ISO/IEC 18013-7 Interoperability Event

Join us for the virtual test event for ISO/IEC 18013-7, hosted by SpruceID in collaboration with AAMVA and members of ISO/IEC JTC 1/SC17/WG10. ISO/IEC 18013-7 specifies requirements for mobile driving license add-on functions, such as how they can be presented online to verify a holder’s identity.

Registration Closed

About Mobile Driver's Licenses

Driver’s licenses serve more use cases for us than just proving our capability to operate a vehicle–many people use their driver’s license as their primary form of identification. As we shift to a digital-first world, people will need credentials to represent all facets of their identity digitally in a secure way.

This means that it is critical to build mobile driver’s license (mDL) solutions using standardized data formats, so verifiers across different geographies and industries are able to confirm a person’s identity.

ISO/IEC JTC 1/SC 17 works on standards for motor vehicle driver license and related documents, with the aim of providing a common technical framework and promoting the safe and secure use of this technology. The 18013-5 standard specified by ISO/IEC JTC 1/SC 17 defines requirements for the security, data elements, and information exchange of mobile driving licenses (mDL) between the mobile device and authorized parties, while supporting user data protection and protecting driver privacy.

Register by August 1 to participate in the Interoperability Event

Event Details

The objective for this test event is to provide a collaboration forum for implementers of ISO/IEC 18013-7 to test their respective solutions in an effort to drive forward cross-industry interoperability and adoption, while accelerating feedback and clarity for implementations of the standard.

This event will take place online asynchronously, allowing for participants to test throughout a fixed two-week period to encourage maximum participation and allow for active development iterations to optimize test results over the two-week window. We encourage testing for both OpenID4VP and RestAPI implementations.

July 7 - Registration Opens

Registration will open at 8:00 UTC. Please review the guidelines linked below for participation eligibilty requirements.

July 14 - Informational Session

This session covered event details and participation. You can watch the recording of the session here.

August 7 - Registration Closed

Registration will close at 23:59 UTC.

August 21 - Testing Begins

The testing window will begin at 17:00 PM UTC.

September 8 - Testing Ends

The testing window will end at 11:59 UTC. Please review the guidelines linked below for final submission requirements.

Mid-September - Event Results Publication

The Event Results Publication will include anonymized, aggregate results. These results may be discussed in ISO working group meetings, but only as anonymized results.

Testing Guidelines and Scope

The formal testing guidelines, including participation requirements and testing scenarios can be found in the document linked below. If there are any clarifications to this document required, please submit your questions to iso-mdl-event@spruceid.com and we will publish answers in the FAQ section shown below.

Event FAQs

Where should I submit questions I have?

Participants are encouraged to submit questions or issues with this event details or interpretation of the standard to iso-mdl-event@spruceid.com. Answers to questions will be shared in direct response and will also be published here in the FAQ section for all participants to review. 

If questions or clarifications result in amendments to the test guidelines or scope outlined herein, all participants will be notified via email correspondence and this webpage will be updated accordingly.

Who is eligible to participate?

Any organization (or group, or individual) who 1) registers through the registration form before the registration window closes and 2) provides the required verifier link (if applicable) and/or X.509 certificates for issuer and/or reader authentication. This event is not restricted to any particular working group membership or organization size.

My organization plans to provide an mDL reader, where do we submit the remote reader link?

A form was circulated to all registered attendees on August 9th where you will be asked to share your remote reader links (if relevant). You must submit the link for your reader by August 14th at the latest to be included.

Where do we submit the relevant X.509 certificates?

A form was circulated to all registered attendees on August 9th requesting the relevant X.509 certificates for issuer and/or reader authentication. You must complete the form by August 14th at the latest to be included.

How do we get access to the VICAL?

We will distribute a link to AAMVA's DTS test environment where the VICAL can be downloaded by email to all registered verifiers.

Where do we get a copy of the base documents of the standards and draft technical specifications?

Working Draft (WD) and Committee Draft (CD) documents are under “Open” access control, as per ISO/IEC JTC 1 Standing Document 23. Participants can get a copy of drafts of ISO/IEC 18013-7 after registration for the event by sending an email to iso-mdl-event@spruceid.com.

A copy of ISO/IEC 18013-5:2021 can be purchased in the official ISO Store. You can visit their website at https://www.iso.org/standards.html and search for the specific standard. Another option would be via your National Standards Body: Each country usually has a national standards body that distributes ISO standards. These organizations often have their own online stores or physical locations where you can purchase ISO standards. For example, in the United States, the American National Standards Institute (ANSI) sells ISO standards through its webstore.

I understand that there were updates to Annex A, Annex B, and the main document in the draft of ISO/IEC 18013-7 after the recent working group meetings. What does this mean for the Interoperability Event?

The Interoperability Event will use the updated drafts for ISO/IEC 18013-7. The test guidelines document has been updated to reflect the changes (highlighted throughout with links to new draft specification documents). 

Are there additional parameters possible in the OID4VP Authorization Request and Authorization Response such as a "state" parameter as defined in OAuth2 (RFC 6749)?

Yes, the Authorization Request Object may contain a "state" parameter as defined in RFC 6749. This is because OID4VP is an extension of OAuth2 and inherits those capabilities. In case a "state" parameter is present in the Authorization Request Object, the Wallet needs to add the "state" parameter to the Authorization Response parameters without further processing (as described in RFC 6749).

In general, OAuth2 (OID4VP) allows additional parameters in the Authorization Request and in the Authorization Response. Since this is allowed, a Wallet should not fail and ignore those additional parameters if those are not understood by the Wallet. The same applies to additional parameters in the Authorization Response.