Episode 169 - GluuFederation/identerati-office-hours GitHub Wiki

Title: QR Code Identity Presentation

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Resham Chugani, Product Manager at MOSIP
• Guest: Jeremi Joslin, Executive Director OpenSPP

Channels

• Linkedin Event
• Youtube Video
• Short - Resham
• Short - Jeremi

Description

MOSIP Claim 169 version 1.2 aims to standardize how identity data travels in compact QR codes using CBOR and CWT. But in practice, that raises a host of practical questions: can a usable face photo actually fit inside a few kilobytes of QR payload, who is deploying Claim 169 today across digital public infrastructure ecosystems, and how should verifiers handle schema versions, issuer trust, and multi-issuer federation? In this episode of Identerati Office Hours (IOH), we dig into the real engineering and governance questions behind portable identity tokens—from QR capacity limits and image formats to selective disclosure and policy enforcement.

Homework

• CBOR Identity Data in QR Code
• Claim 169 Playground

Takeaways

• ⚡ A QR code is not inherently secure just because it looks opaque. The real value comes from packaging identity data in a signed, standardized format that verifiers can trust and validate offline. RFC 8392 -- CBOR Web Token or CWT -- is a "compact means of representing claims to be transferred between two parties." One possible claim for a CWT is "identity_data", which is CWT claim key 169. The IANA docs for claim 169 link to MOSIP's v1.2 schema. See: https://www.iana.org/assignments/cwt/cwt.xhtml

• ⚡ Claim 169 is trying to solve a very practical problem: how to verify identity offline when connectivity, devices, and infrastructure are limited. That makes it especially relevant for humanitarian aid, social protection, and cross-border scenarios.

• ⚡ Usable face image can actually fit inside a signed QR payload. With aggressive compression and careful preprocessing, facial images around 600 bytes may still be viable for low-assurance matching.

• ⚡ Claim 169 is attractive because it can be printed on paper or plastic, not just shown from a phone. That makes it more inclusive for refugees, low-resource populations, and anyone without a reliable device--good for temporary or program-specific credentials for crisis response and field service delivery.

• ⚡ The hardest problem is not encoding the data but managing trust. Cross-border adoption will depend on governance, key management, and agreement on which issuers and signatures verifiers should accept.

Livestream Audio Archive

here