Mobile Credentials, Privacy, and Kantara Initiative’s Privacy-Enhanced Mobile Credentials Working Group (PEMC WG)

The world is going digital, offering unmatched flexibility and potential for global interoperability. Mobile credentials allow users to authenticate with their smartphone and use it as their key to accessing everything from a bar where an individual must prove their age to a government web-based service where an individual must verify their identity. Balancing the wealth of opportunities, however, are the risks of having these new levels of convenience undermine any expectation of privacy. The Privacy-Enhanced Mobile Credentials Working Group within Kantara Initiative is working to help address this challenge, focusing on mobile credentials such as mobile drivers’ licenses (mDL). 

Photo by Mitya Ivanov on Unsplash

According to the PEMC WG charter, the PEMC WG exists “to create a set of requirements and conformance criteria to protect the privacy of individuals holding or using mobile credentials such as mobile Driving Licenses.” This work is being done against the backdrop of the ISO/IEC 18013-5-compliant mobile driving license ecosystem. While the ISO standard establishes details regarding the credential itself, more work is needed to provide assurances to the holders of mobile credentials that relying parties collecting their identity attributes will only use those attributes for fulfilling the purposes for which the mobile credential was presented. Failing to respect the consent of the mobile credential holder or the legal authority of the verifier to collect the identity attributes could violate the privacy of the mobile credential holder.

Expected Work Items

The PEMC WG is working through a phased approach to writing requirements and conformance criteria for the various endpoints of data flows in a mobile credential ecosystem. This ecosystem describes the interactions of the Issuer, Holder and Verifier, and includes the software, hardware, individuals, and entities at the technical endpoints. In ISO/IEC 18013-5, these are the “Issuing Authority”, “Issuing Authority Infrastructure”, “mDL What about including a simple table where you map the ISO term to the “common language” version? Holder”, “mDL” (credential and holding software), “mDL Verifier”, and “mDL Reader”. 

Over the course of the next one to two years, the PEMC WG plans on producing several reports and guidelines, including an Implementors Report, the Requirements for Issuers, Verifiers, and Providers, and various Compliance Profiles. 

PEMC Implementors Report

The group’s focus today is on creating the outline that will provide the scope and structure for the PEMC Implementors Report. The mobile credential ecosystem includes people and/or organizations that hold the credential and consent to its use (Holders),  issue the credentials (Issuers), and verify the credential as valid or legitimate (Verifiers). Each of those entities has roles, expectations, and responsibilities that must be clearly defined such that later work can build upon that information to develop assessment and conformance criteria. The Implementors Report offers the necessary framing, guidance, and description of appropriate evidence that will allow the group to develop the requirements and profiles needed for implementing the best practices described by the PEMC WG.

The goal is to have this report published by the end of the 2022 calendar year.

Timeline / Milestones

DeliverableStatusTarget DateNotes
OutlineCompleteOct 24, 2022A descriptive outline of the implementors report
ContentIn progressNov 14, 2022Working document ready for technical edit, should be substantially content complete
Technical EditNot startedNov 28, 2022Document ready to go to 
Draft to WorkgroupNot startedNov 30, 2022For vote or final round of amendments.
PublishNot startedDec 7, 2022

PEMC Requirements for Issuers, Verifiers, and Providers

Once the initial report has framed the discussion, the group will produce three additional documents that set out the specific requirements for each type of entity in this ecosystem. These requirements will offer a complete set of guidelines that will serve as the basis for allowing assessors to measure whether an Issuer, Verifier, or Holder (and the specific technology they use) is compliant with the privacy-supporting 

While not the focus of the group today, the PEMC WG has spent considerable time discussing the requirements in the past, and will continue to flesh them out once the Implementor’s Report is done. You can see the candidate requirements on the PEMC WG wiki.

PEMC Compliance Profiles

With almost every requirement comes an “it depends” caveat as to whether that requirement applies in all cases. For example, any requirement about the handling of age data doesn’t apply if there is no age data being shared. Alternatively, there may be a use case where even more stringent requirements for handling that data are appropriate. The general requirements set the baseline; profiles set the details for common scenarios. Profiles cannot add entirely new requirements, but they can specify how the existing requirements must be implemented in the scenario they are capturing.

The final output of the PEMC WG will be these compliance profiles. Exactly what scenarios will be captured will be determined by the working group participants.

How to Learn More

Interest in mobile credentials in general–and mDLs in specific–is growing as governments and commercial organizations move to explore the possibilities. If you are interested in helping developing best practice in this space in a way that’s measurable and globally critical, please join us! Information on joining the group is available online; no mDL required. 

About Kantara Initiative and the OpenID Foundation

Support for the volunteer-led PEMC WG is offered by Kantara Initiative and the OpenID Foundation.

The OpenID Foundation is a non-profit open standards body with a vision to help people assert their identity wherever they choose and a mission to lead the global community in creating identity standards that are secure, interoperable, and privacy-preserving. One of the OIDFs strengths is creating identity protocols that serve billions of consumers across millions of applications. In that context, OIDF welcomes the opportunity to help fund and facilitate this ambitious yet pragmatic effort in service to the global community. 

Similarly,  Kantara Initiative believes in the importance of this work to serve the global community by closing the gaps between policy and protocols. Kantara is a non-profit, global leader in privacy certification with a shared goal of offering safe spaces for open conversations by the community. Kantara seeks to materially improve the privacy landscape across all markets and sectors. One of its key strengths is deep dive audits of client implementations to ensure standards like NIST 800-63-3 are met against clear conformance criteria. The joint approach of Kantara and OIDF  to both projects serves as a model for the kinds of partnership required to build technically viable policies and policy-supportive protocols.