Intent to Prototype: mdoc presentation API
1,164 views
Skip to first unread message
Adam Langley
Feb 16, 2023, 11:56:17 AM2/16/23
to blink-dev, Sam Goto, Rick Byers
Contact emails
agl, goto, and rbyers @chromium.org
Specification
https://github.com/WICG/mobile-document-request-api/pull/5
Summary
Mobile driver's licenses use a format called mdoc (ISO/IEC 18013-5:2021), but other forms of identity can also use it. This Web Platform feature would allow sites to request real-world identity information in this format. This would allow people to assert their identity in situations that reasonably require it, such as opening a bank account online, and to disclose specific subsets of their identity for uses such as age verification.
agl, goto, and rbyers @chromium.org
Specification
https://github.com/WICG/mobile-document-request-api/pull/5
Summary
Mobile driver's licenses use a format called mdoc (ISO/IEC 18013-5:2021), but other forms of identity can also use it. This Web Platform feature would allow sites to request real-world identity information in this format. This would allow people to assert their identity in situations that reasonably require it, such as opening a bank account online, and to disclose specific subsets of their identity for uses such as age verification.
We believe that the following are required properties of Chromium’s implementation of this API:
- The user agent must be able to see what attributes are being requested so that it can communicate that to the user, address abuse, etc.
- It must be possible to use multiple wallet apps.
- There must be a smooth path to allowing sites to concurrently request identity documents in other formats, e.g. federation-based identity or verifiable credentials.
- Users should be able to present their identity to the sites that they choose to.
Initial public proposal
https://github.com/WICG/mobile-document-request-api/pull/5
TAG review status
Forthcoming
Risks
The major risks that concern us are that users may not feel in control of what information they are disclosing, and may feel pressured to disclose personal information in contexts where they feel that request is inappropriate. Addressing these will require, at least, significant thought and experimentation around suitable UI.
Interoperability and Compatibility
Gecko: No signal
WebKit: Apple wrote the first draft of this API and are engaged in its development.
Web developers: No signals
Other signals: the EU is developing guidance that assumes these kinds of capabilities for some online services.
WebView application risks
This feature will not initially be available in WebViews.
Requires code in //chrome?
Yes. We expect that some top-level browser UI will be needed in at least some cases where real-world identity is requested.
Estimated milestones
2023Q2: availability of a draft API on Android, behind a flag.
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5166035265650688
https://github.com/WICG/mobile-document-request-api/pull/5
TAG review status
Forthcoming
Risks
The major risks that concern us are that users may not feel in control of what information they are disclosing, and may feel pressured to disclose personal information in contexts where they feel that request is inappropriate. Addressing these will require, at least, significant thought and experimentation around suitable UI.
Interoperability and Compatibility
Gecko: No signal
WebKit: Apple wrote the first draft of this API and are engaged in its development.
Web developers: No signals
Other signals: the EU is developing guidance that assumes these kinds of capabilities for some online services.
WebView application risks
This feature will not initially be available in WebViews.
Requires code in //chrome?
Yes. We expect that some top-level browser UI will be needed in at least some cases where real-world identity is requested.
Estimated milestones
2023Q2: availability of a draft API on Android, behind a flag.
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5166035265650688
Reply all
Reply to author
Forward
0 new messages