At the end of February, important interoperability test events took place for Mobile Driver's Licenses (mDL) in Utrecht, The Netherlands.
The vision and the challenge.
The vast majority of mDL solutions are being developed to align with the ISO 18013 series of specifications. This is essential. Like passports, driver's licenses have utility way beyond their basic function and it is reasonable to assume the same expectations for mobile versions of driver's licenses. They have the potential to support access to services in travel, hospitality, financial services and many more.
The specifications are not limited to driver's licenses either. The broader mDoc concept allows any other document or credential type to be defined, such as for identity cards, health cards, travel permits, loyalty and anything else you can think of.
The vision is that in the future we will have digital wallets, accessible from our personal devices, that allow us to present credentials (or assertions derived from credentials) in all manner of online and offline contexts. Globally that could mean hundreds of wallet providers needing to support credentials issued from thousands of issuers and be accepted at millions of locations. That is a lot of potential combinations of issuer, wallet and verifier. When a student from Japan turns ups at a liquor store in Australia, will their mDL just work?
For that to be possible solutions will need to be interoperable from a regulatory, commercial and technical perspective. Achieving that at global scale is a big challenge but not one that is insurmountable. It is something the card payment industry achieved as it evolved over the past decades and provides great learnings for mDL interoperability.
Learning from payments.
Focusing on technical interoperability, a key standard in the payments space is ISO 7816. The first part was published in 1987 defining the physical characteristics of "identification cards". You see, even back in 1987 the connection between identity and payments was evident. This first part was followed by several other parts defining things such as electrical interfaces, transmission protocols, application-level command structures, security and so on. On top of this, the EMV standards emerged to define how card payment transactions between cards and readers would be performed.
Standards were a vital step in enabling payment ecosystems to operate at scale. But standards are always open to some level of interpretation or misinterpretation. To ensure that technologies work in the real world, it is essential to test them thoroughly. For card payments, any card from any issuer must work seamlessly at any terminal from any acquirer - every time. That means a LOT of testing and in particular testing everything against established and approved reference equipment. So, alongside the evolution of standards the payment networks created and formalized certification programs that ensure that cards, readers, hosts, and so on, function consistently and reliably in line with those evolving specifications.
Testing mDLs.
So what has this got to do with test events in Utrecht?
Those events brought together dozens of organizations from around the world who are building mDL solutions and need to ensure that they will work in the real world. Those solutions are being built alongside the evolution of the standards. It is very similar to what happened in payments although the timeframes are much more compressed. mDLs will emerge as a key mass-market digital identity technology within years, not decades.
During those events we tested new features in the ISO 18013 specifications with a large number of vendors. And it was not smoke and mirrors. Fime was there with its Digital Identity Test Suite that provides a reference implementation of the specifications and can act as either a wallet or a relying party. We were able to conduct tests with many vendors, performing real transactions (with test data of course), helping those vendors assess the gaps and issues in their implementations of the standards.
I think you can view these test events as the beginnings of the formal certification that will be necessary to ensure interoperability for mDL - and for digital identity more widely.
Who will own the scheme?
Perhaps the single biggest interoperability question today is - who will own the certification scheme?
In payments, the answer to that question is straightforward (at least it is now). The payment networks (especially the international ones) set their rules that apply within the large ecosystems that they own. The mDoc ecosystem will be more fragmented with no obvious single organization with the authority to set rules at a global level.
In the EU, the eIDAS legislation makes member states responsible. Of course, there will need to be a lot of work to gain alignment and we expect ENISA to play role there. For our part, Fime is delighted to be part of the WE BUILD consortium that will be delivering a large-scale pilot for the European Commission. In our role there, we will be making sure that the topic of interoperability is given priority. It is an essential requirement for the ecosystem to be successful.
Learn more how Fime can help deliver a interoperable and international mDL solutions.
