Join us for the virtual test event for ISO/IEC 18013-7, hosted by SpruceID in collaboration with AAMVA and members of ISO/IEC JTC 1/SC17/WG10. ISO/IEC 18013-7 specifies requirements for mobile driving license add-on functions, such as how they can be presented online to verify a holder’s identity.
Driver’s licenses serve more use cases for us than just proving our capability to operate a vehicle–many people use their driver’s license as their primary form of identification. As we shift to a digital-first world, people will need credentials to represent all facets of their identity digitally in a secure way.
This means that it is critical to build mobile driver’s license (mDL) solutions using standardized data formats, so verifiers across different geographies and industries are able to confirm a person’s identity.
ISO/IEC JTC 1/SC 17 works on standards for motor vehicle driver license and related documents, with the aim of providing a common technical framework and promoting the safe and secure use of this technology. The 18013-5 standard specified by ISO/IEC JTC 1/SC 17 defines requirements for the security, data elements, and information exchange of mobile driving licenses (mDL) between the mobile device and authorized parties, while supporting user data protection and protecting driver privacy.
The objective for this test event is to provide a collaboration forum for implementers of ISO/IEC 18013-7 to test their respective solutions in an effort to drive forward cross-industry interoperability and adoption, while accelerating feedback and clarity for implementations of the standard.
This event will take place online asynchronously, allowing for participants to test throughout a fixed two-week period to encourage maximum participation and allow for active development iterations to optimize test results over the two-week window. We encourage testing for both OpenID4VP and RestAPI implementations.
Registration will open at 8:00 UTC. Please review the guidelines linked below for participation eligibilty requirements.
This session covered event details and participation. You can watch the recording of the session here.
Registration will close at 23:59 UTC.
The testing window will begin at 17:00 PM UTC.
The testing window will end at 11:59 UTC. Please review the guidelines linked below for final submission requirements.
The Event Results Publication will include anonymized, aggregate results. These results may be discussed in ISO working group meetings, but only as anonymized results.
The formal testing guidelines, including participation requirements and testing scenarios can be found in the document linked below. If there are any clarifications to this document required, please submit your questions to [email protected] and we will publish answers in the FAQ section shown below.
Participants are encouraged to submit questions or issues with this event details or interpretation of the standard to [email protected]. Answers to questions will be shared in direct response and will also be published here in the FAQ section for all participants to review.
If questions or clarifications result in amendments to the test guidelines or scope outlined herein, all participants will be notified via email correspondence and this webpage will be updated accordingly.
Any organization (or group, or individual) who 1) registers through the registration form before the registration window closes and 2) provides the required verifier link (if applicable) and/or X.509 certificates for issuer and/or reader authentication. This event is not restricted to any particular working group membership or organization size.
A form was circulated to all registered attendees on August 9th where you will be asked to share your remote reader links (if relevant). You must submit the link for your reader by August 14th at the latest to be included.
A form was circulated to all registered attendees on August 9th requesting the relevant X.509 certificates for issuer and/or reader authentication. You must complete the form by August 14th at the latest to be included.
We will distribute a link to AAMVA's DTS test environment where the VICAL can be downloaded by email to all registered verifiers.
Working Draft (WD) and Committee Draft (CD) documents are under “Open” access control, as per ISO/IEC JTC 1 Standing Document 23. Participants can get a copy of drafts of ISO/IEC 18013-7 after registration for the event by sending an email to [email protected].
A copy of ISO/IEC 18013-5:2021 can be purchased in the official ISO Store. You can visit their website at https://www.iso.org/standards.html and search for the specific standard. Another option would be via your National Standards Body: Each country usually has a national standards body that distributes ISO standards. These organizations often have their own online stores or physical locations where you can purchase ISO standards. For example, in the United States, the American National Standards Institute (ANSI) sells ISO standards through its webstore.
The Interoperability Event will use the updated drafts for ISO/IEC 18013-7. The test guidelines document has been updated to reflect the changes (highlighted throughout with links to new draft specification documents).
Yes, the Authorization Request Object may contain a "state" parameter as defined in RFC 6749. This is because OID4VP is an extension of OAuth2 and inherits those capabilities. In case a "state" parameter is present in the Authorization Request Object, the Wallet needs to add the "state" parameter to the Authorization Response parameters without further processing (as described in RFC 6749).
In general, OAuth2 (OID4VP) allows additional parameters in the Authorization Request and in the Authorization Response. Since this is allowed, a Wallet should not fail and ignore those additional parameters if those are not understood by the Wallet. The same applies to additional parameters in the Authorization Response.