Yes, saw Anil’s post, completely agree.
From: Tom Jones <thomasclinganjones@gmail.com>
Sent: Monday, October 23, 2023 2:06 AM
To: wg-riup <wg-riup@kantarainitiative.org>
Subject: [WG-RIUP] ACLU and others on the mDL
The following from the report should be considered in our work I believe.
The current standards govern how an mDL should transmit information from the phone to the verifying party (e.g. the TSA agent in the airport), and they govern how an mDL reader should verify the validity of the license.11 But the standards do not govern provisioning (how states install an mDL on a phone). They do not provide sufficient protections for data storage on the phone, sufficient guidance for mobile wallet design or user experience, or accountable constraints that would limit invasive or unwarranted requests from abusive mDL verifiers. Standards for the issuing authority to load mDLs onto a phone are in development as the ISO/IEC 23220 series.12 Standards for digital wallet privacy, security, and consent management are even less developed.
thx ..Tom (mobile)