About Podcast Episode
There has been quite some traction behind the ISO Mobile Driver’s Licence (mDL) recently. Many US States have opted to deploy them, it has recently been suggested in the EU digital identity guidance as an initial use case to be supported, and the mDL mdoc format is starting to be supported by other transport protocols such as OIDC4VC.
We talk a lot about various flavours of verifiable credentials on this podcast. Verifiable credentials aim to give broad expressive capacity to digital credentials for a variety of use cases, while the Mobile Driver’s Licence (mDL) addresses the particular use case of mobile driving licenses.
One of the things that resonated the most to me in this conversation with Andrew was the fact that mDL has the opportunity to be a powerful tool in credential transformation. What does that mean?
Governments today aren’t accustomed to issuing verifiable data to their citizens. And because mobile driver’s licenses are an issuer-oriented standard today, and governments (issuers) are members of the organization that is defining these standards (ISO), there is a clear appetite for them. The thought is that once a use case-specific credential such as a mobile driver’s licence gets issued into the wild, then the next logical step for government issuers is to begin thinking: “Hey! What if I don’t have to issue digital representations of physical documents, but instead start issuing specific claims or attestation?” This is the credential transformation.
Another thing that resonated with me in this conversation was the fact that we need to make sure we separate standard work from implementation work in our discussions, regardless of the standard. Certain features such as privacy, interoperability and security can be built-in, or rather suggested by the standards. It however comes down to implementers to build their solutions around them in the right manner. This also includes how mDL issuers determine how they interact with the large mobile hardware and software vendors (e.g., Apple and Google), who pose risks of walled gardens and control.
In this podcast episode with Andrew Hughes, we discuss,
- Distinguishing the mobile driving licence (mDL) credential type from a verifiable credential (VC).
- How the mDL standard is working towards being consumed by other credential transport protocols (e.g., DIDComm, OIDC4VC)
- Can the same ISO standard for mDL be used to issue non-driving licence credentials? And should it?
- Do issuers of driving licences consider mDL it as a driving licence credential, or an identity credential?
- What does the ecosystem look like for mDL vs the one for physical driving licences? Who are some new participants that aren’t involved in physical DL production and governance?
- Why implementation supersedes the standard work.
- What are some interesting use cases around mDL that are gaining traction?
- How ISO works and how the relevant mDL sub-committees are evolving the standard.
- Are there concerns with the mobile hardware and OS providers gaining too much control over the mDL credentials?
Andrew Hughes CISM CISSP is Director of Identity Standards at Ping Identity. He is a digital identity strategist contributing to international standards development. He works with international associations and standards bodies as a domain expert, developing standards and related conformity assessment materials. Andrew serves on the Board of Directors of Kantara Initiative, and as the Chair of the Kantara Leadership Council. As a national expert delegate for Standards Canada on digital identity, he contributes to development of international standards at ISO SC 27 for identity management and ISO SC 17 for mobile driving licenses and mobile eID. Andrew is currently investigating how the worlds of Government Issued Photo ID can co-exist with the emerging Verifiable Credentials models, in a mobile-first manner.