User Guide
This user guide demonstrates building an application that can verify and/or share mDLs with the SpruceID Rust ISOmDL library.
Last updated
Was this helpful?
This user guide demonstrates building an application that can verify and/or share mDLs with the SpruceID Rust ISOmDL library.
Last updated
Was this helpful?
See more examples and simulated device and reader test cases at the open source GitHub repository:
Available device retrieval methods include WiFi, BLE, and NFC. More than one device retrieval method may be accessible for the session.
Devices store verifiable documents and create sessions that allow Readers to request this verifiable data. To start a new session, the device uses the device module to call the SessionManagerInit::initialize method. This method provides the Reader with a list of available documents that can be presented, as well as any optional DeviceRetrievalMethods that can be used to transfer the data.
Device retrieval methods include WiFi, BLE (Bluetooth Low Energy), and NFC. During the session, more than one method can be made available.
Additionally, the device can optionally specify a remote server retrieval method for data transfer, using the ServerRetrievalMethods type.
Once the session data is established, the device can share the QR code URI created by the qr_engagement method with the reader. In an mDL wallet application, this typically looks like a QR code displayed on the mobile driver's license card. The Reader will use the QR code URI, along with a request element to establish a reader session.
Once the Reader has established a session with the necessary request elements using the establish_session method, a CBOR-serialized byte payload called session_request is returned, which is then sent to the device for processing.
When the device receives the session request, it deserializes the raw CBOR bytes and processes the session establishment by calling the SessionManagerEngage::process_session_establishment method. After processing the session request, a SessionManager instance is returned. Session Manager
The SessionManager instance offers a prepare_response method, which processes the requested session items based on a set of permitted items. This method updates the internal state of the device session to "Signing."
When the SessionManager is in the Signing state, the get_next_signature_payload method is used to return the payloads that need to be signed. These payloads are signed using the SessionManager's private key.
Once a payload is signed, the submit_next_signature method is called to update the internal state of the SessionManager with the signed messages. After the signature is submitted, the device prepares an encrypted response using the shared key that was established during session setup. The internal state of the SessionManager is then set to "ReadyToRespond," along with the CBOR-serialized encrypted response.
Once the response has been prepared, the SessionManager provides a retrieve_response method that can be used to return the documents that have been signed by the device. The response is sent to the reader and processed by the reader's session manager, using the handle_response method.
Based on the result of the handle_response method, the verifier of the mDL can decide to provide or deny access to the mDL holder or to continue with any other business logic.
Based on the result of the handle_response method, the verifier of the mDL can decide to provide or deny access to the mDL holder or to continue with any other business logic.
The isomdl library currently only supports data elements belonging to the core namespace defined in the ISO/IEC 18013-5 specification along with the namespace defined by AAMVA for mDLs issued by US states. If your needs exceed what is currently offered, we invite you to file an issue on our
The isomdl library currently only supports data elements belonging to the core namespace defined in the ISO/IEC 18013-5 specification, along with the namespace defined by AAMVA for mDLs issued by US states. If your needs exceed what is currently offered, we invite you to file an issue on our .