The following from the report should be considered in our work I believe. https://epic.org/documents/comments-of-epic-aclu-cdt-and-eff-to-the-tsa-on-i... The current standards govern how an mDL should transmit information from the phone to the verifying party (e.g. the TSA agent in the airport), and they govern how an mDL reader should verify the validity of the license.11 But the standards do not govern provisioning (how states install an mDL on a phone). They do not provide sufficient protections for data storage on the phone, sufficient guidance for mobile wallet design or user experience, or accountable constraints that would limit invasive or unwarranted requests from abusive mDL verifiers. Standards for the issuing authority to load mDLs onto a phone are in development as the ISO/IEC 23220 series.12 Standards for digital wallet privacy, security, and consent management are even less developed. thx ..Tom (mobile)
Yes, saw Anil’s post, completely agree. From: Tom Jones <thomasclinganjones@gmail.com> Sent: Monday, October 23, 2023 2:06 AM To: wg-riup <wg-riup@kantarainitiative.org> Subject: [WG-RIUP] ACLU and others on the mDL The following from the report should be considered in our work I believe. https://epic.org/documents/comments-of-epic-aclu-cdt-and-eff-to-the-tsa-on-i... The current standards govern how an mDL should transmit information from the phone to the verifying party (e.g. the TSA agent in the airport), and they govern how an mDL reader should verify the validity of the license.11 But the standards do not govern provisioning (how states install an mDL on a phone). They do not provide sufficient protections for data storage on the phone, sufficient guidance for mobile wallet design or user experience, or accountable constraints that would limit invasive or unwarranted requests from abusive mDL verifiers. Standards for the issuing authority to load mDLs onto a phone are in development as the ISO/IEC 23220 series.12 Standards for digital wallet privacy, security, and consent management are even less developed. thx ..Tom (mobile)
Thanks Tom, agree with your recommendation which is supported by the ACLU document. May all have a good week , Jim On Mon, Oct 23, 2023, 2:06 AM Tom Jones <thomasclinganjones@gmail.com> wrote:
The following from the report should be considered in our work I believe.
https://epic.org/documents/comments-of-epic-aclu-cdt-and-eff-to-the-tsa-on-i...
The current standards govern how an mDL should transmit information from the phone to the verifying party (e.g. the TSA agent in the airport), and they govern how an mDL reader should verify the validity of the license.11 But the standards do not govern provisioning (how states install an mDL on a phone). They do not provide sufficient protections for data storage on the phone, sufficient guidance for mobile wallet design or user experience, or accountable constraints that would limit invasive or unwarranted requests from abusive mDL verifiers. Standards for the issuing authority to load mDLs onto a phone are in development as the ISO/IEC 23220 series.12 Standards for digital wallet privacy, security, and consent management are even less developed.
thx ..Tom (mobile) _______________________________________________ A Community Group mailing list of KantaraInitiative.org WG-RIUP mailing list -- wg-riup@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/wg-riup@kantarainitiat... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/WG-RIUP
participants (3)
-
jim kragh -
Salvatore D'Agostino -
Tom Jones