[Openid-specs-ab] DHS mDL RFI response from OpenID Foundation

Kristina Yasuda Kristina.Yasuda at microsoft.com
Sat Jun 26 02:32:15 UTC 2021


Thank you for the feedback, Torsten. Please find comments in-line below.
@Everyone, I am attaching the current version of the response. Kind reminder that we set the new deadline for comments to be June 30th.


- the example on p7 uses „verified_claims“ syntax, so it might be worthwhile mentioning OpenID Connect 4 Identity Assurance in the document

-> I added the following text after the example on p7. Let me know if you want it changed.

"The “verified_claims” container element used in the example above is taken from OpenID Connect for Identity Assurance 1.0 specification (ekyc-ida) in OpenID Foundation. The usage of “verified_claims” container element allows to include information how the identity of a natural person has been verified in compliance with a certain law."
Note that the Annex part has been submitted to the ISO mDL WG prior to this DHS response document, and this change will be proposed in the ISO document in the next revision cycle.


- section 7.1.3.4.4: how is the request sent from the reader to the SIOP? I’m asking since I thought those parties would live on different devices

->"Over the Internet", to borrow the terminology used in ISO. RP does not have to be on the same device as SIOP.

The question made me think that mDL specification does have a specific "device engagement" step during which registration/discovery information is passed in CBOR over NFC or QR code, so maybe we can leverage that for SIOP discovery/registration - need to think more.


- Generally: would it be possible to share more context with the WG? It seems like a lot of knowledge about ISO/IEC 18013-5 is required to understand the proposal

-> Currently, OIDC in mDL is used for the verifier to talk to the Issuing authority to retrieve mDL data using the access token received from the user. This direct path to the Issuing Authority has raised concerns from verifiers and resulted in the need for "over the internet" solution directly between user and the verifier, so the SIOP was proposed.


- typo on p2 2nd paragraph: "OpenII Connect“ -> OpenID Connect

-> corrected.

Best,
Kristina
________________________________
差出人: Torsten Lodderstedt <torsten at lodderstedt.net>
送信日時: 2021年6月14日 1:43
宛先: Artifact Binding/Connect Working Group <openid-specs-ab at lists.openid.net>
CC: Kristina Yasuda <Kristina.Yasuda at microsoft.com>
件名: Re: [Openid-specs-ab] DHS mDL RFI response from OpenID Foundation

Hi,

thanks for sharing the draft response.

Here are my comments:

- the example on p7 uses „verified_claims“ syntax, so it might be worthwhile mentioning OpenID Connect 4 Identity Assurance in the document
- section 7.1.3.4.4: how is the request sent from the reader to the SIOP? I’m asking since I thought those parties would live on different devices
- Generally: would it be possible to share more context with the WG? It seems like a lot of knowledge about ISO/IEC 18013-5 is required to understand the proposal
- typo on p2 2nd paragraph: "OpenII Connect“ -> OpenID Connect

best regards,
Torsten.

Am 14.06.2021 um 09:32 schrieb Kristina Yasuda via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>>:

Dear All,

As discussed during the last Connect WG call, circulating the draft response from OpenID Foundation to DHS RFI on mDL (mobile Driving License).
We wrote it with Tony and Tom Jones, and it has been reviewed by Gail, Mike and Nat.
If you have any comments please send them by June 16th to the ML, so that we have time to reflect them before the submission deadline on June 18th.
Apologies for circulating last minute. We can also discuss the questions and comments at tomorrow's Pacific Connect WG call.

Below are links to the original RFI from DHS:

- https://www.govinfo.gov/content/pkg/FR-2021-04-19/pdf/2021-07957.pdf<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.govinfo.gov%2Fcontent%2Fpkg%2FFR-2021-04-19%2Fpdf%2F2021-07957.pdf%26source%3Dgmail-imap%26ust%3D1624260775000000%26usg%3DAOvVaw1aQ3sHxbIfB3aUEbHijNiu&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Ce30e241796ab495de8d708d92f10778b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637592570519543639%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=1m5%2BWMnsfw2%2FthhyDTIMmjQ1kcFMESE1HYl2AYyzNG4%3D&reserved=0>
- https://www.aamva.org/21_4_19-Legislative-Alert-DHS-Requests-Information-for-REAL-ID-Mobile-Drivers-License-Rulemaking/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.aamva.org%2F21_4_19-Legislative-Alert-DHS-Requests-Information-for-REAL-ID-Mobile-Drivers-License-Rulemaking%2F%26source%3Dgmail-imap%26ust%3D1624260775000000%26usg%3DAOvVaw2bNG6F2m2_TGCHTp7Q4ykE&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Ce30e241796ab495de8d708d92f10778b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637592570519553602%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=vvUYqsUJGAqbo1dfdTphxDzcc65B%2BxJwUFiZdbQIJ3c%3D&reserved=0>

Kindest Regards,
Kristina


<Draft DHS RFI Response - mDL_v01.pdf>_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
https://www.google.com/url?q=http://lists.openid.net/mailman/listinfo/openid-specs-ab&source=gmail-imap&ust=1624260775000000&usg=AOvVaw2b8TMjt7LljoUVyGDrXZOz<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttp%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab%26source%3Dgmail-imap%26ust%3D1624260775000000%26usg%3DAOvVaw2b8TMjt7LljoUVyGDrXZOz&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7Ce30e241796ab495de8d708d92f10778b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637592570519563554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=83eU9%2FL%2FtJznWQyuB0uyK3Thh%2FrNJoB5Ef0Lr7buzI8%3D&reserved=0>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210626/e9d6fa0e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Draft DHS RFI Response - mDL_v02.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 77762 bytes
Desc: Draft DHS RFI Response - mDL_v02.docx
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210626/e9d6fa0e/attachment-0001.docx>


More information about the Openid-specs-ab mailing list