mDL, eID and beyond

Written By Justin Davreux

We are proud to announce that from today, you can issue and verify Mobile Driver’s Licenses (ISO/IEC 18103-5 mDLs), Mobile eIDs (ISO/SEC 232202-2), and other credentials based on the mdoc credential format. This is made possible through our mdoc library which is available in Java, Kotlin and JavaScript. And it’s just the beginning!

Our goal is to provide mdoc credentials (mDL, eID, etc.) across our whole stack, enabling even more use cases, whether that be issuance and verification via the OIDC4VC standard, or to authenticate users based on mdoc credentials.

The Developers’ Dilemma (why mdoc credentials)

The field of digital identity is broad and full of innovation, new ideas on how to solve problems come up daily. Through collaboration and iteration, those ideas evolve into standards. Not all of them find adoption, but the Mobile Driver’s License (ISO/IEC 18013-5:2021, mDL) did, with implementations done by around 14 states in the US, the European Union and other countries around the world. Also, major tech companies are building solutions based on it. This makes mDL an important element in any identity solution already.

Though, as it is with many new technologies. Before they can reach the masses, they share a common trait: building with them is challenging and time-consuming, which is based on the lack of developer tools making usage easy and implementation quick.

Which is why we build the mdoc lib, as an addition to our open-source identity stack. Proving our commitment to deliver on the latest developments in the industry. Offering tools that let you build compliant solutions across identity ecosystems using different identity flavors with ease, whether that be on- or off-chain identity like Tokens/NFTs,  W3C Verifiable Credentials or now mdoc credentials. mdoc is a binary highly storage efficient credential format leveraging CBOR, standardized through ISO/IEC 18013-5:2021 mDL specification. 

With our new product, the mdoc lib, we enable:

  • Issuers to create and sign mdoc credentials

  • Holders to receive, store and present mdoc credentials

  • Verifiers to parse and verify mdoc credentials

Starting with native support for Kotlin, Java and JavaScript, you will also soon be able to issue and verify through REST and find support for mdoc credentials in our higher level products like the IDP-Kit.

What is the mdoc Lib?

A library that enables you to issue and verify credentials based on the mdoc format, such as mDL and eID in Java, Kotlin and JavaScript, while also giving you the option to create custom credential types utilizing the mdoc format for other use-cases. We also plan to integrate the mdoc library into other higher level products in our stack. This toolkit combines multiple SSI flavors and will enable issuance and verification of mdoc credentials via OIDC4VC and REST.

Here’s the most important things to know about the mdoc Lib:

  • It is open source (Apache 2) so that anyone can use the code for free and without limitations.

  • It abstracts complexity such as low-level functionality related to key handling, signatures, encoding and decoding of binary data formats.

  • It is customizable in a sense that you can create your own credential types based on the mdocs credential format.

  • It is modular and composable allowing you to individualize and extend its functionality with your own implementations or remote and third party solutions. This openness prevents lock-in and allows you to build solutions that meet your individual requirements without compromise.

How does it works? 

The mdoc library is built using KMP (Kotlin Multiplatform), which enables us to share and reuse code across platforms (like Java, Kotlin and JavaScript). Having implemented the requirements listed out in the ISO/IEC 18103-5 specification, you can:

  • Parse and verify mdocs and mdoc requests, with verification of MSO-validity, doc type, certificate chains, item tamper checks, issuer and device signatures.

  • Create and sign mdoc documents with issuer-signed items and COSE Sign1 issuer authentication (mobile security object, MSO).

  • Present mdoc documents with selective disclosure of issuer-signed items and mdoc device authentication, based on COSE Mac0 or COSE Sign1.

  • Create mdoc requests object with COSE Sign1 reader authentication.

 

Get started

GitHub - issue your first mdoc credential with the walt.id mdoc library.

Open questions ?

Contact us or join us on Discord, we are happy to help.

 
Justin Davreux
Previous

The Community Stack

Next

The IDP Kit