The Privacy-Enhancing Mobile Credentials Working Group within Kantara Initiative is working to develop the necessary privacy-related guidance for those organizations issuing, verifying, and developing the technologies to hold digital credentials such as mobile drivers’ licenses (mDL) when in person. This work has been underway since November 2021, and the lessons learned in that time have resulted in the revision of the PEMC WG charter.
The revised charter provides a new Background section to help people new to the space understand the impetus behind the work and a clear description of the target audience for the specifications that this group will produce. The goal of all Kantara Initiative working groups is to be open and accessible to all, and providing a clearer background for the work will enable those new to the space to be more confident when engaging with the group.
The Purpose and Scope have also been clarified, moving the timeline to its own section with revised dates and offering a bit more detail on both what is in scope and out of scope for our work.
- In Scope: Credentials issued by both public sector and private sector issuers are in scope of this document.
- Out of Scope: Collection, use, and maintenance of identifying attributes by the Issuer are out of scope of this document. Decisions made by an Issuer could be set by policy or regulation regarding what information they collect for the credential itself.
PEMC Implementors Report
The next official output of the PEMC WG is the Early Implementors Draft Report. The Implementors Report offers the necessary framing, guidance, and description of appropriate evidence that will allow the PEMC WG to develop the requirements and profiles needed for implementing the best practices described by the PEMC WG. It will also provide much-needed initial guidance for Holders (the people and/or organizations that provide technology to store mobile credentials and support the necessary consent models for its use), Issuers (the people and/or organizations issuing the credentials), Verifiers (those entities that must verify the credential as valid or legitimate).
The goal is to have this report published by the close of Q2 2023.
The PEMC extended trust triangle
About Kantara Initiative and the OpenID Foundation
Support for the volunteer-led PEMC WG is offered by Kantara Initiative and the OpenID Foundation.
About Kantara Initiative
Kantara Initiative is a global community focused on improving the trustworthy use of identity and personal data. It has multiple working groups that explore innovation, and standardization and develop good practices around the collection, storage, and use of personal identity information. Kantara nurtures thought leadership, and ground-breaking R&D and develops specifications that will create and maintain a trustworthy identity ecosystem. Our working groups concentrate on informing policy and standards on topics as wide-ranging as User Managed Access and Consent Receipts; Privacy-Enhancing Mobile Credentials, and Digital Healthcare Services.
Kantara also runs the world’s leading Identity Assurance programs. These assessment programs uniquely audit companies and their products for conformance against a number of Trust Frameworks, including the National Institute of Standards & Technology (NIST) 800-63 standards for privacy and security around Identity and the UK government’s Digital Identity & Attributes Trust Framework (DIATF).
Different classes of Identity Assurance Trust Marks are awarded to organizations that meet specific criteria around technical and business expertise. The most complete Trust Mark is awarded for full compliance with technology, business processes, maintenance, and governance for full credential service providers.
More than 50% of Kantara members reside outside the US. Our leadership is committed to low – or no – barriers to participation, and we encourage membership from organizations across all public, private, and non-profit sectors and across all geographies.
See www.kantarainitiative.org for full details of our work.
About OpenID Foundation
The OpenID Foundation is a non-profit open standards body with a vision to help people assert their identity wherever they choose and a mission to lead the global community in creating identity standards that are secure, interoperable, and privacy-preserving. One of the OIDFs strengths is creating identity protocols that serve billions of consumers across millions of applications. In that context, OIDF welcomes the opportunity to help fund and facilitate this ambitious yet pragmatic effort in service to the global community.
Similarly, Kantara Initiative believes in the importance of this work to serve the global community by closing the gaps between policy and protocols. Kantara is a non-profit, global leader in privacy certification with a shared goal of offering safe spaces for open conversations by the community. Kantara seeks to materially improve the privacy landscape across all markets and sectors. One of its key strengths is deep dive audits of client implementations to ensure standards like NIST 800-63-3 are met against clear conformance criteria. The joint approach of Kantara and OIDF to both projects serves as a model for the kinds of partnership required to build technically viable policies and policy-supportive protocols.