VICAL

From MgmtWiki
Jump to: navigation, search

Full Title

The VICAL I(Verified issuer certificate authority list) s the new name for the ISO 18013-5 master list of certificates for issuers (and perhaps others) for Mobile Driver's Licenses.

AAMVA

These are notes from AAMVA who may wish to implement a VICAL.

  • The VICAL is validated by verification of the VICAL signing key which will be provided to the RPs. Any specific requirements from a governance/policy perspective regarding the requirements that must be met for inclusion in the MVP will be determined at a later time
  • AAMVA’s desire is that during normal VICAL generation and signing that AAMVA personnel would not need to be involved. However, if you feel that it is important feel free to propose it.
  • Given the limited scope, number of participants and expected duration of the MVP... AAMVA does not believe it is required that the solution reside in a FedRamp certified/compliant environment.

ISO 18013-5

APPENDIX - Master list CDDL profile

The master list profile uses a COSE_Sign structure with the X509 (chain) element from draft-ietf-cose-x509-07 to the ML signer certificate.

The payload shall use the following CDDL structure:

MasterList = {
  "type" : tstr      ; currently "1.0"
  "version" : tstr     : currenlty "1.0"
  "date" : tdate     ; date-time according to RFC 7049 (eg 1990-12-31T23:59:60Z)
  ? "nextUpdate" : tdate ; date-time according to RFC 7049
  "certificateInfo : [+ CertificateInfo]
}
CertificateInfo = {
  "issuingCountry": tstr ; ISO3166-1 or ISO3166-2 depending on the issuer
  ? "issuingAuthority": tstr
  ? "stateOrProvinceName": tstr
  ? "docType": tstr
  "certStructure" : CertStructure
 }
CertStructure = {
  ? "DN": bstr
  "ski": bstr
  "certificate" : bstr

References