8B/ ISO Mobile Driving License - Convergence for Adoption? - Fireside Chat Format

From IIW

ISO Mobile Driving License - Convergence for Adoption? - Fireside Chat Format

Session Convener: Andrew Hughes

Notes-taker(s): Tobias Looker

Tags / links to resources / technology discussed, related to this session:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

  1. Fireside chat Mobile Drivers License

Convergence? Divergence? Coexistance?

Andrew Hughes

  • Introduction on the current state of ISO mDL 18013-5 work and the adoption going on within the U.S DMV's led by AAMVA
  • However ISO mDL 1013-5 being CBOR based is often difficult from an adoption perspect particularly in the web


  • We are working on open source mDL implementation
  • Topics that we want to discuss is verifiable credential interoperability


  • Andrew introduced*
  • As a representative of AAMVA, what the issuing authorities are looking for is something that is interoperable
  • If we go digital I want to have the same assurance, if i follow this standard I should be interoperable
  • Needs to work in attended and un-attended usecases, un-attended still working on
  • Recognition that "MDL" can be in multiple formats


  • Lets not limit to drivers license why not other forms of government ID?
  • 18013-5 is strict towards drivers license but ISO 23220 is more general
  • mDL is mainly about proving driving priv's not factoring in that it can also be used for strong identification purposes


  • What happens when someones driving priv's are revoked?


  • In the U.S context we have the concept of notary
  • How do you think we factor in this important aspect?


  • There is some work going on with ISO 18013-5


  • My observation is that is coming from a usecase of offline attended and VCs are in online and

the technologies are coming together


  • I dont think comparing VC data model and mDL is not a direct comparison, mDL also defines a protocol


  • I suspect some form of digital drivers license credential that will have a bunch of usecases where it will be applicable,

who do I need to influence to bring the relying parties and what is the roadmap.


  • The iso work recognized that it goes beyond a drivers license
  • Multiple other states are in progress to roll out


  • my question was related to realid but we can move on


  • If you are getting the impression the deal is not done about mobile eID, then your right you have a chance to influence it
  • For example if there is an openid issuance protocol that can be taken back to ISO then we should have that conversation


  • OpenID has a liason agreement to ISO if you want to participate


  • Comments about cross-jurisdiction trust of that mDL


  • I have more to


  • I want to talk about holder empowerment
  • Very difficult to access all the API's required to ISO mDL implementation, differs across Android ISO
  • These are operability interfaces can we come up with a wish list


  • I think from a first principle about what government ID is utility of government ID's


  • Talked about concerns around apple control aspects and some of the concerns around the CCG


  • Issuing authorities have the exact same view, they are concerned about the market share
  • The idea that perhaps these vendors need the DMVs more than DMV's need them


  • Anyone here from blueink.ca? *no*
  • We did an interop project on aries and blueink.ca ISO mDL 18013-5


  • How did you interop?


  • Blueink.ca were and bridging to VC


  • Means they are not signed by the original issuer


  • Quick question for David, you're working with the DWV in UTAH what is the top issue the DMV is kept up at night


  • What is keeping them up at night, there is massive mis-understanding about what they intend to do with drivers licenses

DMVs don't want to track users where they user their drivers license or state troopers dont want to persist the information after the transaction


  • To follow up on VC mDL, the issuers issue credentials in multiple formats, CBOR for inperson and some other form

for over the web because CBOR is less adopted or understood

  • Maybe issuers do not want to issue two in the beginning but that seems like the pragmatic solution
  • Where you get the public key to verify a drivers license AAMVA is working on that
  • 23220 is where over the web mDL is being shaped


  • I want to just state, super concern this real deep worried that apple and google own the mobile operating system

and therefore limiting the options around wallet and holding choices in the ecosystem

  • Encourage you to look at some of the work going on at TOIP about metatrust systems including john walkers work with GCCN


  • I think there is a real recognition that there is a real tension in the technologies being proposed and also the

principles we want it to yield

  • How do we solve for the public private conversation we need to solve for both.


  • I wondering two things, is there a set of capabilities that would be needed to change to the verifiable credentials spec to

just be a VC, is the mobile drivers license meant to be a identity credential?


  • Yes no maybe depends on your def of identity credential


  • I want to put a privacy spin on what david said about Utah DMV, is that the standards are going to make

survalience more do-able, even if their stated intention is not


  • Building on top of the ISO 18013-5, AAMVA has published a document that stipulates some of the privacy safe

guards like you should not track


  • I think the conspiracy theory in identity is growing and we need to tell a better story to dispell these myths
  • We need to look at things like what BCGov did with their public services card to increase transperancy

in the public about how these technologies work.

  • We have to fight the conspiracy theories with open information