National Cybersecurity Center of Excellence (NCCoE) Accelerate Adoption of Digital Identities on Mobile Devices, 59506-59508 [2023-18591]
Download as PDF
<![CDATA[
59506
Federal Register / Vol. 88, No. 166 / Tuesday, August 29, 2023 / Notices
Exporter/producer
Final results of
redetermination
weighted-average
dumping margin
(percent)
Suzano S.A ...............
8.63
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
[Docket No.: 230816–0196]
Cash Deposit Requirements
Because Suzano has a superseding
cash deposit rate, i.e., there have been
final results published in a subsequent
administrative review, we will not issue
revised cash deposit instructions to U.S.
Customs and Border Protection (CBP).
This notice will not affect the current
cash deposit rate.
Liquidation of Suspended Entries
At this time, Commerce remains
enjoined by CIT order from liquidating
entries that: were produced and
exported by Suzano, and were entered,
or withdrawn from warehouse, for
consumption during the period March
1, 2018, through February 28, 2019.
These entries will remain enjoined
pursuant to the terms of the injunction
during the pendency of any appeals
process.
In the event the CIT’s ruling is not
appealed, or, if appealed, upheld by a
final and conclusive court decision,
Commerce intends to instruct CBP to
assess antidumping duties on
unliquidated entries of subject
merchandise produced and exported by
Suzano in accordance with 19 CFR
351.212(b). We will instruct CBP to
assess antidumping duties on all
appropriate entries covered by this
review when the importer-specific ad
valorem assessment rate is not zero or
de minimis. Where an importer-specific
ad valorem assessment rate is zero or de
minimis,15 we will instruct CBP to
liquidate the appropriate entries
without regard to antidumping duties.
Notification to Interested Parties
ddrumheller on DSK120RN23PROD with NOTICES1
This notice is issued and published in
accordance with sections 516A(c) and
(e) and 777(i)(1) of the Act.
Dated: August 23, 2023.
Abdelali Elouaradia,
Deputy Assistant Secretary for Enforcement
and Compliance.
[FR Doc. 2023–18573 Filed 8–28–23; 8:45 am]
BILLING CODE 3510–DS–P
15 See
19 CFR 351.106(c)(2).
VerDate Sep<11>2014
17:03 Aug 28, 2023
Jkt 259001
National Cybersecurity Center of
Excellence (NCCoE) Accelerate
Adoption of Digital Identities on Mobile
Devices
National Institute of Standards
and Technology, Department of
Commerce.
ACTION: Notice.
AGENCY:
The National Institute of
Standards and Technology (NIST)
invites organizations to provide letters
of interest describing technical expertise
and products to support and
demonstrate International Organization
for Standardization/International
Electrotechnical Commission (ISO/IEC)
18013–5 and ISO/IEC 18013–7
standards capabilities for the Accelerate
Adoption of Digital Identities on Mobile
Devices project. This notice is the initial
step for the National Cybersecurity
Center of Excellence (NCCoE) in
collaborating with technology
companies to address cybersecurity
challenges identified under the
Accelerate Adoption of Digital Identities
on Mobile Devices project. Participation
in the project is open to all interested
organizations.
SUMMARY:
Collaborative activities will
commence as soon as enough completed
and signed letters of interest have been
returned to address all the necessary
components and capabilities, but no
earlier than September 28, 2023.
ADDRESSES: The NCCoE is located at
9700 Great Seneca Highway, Rockville,
MD 20850. Letters of interest must be
submitted to mdl-nccoe@nist.gov or via
hardcopy to National Institute of
Standards and Technology, NCCoE;
9700 Great Seneca Highway, Rockville,
MD 20850. Interested parties can access
the letter of interest request by visiting
https://www.nccoe.nist.gov/projects/
digital-identities-mdl and completing
the letter of interest webform. NIST will
announce the completion of the
selection of participants and inform the
public that it is no longer accepting
letters of interest for this project at
https://www.nccoe.nist.gov/projects/
digital-identities-mdl. Organizations
whose letters of interest are accepted in
accordance with the process set forth in
the SUPPLEMENTARY INFORMATION section
of this notice will be asked to sign an
NCCoE consortium Cooperative
Research and Development Agreement
(CRADA) with NIST. An NCCoE
DATES:
PO 00000
Frm 00005
Fmt 4703
Sfmt 4703
consortium CRADA template can be
found at: https://www.nccoe.nist.gov/
publications/other/nccoe-consortiumcrada-example.
FOR FURTHER INFORMATION CONTACT:
Ketan Mehta via email at mdl-nccoe@
nist.gov; by phone at (301) 975–8405; or
by mail to National Institute of
Standards and Technology, NCCoE;
9700 Great Seneca Highway, Rockville,
MD 20850. Additional details about the
Accelerate Adoption of Digital Identities
on Mobile Devices project are available
at https://www.nccoe.nist.gov/projects/
digital-identities-mdl.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of
NIST, is a public-private collaboration
for accelerating the widespread
adoption of integrated cybersecurity
tools and technologies. The NCCoE
brings together experts from industry,
government, and academia under one
roof to develop practical, interoperable
cybersecurity approaches that address
the real-world needs of complex
Information Technology (IT) and
Operational Technology (OT) systems.
By accelerating dissemination and use
of these integrated tools and
technologies for protecting IT and OT
assets, the NCCoE will enhance trust in
U.S. IT and OT communications, data,
and storage systems; reduce risk for
companies and individuals using IT and
OT systems; and encourage
development of innovative, job-creating
cybersecurity products and services.
Process: NIST is soliciting responses
from all sources of relevant security
capabilities (see below) to enter into an
NCCoE Cooperative Research and
Development Agreement (CRADA) to
provide technical expertise and
products to support and demonstrate
ISO/IEC 18013–5 and ISO/IEC 18013–7
standards capabilities for the Accelerate
Adoption of Digital Identities on Mobile
Devices project. The full project can be
viewed at: https://www.nccoe.nist.gov/
projects/digital-identities-mdl.
Interested parties can access the
request for a letter of interest template
by visiting the project website at https://
www.nccoe.nist.gov/projects/digitalidentities-mdl and completing the letter
of interest webform. On completion of
the webform, interested parties will
receive access to the letter of interest
template, which the party must
complete, certify as accurate, and
submit to NIST by email or hardcopy.
NIST will contact interested parties if
there are questions regarding the
responsiveness of the letters of interest
to the project objective or requirements
identified below. NIST will select
participants who have submitted
E:\FR\FM\29AUN1.SGM
29AUN1
ddrumheller on DSK120RN23PROD with NOTICES1
Federal Register / Vol. 88, No. 166 / Tuesday, August 29, 2023 / Notices
complete letters of interest on a first
come, first served basis. The selection of
participants who are Verifiers (aka,
Relying Parties) will also be on a first
come, first served basis; however, NIST
will only select up to two Verifiers per
transaction type. There are five
transaction types which are described in
Section 4 of the project description.
Moreover, NIST may give preference to
Verifiers that propose use of mobile
driver’s license (mDL) as well as other
documents. Participants who are
Verifiers may submit multiple use cases.
Organizations may partner to propose a
single use case; however, each
organization must submit a letter of
interest. There may be continuing
opportunity to participate even after
initial activity commences for
participants who were not selected
initially or have submitted the letter of
interest after the selection process.
When the project has been completed,
NIST will post a notice on the
Accelerate Adoption of Digital Identities
on Mobile Devices project website at
https://www.nccoe.nist.gov/projects/
digital-identities-mdl announcing the
next phase of the project and informing
the public that it will no longer accept
letters of interest for this project.
Selected participants will be required to
enter into an NCCoE consortium
CRADA with NIST (for reference, see
ADDRESSES section above).
Project Objective: Digital identities are
supplementing and supplanting
traditional physical identity cards.
Customers, consumers of services, law
enforcement, vendors, suppliers,
businesses, and health care entities may
require a method of verifying a person
via a mobile device. If these digital
identities on mobile devices are to meet
the demands of varying use cases, there
must be technological interoperability,
security, and cross-domain trust. The
nascent nature of this technology leaves
many challenges to be addressed,
including but not limited to:
• Lack of guidance and governance
for identities on devices.
• Limited capability to evaluate and
validate compliant, standards-based
deployments.
• Limited understanding of the
privacy and usability considerations.
The goal of this project is to define
and facilitate a reference architecture(s)
for digital identities that protects
privacy, is implemented in a secure
way, enables equity, is widely
adoptable, interoperable, and easy to
use. The concepts of cybersecurity,
privacy, and adoptability are critically
important to this overall effort and will
be interweaved into the work of this
project from the beginning. The NCCoE
VerDate Sep<11>2014
17:03 Aug 28, 2023
Jkt 259001
intends to help accelerate the adoption
of the standards, investigate what works
and what does not based upon current
efforts being performed by various
entities, and provide a forum/
environment to discuss and resolve
challenges in implementing ISO/IEC
18013–5 (attended) and ISO/IEC 18013–
7 (over-the-internet) standards.
The scope of this project will include
developing an implementable reference
architecture for the ISO/IEC 18013–5
and ISO/IEC 18013–7 standard and
provide opportunities for validation of
use cases. This effort may also consider
other standards-based initiatives, such
as emerging efforts around W3C’s
Mobile Document Request API
(GitHub—WICG/mobile-documentrequest-api) for mobile document
(mdoc) presentation. Specific outcomes
of this project will be:
1. Open-Source Reader Reference
Implementation—This will be a freely
available tool for testing and evaluating
compliance of mDL implementations
with international standards and will be
used as part of the demonstration efforts
to confirm interoperability of mDL and
mdoc applications for use in the lab.
2. Demonstrations of mDL Use
Cases—These will demonstrate end-toend uses of mDL in attended and overthe-internet use cases. This will include
multiple parties such as issuers of mDL,
mdoc App providers, digital identity
service providers and verifiers (aka,
relying parties) that consume mDLs, all
collaborating to bring practical uses to
life. NCCoE plans to build up to two
demonstrations per transaction type.
There are five transaction types which
are described in Section 4 of the project
description.
3. Practice Guide—This will capture
the lessons of the demonstrations to
provide a usable guide for implementing
mDLs in attended and over-the-internet
scenarios. This will include design,
architecture, integration information
inclusive of leading practice for
security, usability, and privacy based on
the work with our collaborators.
While these standards address the
needs of mDLs, many parts of these
standards apply to mobile documents in
general. Accordingly, this effort will
include presentation of documents other
than mDLs using the mdoc data model
defined in these standards.
Requirements for Letters of Interest
Each responding organization’s letter
of interest should include the following
information in the description:
1. The organization’s role(s) in the project.
The choices are:
a. Verifier (aka, Relying Party),
b. mDL and mdoc App Provider,
PO 00000
Frm 00006
Fmt 4703
Sfmt 4703
59507
c. State DMVs or Other Issuing Authority,
d. Digital Identity Service Provider, and/or
e. Third Party Trust Service Provider.
2. Verifiers should provide a brief
description of each use case being proposed.
3. Document Type(s) the product supports.
Letters of interest should not include
company proprietary information, and
all components and capabilities must be
commercially available.
The NCCoE is inviting organizations
who have implemented or are planning
to implement ISO/IEC 18013–5 and
ISO/IEC 18013–7 (draft) standards to
collaborate and contribute toward
building mDL (also other document
types) demonstrations in the NCCoE lab.
The following are NCCoE expectations
of different types of participants:
• Verifiers are expected to bring use
cases and business processes with use
cases that
Æ Already support mDL/mdoc
functionality,
Æ Are willing to work and integrate
with digital identity service providers to
mDL/mdoc-enable their use case, or
Æ Are willing to integrate NIST opensource reader reference implementation
to mDL/mdoc-enable their use case.
• mDL/mdoc App providers are
expected to meet the minimum
requirements as specified in Section 2 of
the project description.
• mDL/mdoc Issuers are expected to
provide Test mDLs/mdocs.
• Digital Identity service providers
are expected to provide integration
services.
• Third-Party Trust Service Providers
are expected to provide Verified Issuer
Certificate Authority List (VICAL).
Additional details about the
Accelerate Adoption of Digital Identities
on Mobile Devices project are available
at https://www.nccoe.nist.gov/projects/
digital-identities-mdl. NIST cannot
guarantee that all submissions will be
used, or that the products proposed by
respondents will be used in a
demonstration. Each prospective
participant will be expected to work
collaboratively with NIST staff and
other project participants under the
terms of the NCCoE consortium CRADA
in the development of the Accelerate
Adoption of Digital Identities on Mobile
Devices project. Prospective
participants’ contributions to the
collaborative effort will include
assistance in establishing the necessary
interface functionality, connection and
set-up capabilities and procedures,
demonstration harnesses, environmental
and safety conditions for use, integrated
platform user instructions, and
demonstration plans and scripts
necessary to demonstrate a use case.
Each participant will work with NIST
E:\FR\FM\29AUN1.SGM
29AUN1
59508
Federal Register / Vol. 88, No. 166 / Tuesday, August 29, 2023 / Notices
personnel and other participants, as
necessary, to integrate their solution
into a demonstration of a use case.
Following successful demonstration,
NIST will publish a description of each
demonstration that includes information
such as server architecture, device
architecture, usability considerations,
performance characteristics, and lessons
learned that meets the security and
privacy objectives of the Accelerate
Adoption of Digital Identities on Mobile
Devices project. These descriptions will
be public information.
Under the terms of the NCCoE
consortium CRADA, NIST will support
development of interfaces among
participants’ products by providing IT
infrastructure, laboratory facilities,
office facilities, collaboration facilities,
and staff support to component
composition, security platform
documentation, and demonstration
activities.
The dates of the demonstration of
Accelerate Adoption of Digital Identities
on Mobile Devices project capability
will be announced on the NCCoE
website at least two weeks in advance
at https://www.nccoe.nist.gov/projects/
digital-identities-mdl. The expected
outcome will demonstrate how the
components of the Accelerate Adoption
of Digital Identities on Mobile Devices
project architecture can provide security
and privacy capabilities to mitigate
potential risks to digital identities
throughout their lifecycle. Participating
organizations will gain from the
knowledge that their products are
interoperable with other participants’
offerings.
For additional information on the
NCCoE governance, business processes,
and NCCoE operational structure, visit
the NCCoE website https://
nccoe.nist.gov/.
Alicia Chambers,
NIST Executive Secretariat.
[FR Doc. 2023–18591 Filed 8–28–23; 8:45 am]
BILLING CODE 3510–13–P
DEPARTMENT OF COMMERCE
ddrumheller on DSK120RN23PROD with NOTICES1
National Institute of Standards and
Technology
National Artificial Intelligence Advisory
Committee
National Institute of Standards
and Technology, Department of
Commerce.
ACTION: Notice of open meeting.
AGENCY:
The National Institute of
Standards and Technology (NIST)
announces that the National Artificial
SUMMARY:
VerDate Sep<11>2014
17:03 Aug 28, 2023
Jkt 259001
Intelligence Advisory Committee
(NAIAC or Committee) will hold an
open meeting via web conference on
September 12, 2023, from 2:00–3:30
p.m. Eastern time. The primary purpose
of this meeting is for the Committee
members to share and discuss updates
on each working group’s goals and
deliverables, including those of the
NAIAC Law Enforcement
Subcommittee. The final agenda will be
posted to the NAIAC website: ai.gov/
naiac/.
DATES: The meeting will be held on
Tuesday, September 12, 2023 from
2:00–3:30 p.m. Eastern time.
ADDRESSES: The meeting will be held
via web conference. Please see the
SUPPLEMENTARY INFORMATION section of
this notice for instructions on how to
attend.
FOR FURTHER INFORMATION CONTACT:
Alicia Chambers, Committee Liaison
Officer, National Institute of Standards
and Technology, 100 Bureau Drive, MS
1000, Gaithersburg, MD 20899,
alicia.chambers@nist.gov or 301–975–
5333, or Melissa Banner, Designated
Federal Officer, National Institute of
Standards and Technology, 100 Bureau
Drive, MS 1000, Gaithersburg, MD
20899, melissa.banner@nist.gov or 301–
975–5245. Please direct any inquiries to
naiac@nist.gov.
SUPPLEMENTARY INFORMATION: Pursuant
to the Federal Advisory Committee Act,
as amended, 5 U.S.C 1001 et seq., notice
is hereby given that the NAIAC will
meet on Tuesday, September 12, 2023
from 2:00–3:30 p.m. Eastern time. The
meeting will be open to the public and
will be held virtually via web
conference. The primary purpose of this
meeting is for the Committee members
to share and discuss updates on each
working group’s goals and deliverables,
including those of the NAIAC Law
Enforcement Subcommittee. The final
agenda will be posted to the NAIAC
website: ai.gov/naiac/.
The NAIAC is authorized by Section
5104 of the National Artificial
Intelligence Initiative Act of 2020 (Pub.
L. 116–283), in accordance with the
provisions of the Federal Advisory
Committee Act, as amended (FACA), 5
U.S.C. 1001 et seq. The Committee
advises the President and the National
Artificial Intelligence Initiative Office
on matters related to the National
Artificial Intelligence Initiative.
Additional information on the NAIAC is
available at ai.gov/naiac/.
Comments: Individuals and
representatives of organizations who
would like to offer comments and
suggestions related to items on the
Committee’s agenda for this meeting are
PO 00000
Frm 00007
Fmt 4703
Sfmt 4703
invited to submit comments in advance
of the meeting. Approximately ten
minutes will be reserved for public
comments, which will be read on a firstcome, first-served basis. Please note that
all comments submitted via email will
be treated as public documents and will
be made available for public inspection.
All comments must be submitted via
email with the subject line ‘‘September
12, 2023, NAIAC Meeting Comments’’ to
naiac@nist.gov by 5:00 p.m. Eastern
Time, Monday, September 11, 2023.
NIST will not accept comments
accompanied by a request that part or
all of the comment be treated
confidentially because of its business
proprietary nature or for any other
reason. Therefore, do not submit
confidential business information or
otherwise sensitive, protected, or
personal information, such as account
numbers, Social Security numbers, or
names of other individuals.
Virtual Admittance Instructions: The
meeting will be broadcast via web
conference. Registration is required to
view the web conference. Instructions to
register will be made available on
ai.gov/naiac/#MEETINGS. Registration
will remain open until the conclusion of
the meeting.
Alicia Chambers,
NIST Executive Secretariat.
[FR Doc. 2023–18542 Filed 8–28–23; 8:45 am]
BILLING CODE 3510–13–P
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
National Artificial Intelligence Advisory
Committee Law Enforcement
Subcommittee
National Institute of Standards
and Technology, Department of
Commerce.
ACTION: Notice of open meeting.
AGENCY:
The National Institute of
Standards and Technology (NIST)
announces that the National Artificial
Intelligence Advisory Committee’s Law
Enforcement Subcommittee (NAIAC–LE
or Subcommittee) will hold an open
meeting via web conference on
September 12, 2023, from 12:30 to 1:30
p.m. Eastern time. The primary purpose
of this meeting is for the Subcommittee
members to share and discuss updates
on goals and deliverables. The final
agenda will be posted to the NAIAC
website: ai.gov/naiac/.
DATES: The meeting will be held on
Tuesday, September 12, 2023 from
12:30–1:30 p.m. Eastern time.
SUMMARY:
E:\FR\FM\29AUN1.SGM
29AUN1
]]>Agencies
[Federal Register Volume 88, Number 166 (Tuesday, August 29, 2023)]
[Notices]
[Pages 59506-59508]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-18591]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No.: 230816-0196]
National Cybersecurity Center of Excellence (NCCoE) Accelerate
Adoption of Digital Identities on Mobile Devices
AGENCY: National Institute of Standards and Technology, Department of
Commerce.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
invites organizations to provide letters of interest describing
technical expertise and products to support and demonstrate
International Organization for Standardization/International
Electrotechnical Commission (ISO/IEC) 18013-5 and ISO/IEC 18013-7
standards capabilities for the Accelerate Adoption of Digital
Identities on Mobile Devices project. This notice is the initial step
for the National Cybersecurity Center of Excellence (NCCoE) in
collaborating with technology companies to address cybersecurity
challenges identified under the Accelerate Adoption of Digital
Identities on Mobile Devices project. Participation in the project is
open to all interested organizations.
DATES: Collaborative activities will commence as soon as enough
completed and signed letters of interest have been returned to address
all the necessary components and capabilities, but no earlier than
September 28, 2023.
ADDRESSES: The NCCoE is located at 9700 Great Seneca Highway,
Rockville, MD 20850. Letters of interest must be submitted to [email protected] or via hardcopy to National Institute of Standards and
Technology, NCCoE; 9700 Great Seneca Highway, Rockville, MD 20850.
Interested parties can access the letter of interest request by
visiting https://www.nccoe.nist.gov/projects/digital-identities-mdl and
completing the letter of interest webform. NIST will announce the
completion of the selection of participants and inform the public that
it is no longer accepting letters of interest for this project at
https://www.nccoe.nist.gov/projects/digital-identities-mdl.
Organizations whose letters of interest are accepted in accordance with
the process set forth in the SUPPLEMENTARY INFORMATION section of this
notice will be asked to sign an NCCoE consortium Cooperative Research
and Development Agreement (CRADA) with NIST. An NCCoE consortium CRADA
template can be found at: https://www.nccoe.nist.gov/publications/other/nccoe-consortium-crada-example.
FOR FURTHER INFORMATION CONTACT: Ketan Mehta via email at [email protected]; by phone at (301) 975-8405; or by mail to National
Institute of Standards and Technology, NCCoE; 9700 Great Seneca
Highway, Rockville, MD 20850. Additional details about the Accelerate
Adoption of Digital Identities on Mobile Devices project are available
at https://www.nccoe.nist.gov/projects/digital-identities-mdl.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of NIST, is a public-private
collaboration for accelerating the widespread adoption of integrated
cybersecurity tools and technologies. The NCCoE brings together experts
from industry, government, and academia under one roof to develop
practical, interoperable cybersecurity approaches that address the
real-world needs of complex Information Technology (IT) and Operational
Technology (OT) systems. By accelerating dissemination and use of these
integrated tools and technologies for protecting IT and OT assets, the
NCCoE will enhance trust in U.S. IT and OT communications, data, and
storage systems; reduce risk for companies and individuals using IT and
OT systems; and encourage development of innovative, job-creating
cybersecurity products and services.
Process: NIST is soliciting responses from all sources of relevant
security capabilities (see below) to enter into an NCCoE Cooperative
Research and Development Agreement (CRADA) to provide technical
expertise and products to support and demonstrate ISO/IEC 18013-5 and
ISO/IEC 18013-7 standards capabilities for the Accelerate Adoption of
Digital Identities on Mobile Devices project. The full project can be
viewed at: https://www.nccoe.nist.gov/projects/digital-identities-mdl.
Interested parties can access the request for a letter of interest
template by visiting the project website at https://www.nccoe.nist.gov/projects/digital-identities-mdl and completing the letter of interest
webform. On completion of the webform, interested parties will receive
access to the letter of interest template, which the party must
complete, certify as accurate, and submit to NIST by email or hardcopy.
NIST will contact interested parties if there are questions regarding
the responsiveness of the letters of interest to the project objective
or requirements identified below. NIST will select participants who
have submitted
[[Page 59507]]
complete letters of interest on a first come, first served basis. The
selection of participants who are Verifiers (aka, Relying Parties) will
also be on a first come, first served basis; however, NIST will only
select up to two Verifiers per transaction type. There are five
transaction types which are described in Section 4 of the project
description. Moreover, NIST may give preference to Verifiers that
propose use of mobile driver's license (mDL) as well as other
documents. Participants who are Verifiers may submit multiple use
cases. Organizations may partner to propose a single use case; however,
each organization must submit a letter of interest. There may be
continuing opportunity to participate even after initial activity
commences for participants who were not selected initially or have
submitted the letter of interest after the selection process. When the
project has been completed, NIST will post a notice on the Accelerate
Adoption of Digital Identities on Mobile Devices project website at
https://www.nccoe.nist.gov/projects/digital-identities-mdl announcing
the next phase of the project and informing the public that it will no
longer accept letters of interest for this project. Selected
participants will be required to enter into an NCCoE consortium CRADA
with NIST (for reference, see ADDRESSES section above).
Project Objective: Digital identities are supplementing and
supplanting traditional physical identity cards. Customers, consumers
of services, law enforcement, vendors, suppliers, businesses, and
health care entities may require a method of verifying a person via a
mobile device. If these digital identities on mobile devices are to
meet the demands of varying use cases, there must be technological
interoperability, security, and cross-domain trust. The nascent nature
of this technology leaves many challenges to be addressed, including
but not limited to:
Lack of guidance and governance for identities on devices.
Limited capability to evaluate and validate compliant,
standards-based deployments.
Limited understanding of the privacy and usability
considerations.
The goal of this project is to define and facilitate a reference
architecture(s) for digital identities that protects privacy, is
implemented in a secure way, enables equity, is widely adoptable,
interoperable, and easy to use. The concepts of cybersecurity, privacy,
and adoptability are critically important to this overall effort and
will be interweaved into the work of this project from the beginning.
The NCCoE intends to help accelerate the adoption of the standards,
investigate what works and what does not based upon current efforts
being performed by various entities, and provide a forum/environment to
discuss and resolve challenges in implementing ISO/IEC 18013-5
(attended) and ISO/IEC 18013-7 (over-the-internet) standards.
The scope of this project will include developing an implementable
reference architecture for the ISO/IEC 18013-5 and ISO/IEC 18013-7
standard and provide opportunities for validation of use cases. This
effort may also consider other standards-based initiatives, such as
emerging efforts around W3C's Mobile Document Request API (GitHub--
WICG/mobile-document-request-api) for mobile document (mdoc)
presentation. Specific outcomes of this project will be:
1. Open-Source Reader Reference Implementation--This will be a
freely available tool for testing and evaluating compliance of mDL
implementations with international standards and will be used as part
of the demonstration efforts to confirm interoperability of mDL and
mdoc applications for use in the lab.
2. Demonstrations of mDL Use Cases--These will demonstrate end-to-
end uses of mDL in attended and over-the-internet use cases. This will
include multiple parties such as issuers of mDL, mdoc App providers,
digital identity service providers and verifiers (aka, relying parties)
that consume mDLs, all collaborating to bring practical uses to life.
NCCoE plans to build up to two demonstrations per transaction type.
There are five transaction types which are described in Section 4 of
the project description.
3. Practice Guide--This will capture the lessons of the
demonstrations to provide a usable guide for implementing mDLs in
attended and over-the-internet scenarios. This will include design,
architecture, integration information inclusive of leading practice for
security, usability, and privacy based on the work with our
collaborators.
While these standards address the needs of mDLs, many parts of
these standards apply to mobile documents in general. Accordingly, this
effort will include presentation of documents other than mDLs using the
mdoc data model defined in these standards.
Requirements for Letters of Interest
Each responding organization's letter of interest should include
the following information in the description:
1. The organization's role(s) in the project. The choices are:
a. Verifier (aka, Relying Party),
b. mDL and mdoc App Provider,
c. State DMVs or Other Issuing Authority,
d. Digital Identity Service Provider, and/or
e. Third Party Trust Service Provider.
2. Verifiers should provide a brief description of each use case
being proposed.
3. Document Type(s) the product supports.
Letters of interest should not include company proprietary
information, and all components and capabilities must be commercially
available.
The NCCoE is inviting organizations who have implemented or are
planning to implement ISO/IEC 18013-5 and ISO/IEC 18013-7 (draft)
standards to collaborate and contribute toward building mDL (also other
document types) demonstrations in the NCCoE lab. The following are
NCCoE expectations of different types of participants:
Verifiers are expected to bring use cases and business
processes with use cases that
[cir] Already support mDL/mdoc functionality,
[cir] Are willing to work and integrate with digital identity
service providers to mDL/mdoc-enable their use case, or
[cir] Are willing to integrate NIST open-source reader reference
implementation to mDL/mdoc-enable their use case.
mDL/mdoc App providers are expected to meet the minimum
requirements as specified in Section 2 of the project description.
mDL/mdoc Issuers are expected to provide Test mDLs/mdocs.
Digital Identity service providers are expected to provide
integration services.
Third-Party Trust Service Providers are expected to
provide Verified Issuer Certificate Authority List (VICAL).
Additional details about the Accelerate Adoption of Digital
Identities on Mobile Devices project are available at https://www.nccoe.nist.gov/projects/digital-identities-mdl. NIST cannot
guarantee that all submissions will be used, or that the products
proposed by respondents will be used in a demonstration. Each
prospective participant will be expected to work collaboratively with
NIST staff and other project participants under the terms of the NCCoE
consortium CRADA in the development of the Accelerate Adoption of
Digital Identities on Mobile Devices project. Prospective participants'
contributions to the collaborative effort will include assistance in
establishing the necessary interface functionality, connection and set-
up capabilities and procedures, demonstration harnesses, environmental
and safety conditions for use, integrated platform user instructions,
and demonstration plans and scripts necessary to demonstrate a use
case. Each participant will work with NIST
[[Page 59508]]
personnel and other participants, as necessary, to integrate their
solution into a demonstration of a use case. Following successful
demonstration, NIST will publish a description of each demonstration
that includes information such as server architecture, device
architecture, usability considerations, performance characteristics,
and lessons learned that meets the security and privacy objectives of
the Accelerate Adoption of Digital Identities on Mobile Devices
project. These descriptions will be public information.
Under the terms of the NCCoE consortium CRADA, NIST will support
development of interfaces among participants' products by providing IT
infrastructure, laboratory facilities, office facilities, collaboration
facilities, and staff support to component composition, security
platform documentation, and demonstration activities.
The dates of the demonstration of Accelerate Adoption of Digital
Identities on Mobile Devices project capability will be announced on
the NCCoE website at least two weeks in advance at https://www.nccoe.nist.gov/projects/digital-identities-mdl. The expected
outcome will demonstrate how the components of the Accelerate Adoption
of Digital Identities on Mobile Devices project architecture can
provide security and privacy capabilities to mitigate potential risks
to digital identities throughout their lifecycle. Participating
organizations will gain from the knowledge that their products are
interoperable with other participants' offerings.
For additional information on the NCCoE governance, business
processes, and NCCoE operational structure, visit the NCCoE website
https://nccoe.nist.gov/.
Alicia Chambers,
NIST Executive Secretariat.
[FR Doc. 2023-18591 Filed 8-28-23; 8:45 am]
BILLING CODE 3510-13-P
