me, pemc

Lik a digital hand stamp. Does it expire or is it permanent?


Salvatore DAgostino 6:43 AM (4 hours ago)

Some thoughts,

So multiple angles here, determining an age vs. age appropriate design, and I’d think there are some differences between age to acquire license (firearm, fishing, …), buying beer or accessing adult content, in the credential apart from the age field in each of these cases.

lots in the UK on topic as most here likely know, e.g. https://ico.org.uk/for-organisations/guide-to-data-protection/ico-codes-of-practice/age-appropriate-design-a-code-of-practice-for-online-services/

I don’t need a 3rd party to validate my age, I have a relationship with that authority, they provide me with credential I can then use to derive others (“micro-credentials), also if I am in charge of the release then this is the best way to address privacy concerns…

I think you are missing something more interesting here. My point is not specifically about age. Many of us will never bother to get an mDL, but can use the machine readable 18013 card to acquire one of these that will reside on the phone.

So the cred that can be used to derive this cred can be much broader than mDL. The question is not what each person needs, but rather what grant each person wants to acquire and there may be many paths to acquire that derived cred.

From my perspective, the 18103 card IS A MOBILE CRED and needs the sort of privacy protections we are describing here.

Be the change you want to see in the world ..tom

Salvatore DAgostino

Is it the grant they want to acquire or can a person actually authorize the grant/permission?

Tom Jones 7:13 AM (4 hours ago) To me one thing that is interesting about this is the conjunction of the real and the virtual worlds. The place where the human engages varies by use case. For

Peter Davis

Can you elaborate on what you mean by an “18013 card”? Peter Davis Chief Technology Officer, Chief Privacy Officer peter.davis@airsidemobile.com

Tom Jones 9:27 AM (2 hours ago) to Peter, Salvatore, pemc

the driver's license card (or state ID) that you most likely have in your wallet right now.


  • See the wiki page Derived Credential for the original meaning from NIST that started with a PIV (CAC) card and crated a credential that could be used in other environments.