Skip to content

20250918

Jump to bottom
Atul Tulshibagwale edited this page Sep 18, 2025 · 1 revision

Sep 18, 2025

Attendees

Name Affiliation Participation Agreement signed?
Tobin South WorkOS & Stanford Yes
Atul Tulshibagwale SGNL Yes
Rick Burta Okta Yes
Paul Templeman Independent Yes
Eleanor Meritt Independent Yes
Chris Phillips Independent Yes
Apoorva Deshpande Okta Yes
Adwait Shinganwade Independent Yes
Tom jones ind yes
Vaibhav Narula Independent Yes
Vlad Shapiro Costidity Yes
Flemming Andreasen Cisco Yes
Aldo Pietropaolo Independent (Soon Sophos Advisor) Yes
Alex Babeanu Indykite Yes
Anuradha Karunarathna WSO2 Yes
Macy Abbey Okta Yes
Martin Besozzi Independent Yes
Elie Azerad Independent Yes
Bill Fisher NIST
Gail Hodges OIDF N/A staff

Agenda

  • Tobin’s weekly updates (5 minutes)
  • Julianna Cafik presentation on Mobile Drivers Licenses (OIDF, NIST) and AI (20 minutes)
  • (Tentative) Jeff Lombardo led discussion on taxonomy (15 minutes)
  • AOB

Notes

  • (Juliana) Doing work with the financial services sector, in risks to FS from Gen AI / Agentic AI
  • High Assurance Identity verification is a critical problem to solve
  • Current identity constructs, 3 principles
    • Functional
    • Separation principle
      • The separation principle was designed to separate your physical identity documents from online interaction
    • Contextual
  • Context:
    • Protects identity of the physical documentation
    • Governed independently (independent of …)
    • Consistent user experience
  • Agentic AI behaves very differently from what we are used to
  • Agentic AI being weaponized to exploit current identity constructs:
    • Synthetic identity creation (fake identity cards)
    • Deepfake drive social engineering (used to impersonate individuals while onboarding or verification)
    • Attack surrogates (mimic user behavior to bypass verification steps)
  • Why are they effective?
    • The construct is not identity
    • Lack of non repudiation
    • Fragmented governance: No unified platform for verification and assurance
    • It’s accelerated due to the power of GenAI tools available easily
  • What can we do?
    • Raise the identity assurance
    • Can we enhance the assurance of claimed identities?
  • Epicenters of effort:
    • EU ID Wallet
    • NIST NCCoE MDL project
  • Build a new identity construct:
    • Use of MDL to do Customer Identification Program (CIP), or Know Your Customer (KYC) process
  • There are a number of standards to implement this
  • We can start to establish key policies critical to financial services through MDLs
  • Core stakeholder collaboration:
    • Issuer (DMV or similar government agency)
    • Digital Wallet
    • Identity Service Provider
    • Financial Institutions
  • OIDF is working on a new eKYC metadata
    • Metadata spec aligned with MDLs
    • Enables FIs gain assurance?
  • Tying together holder authentication from the wallet to the MDL
    • Required for FIs to rely on this
  • Contribute and Engage:
    • Provide feedback to NIST
    • Collaborate with standards bodies
    • Participate in technical workshops
  • (Bill Fisher) NIST Publications are here: https://pages.nist.gov/nccoe-mdl-project-static-website/
  • (Atul) What is an Identity Service Provider
    • Provides a verifier embedded in the IdP
    • MDLs have issuers, e.g. DMV
    • There’s an Identity Management service at the relying party
    • It’s an orchestration layer, which enables the FI to go through their EKYC process asynchronously
    • A passkey or other authenticator is provisioned to the account holder as a result of this process.
  • (Alex) How is the trust between …
    • (Julianna) Trust is a bit weird to talk about. I can talk about cryptographic verifiability
  • (Alex) How can a verifier trust the issuer? Not just the claims
    • (Julianna) It would depend on which region you are in. In EU it is different from the US
    • (Bill Fisher) There are two questions of trust: Issuer and Wallet
    • If you look at the MDL white paper we put out there, we look at 3 different areas.
      • You can verify the issuer’s public key
      • Or you can go to AAMVA To get the public keys and then trust those keys
      • When you get cryptographic credentials from a state, you still want to make sure the credentials are not issued fraudulently.
      • In EU there is a big compliance regime. We don’t have that in the US yet.
      • In FIDO we are looking to issue guidelines. AAMVA is also working on this.
      • The MDL assurance white paper is tackling a number of the trust issues (including trust in the wallet)
  • (Vlad) I work for an FI. Can we use the same thing for ID verification in case someone forgets their building entry card?
    • (Bill Fisher) MDLs are a form of a verifiable digital credential
    • You can create an VDC in your FI for entry into your financial institution
    • ISO standards for proximity, similar to how MDLs are used in the TSA checkpoints
    • You’ll be issuing your own form of VDC for this. Some vendors might be supporting this already
    • OIDF eKYC only focuses on the online use case.
  • (Vlad) Online case is great, for access to VPN, for example.
  • (Bill) One more thing: We don’t look at MDLs as an authentication solution. It’s more to provide a series of attributes.
  • (Bill) We are using passkeys instead for authentication. You might want to use MDL for account recovery, verification, etc.
  • (Paul) In terms of NIST project, was there any thought of how AI agents might …
    • You could use OID4VP or the ISO alternative
  • (Bill) You have OID4VP or HAIP. We have a thought on how agents could consume MDLs
    • If you had an agent that could validate an MDL, you could do it.
    • Just getting interoperability at the credentials level is not sufficient for making it useful at the relying party
    • There could be innovative ways of making this work
  • (Bill) The real value is in attack mitigation. Existing processes (e.g. knowledge-based authentication, document possession, facial recognition) are all subvertable by AI
    • You need cryptography backed credentials to address this
  • (Julianna) We understand that we have a problem right now in agentic AI exploiting our current identification / verification constructs
  • We’ve proven out through interops, ISO, etc. that the standards are present and useful. It is now up to the FIs to adopt
  • We need to define the new constructs for identification and authorization here. The existing one is broken / being actively exploited.
  • (Govindaraj) I wanted to focus on account takeovers. You might do KYC initially, but where the user doesn’t use a strong authentication method such as passkey (the adoption is low right now), what can we do to improve adoption of passkeys. We have seen this often in the FI world
    • Not many financial services systems integrate in this way with the MDL or other systems
  • (Bill) There’s no silver bullet for ATO. Several banks including KeyBank presented at Identiverse / Authenticate to reduce ATO using…
  • MDLs can help with account recovery. If you are depending on identity proofing, MDLs are a good way to ease that process.

Mark: George Fletcher and I were discussing this in eKYC

Google’s announcement of “AP2” (Agent Payments Protocol)

  • They’ve included verifiable credentials as a part of it
  • They’ve defined a “human present” and “human not present” scenario
  • W3C community group is looking at this too.

(Nick)

  • AP2 is based on A2A, is trying to use …
  • We’re trying to define a credential that can act as a payment token
  • There are a few interesting ways in which these can be supplied
  • E.g. an agent can be instructed to buy a ticket, but wait a week to find a good time to buy
  • Uses a pre-signed authorization for a specific amount and merchant?
  • 1Password is interested in storing such credentials
  • Demo at Autnenticate conference

(Tom)

  • Trying to put together a taxonomy. I’d like to make progress on it
  • We have talked about having it on the agenda, but haven’t made progress.

(Nick)

  • There’s an on-going issue in MCP about taxonomy
  • Putting together a list of working groups. I can share after this call.

(Tom)

  • I’d like it to be more than just MCP
  • There’s no common language for the groups to talk to each other.

(Nick)

  • Let’s put together a Google Doc and start working on it. We might be duplicating work that is happening in MCP

Tom’s taxonomy doc is here: AAIM.docx
(Gail)

  • Other groups are also depending on this group to develop the taxonomy.
  • It’ll be an impressive win if we can get ITU to use our taxonomy
  • (Tom) The other group is: …

(Govindaraj)

  • (Back to AP2)

(Brian)

  • Curious about who signs the credential for payment. How does trust work?

(Paul): Wallet relying party authentication: https://bmi.usercontent.opencode.de/eudi-wallet/eidas-2.0-architekturkonzept/content/ecosystem-architecture/trust/wallet-relying-party-authentication/#trust-architecture

Clone this wiki locally