
<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr">Hi Kristina,</div><div dir="ltr"><br><blockquote type="cite">Am 26.06.2021 um 04:32 schrieb Kristina Yasuda <Kristina.Yasuda@microsoft.com>:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Thank you for the feedback, Torsten. Please find comments in-line below.</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

@Everyone, I am attaching the current version of the response. Kind reminder that we set the new deadline for comments to be

<b>June 30th</b>.</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<div style="margin:0px;font-size:15px;font-family:"Yu Gothic UI", "Meiryo UI", Meiryo, "MS Pgothic", Osaka, "Segoe UI", -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", sans-serif;color:rgb(32, 31, 30);background-color:rgb(255, 255, 255)">

<p style="font-size:11pt;font-family:Calibri, sans-serif;margin:0px">- the example on p7 uses „verified_claims“ syntax, so it might be worthwhile mentioning OpenID Connect 4 Identity Assurance in the document</p>

<p style="font-size:11pt;font-family:Calibri, sans-serif;margin:0px">-> I added the following text after the example on p7. Let me know if you want it changed. </p>

<div style="font-size:11pt;font-family:Calibri, sans-serif;margin:0px">"The “verified_claims” container element used in the example above is taken from OpenID Connect for Identity Assurance 1.0 specification (ekyc-ida) in OpenID Foundation. The usage of “verified_claims”

 container element allows to include information how the identity of a natural person has been verified in compliance with a certain law."<br>

</div>

<div style="font-size:11pt;font-family:Calibri, sans-serif;margin:0px">Note that the Annex part has been submitted to the ISO mDL WG prior to this DHS response document, and this change will be proposed in the ISO document in the next revision cycle.</div>

<div style="font-size:11pt;font-family:Calibri, sans-serif;margin:0px"><br>

</div>

</div>

<div style="margin:0px;font-size:15px;font-family:"Yu Gothic UI", "Meiryo UI", Meiryo, "MS Pgothic", Osaka, "Segoe UI", -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", sans-serif;color:rgb(32, 31, 30);background-color:rgb(255, 255, 255)">

<p style="font-size:11pt;font-family:Calibri, sans-serif;margin:0px">- section 7.1.3.4.4: how is the request sent from the reader to the SIOP? I’m asking since I thought those parties would live on different devices</p>

<p style="font-size:11pt;font-family:Calibri, sans-serif;margin:0px">->"Over the Internet", to borrow the terminology used in ISO. RP does not have to be on the same device as SIOP.</p></div></div></div></blockquote><div><br></div>Can you please elaborate? SIOP as it Stands today is tied to the response type „id_token“, i.e. the RP sends the user agent to the SIOP on the same device. Transaction integrity is ensured by binding the nonce in the request to a cookie in this user agent. How do you envision to cross the boundary between devices and what are the consequences on the security of the flow? Can you share a sequence diagram?<div><br><blockquote type="cite"><div dir="ltr"><div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"><div style="margin:0px;font-size:15px;font-family:"Yu Gothic UI", "Meiryo UI", Meiryo, "MS Pgothic", Osaka, "Segoe UI", -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", sans-serif;color:rgb(32, 31, 30);background-color:rgb(255, 255, 255)">

<p style="font-size:11pt;font-family:Calibri, sans-serif;margin:0px">The question made me think that mDL specification does have a specific "device engagement" step during which registration/discovery information is passed in CBOR over NFC or QR code, so maybe

 we can leverage that for SIOP discovery/registration - need to think more.</p></div></div></div></blockquote><div><br></div>I think the SIOP should expose a CIBA style interface to allow direct engagement from the verifier with the reader. The device engagement data could be used to share the endpoint location and so on.</div><div><br><blockquote type="cite"><div dir="ltr"><div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"><div style="margin:0px;font-size:15px;font-family:"Yu Gothic UI", "Meiryo UI", Meiryo, "MS Pgothic", Osaka, "Segoe UI", -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", sans-serif;color:rgb(32, 31, 30);background-color:rgb(255, 255, 255)">

<p style="font-size:11pt;font-family:Calibri, sans-serif;margin:0px"><br>

</p>

</div>

<div style="margin:0px;font-size:15px;font-family:"Yu Gothic UI", "Meiryo UI", Meiryo, "MS Pgothic", Osaka, "Segoe UI", -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", sans-serif;color:rgb(32, 31, 30);background-color:rgb(255, 255, 255)">

<p style="font-size:11pt;font-family:Calibri, sans-serif;margin:0px">- Generally: would it be possible to share more context with the WG? It seems like a lot of knowledge about ISO/IEC 18013-5 is required to understand the proposal</p>

<p style="font-size:11pt;font-family:Calibri, sans-serif;margin:0px">-> Currently, OIDC in mDL is used for the verifier to talk to the Issuing authority to retrieve mDL data using the access token received from the user. This direct path to the Issuing Authority

 has raised concerns from verifiers and resulted in the need for "over the internet" solution directly between user and the verifier, so the SIOP was proposed. </p>

<p style="font-size:11pt;font-family:Calibri, sans-serif;margin:0px"><br>

</p>

</div>

<div style="margin:0px;font-size:15px;font-family:"Yu Gothic UI", "Meiryo UI", Meiryo, "MS Pgothic", Osaka, "Segoe UI", -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", sans-serif;color:rgb(32, 31, 30);background-color:rgb(255, 255, 255)">

<p style="font-size:11pt;font-family:Calibri, sans-serif;margin:0px">- typo on p2 2nd paragraph: "OpenII Connect“ -> OpenID Connect </p>

<p style="font-size:11pt;font-family:Calibri, sans-serif;margin:0px">-> corrected.</p>

</div>

<br></div></div></blockquote><br>best regards,</div><div>Torsten.<br><blockquote type="cite"><div dir="ltr"><div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Best,</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Kristina</div>

<div id="appendonsend"></div>

<hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>差出人:</b> Torsten Lodderstedt <torsten@lodderstedt.net><br>

<b>送信日時:</b> 2021年6月14日 1:43<br>

<b>宛先:</b> Artifact Binding/Connect Working Group <openid-specs-ab@lists.openid.net><br>

<b>CC:</b> Kristina Yasuda <Kristina.Yasuda@microsoft.com><br>

<b>件名:</b> Re: [Openid-specs-ab] DHS mDL RFI response from OpenID Foundation</font>

<div> </div>

</div>

<div class="" style="word-wrap:break-word; line-break:after-white-space">Hi, 

<div class=""><br class="">

</div>

<div class="">thanks for sharing the draft response. </div>

<div class=""><br class="">

</div>

<div class="">Here are my comments:</div>

<div class=""><br class="">

</div>

<div class="">- the example on p7 uses „verified_claims“ syntax, so it might be worthwhile mentioning OpenID Connect 4 Identity Assurance in the document</div>

<div class="">- section 7.1.3.4.4: how is the request sent from the reader to the SIOP? I’m asking since I thought those parties would live on different devices</div>

<div class="">- Generally: would it be possible to share more context with the WG? It seems like a lot of knowledge about ISO/IEC 18013-5 is required to understand the proposal</div>

<div class="">- typo on p2 2nd paragraph: "OpenII Connect“ -> OpenID Connect </div>

<div class=""><br class="">

</div>

<div class="">best regards,</div>

<div class="">Torsten. </div>

<div class="">

<div><br class="">

<blockquote type="cite" class="">

<div class="">Am 14.06.2021 um 09:32 schrieb Kristina Yasuda via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" class="">openid-specs-ab@lists.openid.net</a>>:</div>

<br class="x_Apple-interchange-newline">

<div class="">

<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">

Dear All,</div>

<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">

<br class="">

</div>

<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">

As discussed during the last Connect WG call, circulating the draft response from OpenID Foundation to<span class="x_Apple-converted-space"> </span><span class="" style="background-color:rgb(255,255,255); display:inline!important">DHS RFI on mDL (mobile Driving

 License)</span>.</div>

<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">

We wrote it with Tony and Tom Jones, and it has been reviewed by Gail, Mike and Nat.</div>

<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">

If you have any comments please send them<span class="x_Apple-converted-space"> </span><b class=""><u class="">by June 16th</u></b><span class="x_Apple-converted-space"> </span>to the ML, so that we have time to reflect them before the submission deadline on

 June 18th.</div>

<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">

Apologies for circulating last minute. We can also discuss the questions and comments at tomorrow's Pacific Connect WG call.</div>

<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">

<br class="">

</div>

<div class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">

<div class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="margin:0px; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">Below are links to the original RFI from DHS:</span></div>

<p class="" style="margin-top:0px; margin-bottom:0px"></p>

<div class=""><span class=""><span class="" style="margin:0px; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">- <a href="https://www.google.com/url?q=https://nam06.safelinks.protection.outlook.com/?url%3Dhttps%253A%252F%252Fwww.google.com%252Furl%253Fq%253Dhttps%253A%252F%252Fwww.govinfo.gov%252Fcontent%252Fpkg%252FFR-2021-04-19%252Fpdf%252F2021-07957.pdf%2526source%253Dgmail-imap%2526ust%253D1624260775000000%2526usg%253DAOvVaw1aQ3sHxbIfB3aUEbHijNiu%26data%3D04%257C01%257CKristina.Yasuda%2540microsoft.com%257Ce30e241796ab495de8d708d92f10778b%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637592570519543639%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C1000%26sdata%3D1m5%252BWMnsfw2%252FthhyDTIMmjQ1kcFMESE1HYl2AYyzNG4%253D%26reserved%3D0&source=gmail-imap&ust=1625279576000000&usg=AOvVaw25ODNKS8bcom3UuBgSzHm_" originalsrc="https://www.google.com/url?q=https://www.govinfo.gov/content/pkg/FR-2021-04-19/pdf/2021-07957.pdf&source=gmail-imap&ust=1624260775000000&usg=AOvVaw1aQ3sHxbIfB3aUEbHijNiu" shash="pd7cu6SOD5B9tQqlEx17WSOLNNfv7Ij2+7v7mPQhGQtWFkHaZTkGsgSt0xXIQAR9Ck6j4fA84wOL5h339Cl61wQlRKAGbWhLQeZT8g9LSHRbAjeNFlhT+Nuq28SeAwO02Mf/z6+K6JFo0KVa/h2eQHgFsOZCj3AZekI1b0iFYQM=" id="LPlnk802605" class="">https://www.govinfo.gov/content/pkg/FR-2021-04-19/pdf/2021-07957.pdf</a></span></span></div>

<div class="">- <a href="https://www.google.com/url?q=https://nam06.safelinks.protection.outlook.com/?url%3Dhttps%253A%252F%252Fwww.google.com%252Furl%253Fq%253Dhttps%253A%252F%252Fwww.aamva.org%252F21_4_19-Legislative-Alert-DHS-Requests-Information-for-REAL-ID-Mobile-Drivers-License-Rulemaking%252F%2526source%253Dgmail-imap%2526ust%253D1624260775000000%2526usg%253DAOvVaw2bNG6F2m2_TGCHTp7Q4ykE%26data%3D04%257C01%257CKristina.Yasuda%2540microsoft.com%257Ce30e241796ab495de8d708d92f10778b%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637592570519553602%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C1000%26sdata%3DvvUYqsUJGAqbo1dfdTphxDzcc65B%252BxJwUFiZdbQIJ3c%253D%26reserved%3D0&source=gmail-imap&ust=1625279576000000&usg=AOvVaw3tYuhjE_rs-z1J6wxOAJt8" originalsrc="https://www.google.com/url?q=https://www.aamva.org/21_4_19-Legislative-Alert-DHS-Requests-Information-for-REAL-ID-Mobile-Drivers-License-Rulemaking/&source=gmail-imap&ust=1624260775000000&usg=AOvVaw2bNG6F2m2_TGCHTp7Q4ykE" shash="xxzvZxoPmpmHwEt9JpOILsCleZYU8E0EQDBFQMOkGEwiXHOau0lwpZL1TBZpkZzBVKfKo44iazm6wIKRjdjY49g/zuFsEXimQsTdJjbhYixLmNNAj/Rn1jZVZIU84UfOjZFZ9Y+UrHDIPmcZBEOOaKHVugIlpffxkhEPNDZS9h4=" class=""><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">https://www.aamva.org/21_4_19-Legislative-Alert-DHS-Requests-Information-for-REAL-ID-Mobile-Drivers-License-Rulemaking/</span></a></div>

<p class="" style="margin-top:0px; margin-bottom:0px"></p>

<br class="">

</div>

<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">

Kindest Regards,</div>

<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">

Kristina</div>

<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">

<br class="">

</div>

<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">

<br class="">

</div>

<span id="x_cid:896CC8B6-4BD3-4B1E-8B05-2772C68B0D9D"><Draft DHS RFI Response - mDL_v01.pdf></span><span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; float:none; display:inline!important">_______________________________________________</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">

<span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; float:none; display:inline!important">Openid-specs-ab

 mailing list</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">

<a href="mailto:Openid-specs-ab@lists.openid.net" class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">Openid-specs-ab@lists.openid.net</a><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">

<a href="https://www.google.com/url?q=https://nam06.safelinks.protection.outlook.com/?url%3Dhttps%253A%252F%252Fwww.google.com%252Furl%253Fq%253Dhttp%253A%252F%252Flists.openid.net%252Fmailman%252Flistinfo%252Fopenid-specs-ab%2526source%253Dgmail-imap%2526ust%253D1624260775000000%2526usg%253DAOvVaw2b8TMjt7LljoUVyGDrXZOz%26data%3D04%257C01%257CKristina.Yasuda%2540microsoft.com%257Ce30e241796ab495de8d708d92f10778b%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637592570519563554%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C1000%26sdata%3D83eU9%252FL%252FtJznWQyuB0uyK3Thh%252FrNJoB5Ef0Lr7buzI8%253D%26reserved%3D0&source=gmail-imap&ust=1625279576000000&usg=AOvVaw1SJcRdEpSQPS2MOiNBmSol" originalsrc="https://www.google.com/url?q=http://lists.openid.net/mailman/listinfo/openid-specs-ab&source=gmail-imap&ust=1624260775000000&usg=AOvVaw2b8TMjt7LljoUVyGDrXZOz" shash="yQC9/tqnpDD5rWmZTbg+/aSx53Ie89YTWMQUR8t/QFOH3ugIMzwqNBVa7pyCeWj3NpSYDCy2GbktGefG4XBlAKbKhXPFlhXrE2D3c0or8S0plIiDEMX2zgNe92fuKYWi1FVhSrYmqTCJRlzS6Lq8YcQhOJewAAddDLZ6KRMvMa8=" class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">https://www.google.com/url?q=http://lists.openid.net/mailman/listinfo/openid-specs-ab&source=gmail-imap&ust=1624260775000000&usg=AOvVaw2b8TMjt7LljoUVyGDrXZOz</a></div>

</blockquote>

</div>

<br class="">

</div>

</div>


<div><Draft DHS RFI Response - mDL_v02.docx></div></div></blockquote></div></body></html>