Idemia, Mattr, SpruceID chosen to work on NIST mDL project

Idemia is among fifteen organizations that the National Institute for Standards and Technology (NIST)’s National Cybersecurity Center of Excellence (NCCoE) has engaged to collaborate on the first use case for its Mobile Driver’s License (mDL) project.

An announcement from NCCoE says those selected to contribute to the development of digital credential architectures also include digital identity providers Mattr Limited and SpruceID, as well as the OpenID Foundation; Microsoft; iLabs; a smattering of state transportation authorities; major banks J.P. Morgan Chase, U.S. Bank and Wells Fargo; and the Department of Homeland Security (DHS) Science and Technology Directorate.

Per the announcement, “collaborators will work with the NCCoE to accelerate the adoption of digital identity standards and best practices by producing reference architectures, representative workflows, and implementation guides to address real-world cybersecurity, privacy, and usability challenges faced by adoption of mDL in the financial sector.”

To begin, work will focus on the financial sector and the implementation of mDLs for identity verification, KYC and other digital ID concerns in financial services.

The NCCoE chose its team among respondents to a notice in the Federal Register. Based on alignment of capabilities with “desired solution characteristics,” the 15 organizations were each extended a collaborative research and development agreement (CRADA) binding them to the consortium.

While its core contributors for the collaborative standards project have been locked in, NCCoE is still open to input. A note at the bottom of the announcement invites anyone who wants to be part of “the mDL community of interest (COI) to help guide this project and provide feedback” to email them at mdl-nccoe@nist.gov.

Visions aligning on mDLs across government

The establishment of comprehensive – and comprehensible – standards on digital ID and mDLs is something of a holy grail for a sector facing a web of sometimes conflicting standards and protocols layered on top of each other, each owned by different organizations.

In a June Identiverse panel on mDLs hosted by the OpenID Foundation, Ryan Galluzzo, the digital identity program lead for the Applied Cybersecurity division at NIST, listed NCCoE as a major player in the verifiable credentials effort, alongside OpenID, the World Wide Web Consortium (W3C) and the International Standards Organization (ISO/IEC).

Galluzzo noted that NCCoE is “very focused on understanding these kinds of mobile drivers license standards, where they exist today and where going next how they fit within this broader context.”

The assembly of its digital ID supercouncil can be seen as the next major step in that effort. Across the participating bodies, many are already neck-deep in the conversation about mDLs (for instance, the California Department of Motor Vehicles and the New York State Department of Motor Vehicles) and interoperability is a common goal.

Even the White House is pitching in. The Biden administration has circulated a draft executive order on digital identity, and while it has not yet been signed, it is said to “strongly encourage the use of digital identity documents” and to support state issuance of mDLs.

So far, thirteen states have issued mDLs, and a similar number are considering legislation or otherwise working towards an eventual rollout of digital credentials.

Article Topics

biometrics  |  digital ID  |  IDEMIA  |  Idemia Public Security  |  ISO standards  |  Mattr  |  mDL (mobile driver's license)  |  NCCoE  |  NIST  |  Ryan Galluzzo  |  U.S. Government