This past quarter has been particularly promising regarding the adoption of digital identities. The European Commission launched a public consultation, “Have Your Say,” inviting stakeholders to provide feedback on various aspects of the EU Digital Identity Framework. Critical components such as wallet cybersecurity certification, credential issuance and presentation, data models and format standards, and the EU trust framework, among other relevant elements, were opened for discussion.
Simultaneously, the National Institute of Standards and Technology (NIST) released a draft of its Digital Identity Guidelines, seeking input on the role of Credential Service Providers (CSPs) and definitions related to Identity and Authentication Assurance Levels. NIST also published a draft concerning the Attribute Validation System (AVS), offering insights into future advancements in secure identity proofing and authentication, and especially the role that PKDs (Public Key Directory) might play as a source of trust.
References to the ICAO PKD (for passports) and the AMMVA DTS (for U.S. mobile driver’s licenses) illustrate a clear pathway for relying on these infrastructures as trust frameworks for credential issuance and presentation. Discussions with other technologies providers and digital identity stakeholders suggest that a brokerage role might emerge to achieve interoperability between the different existing ecosystems and future ones.
Furthermore, several emerging protocols and standards, drawn from these drafts, are expected to shape the future landscape of digital identity adoption. Both the EU and the U.S. are prioritizing the ISO/IEC 18013 mDOC Standard, and the W3C Verifiable Credentials (VC) Data Model as key standards for data models, while the ISO/IEC 18013-5 Mobile Security Object (MSO), IETF Selective Disclosure (SD-JWT), and W3C JSON-LD are the widely adopted formats for credentials.
Moreover, protocols like OpenID for Verifiable Credential Issuance (OID4VCI), ISO 23220-3 Cards and security devices for personal identification, and the Verifiable Credentials API v0.3 are emerging as the protocols of choice for credential issuance, while for online credential presentation, ISO/IEC TS 18013-7, OpenID for Verifiable Presentations (OID4VP), and the Verifiable Presentation Request v2024 are becoming the leading standards.
Finally, these protocols, standards, initiatives, and pilots currently hinge on the cryptographic holder binding principle for credential presentation—requiring proof that the presenter holds a valid credential. FACEPHI is contributing to IATA’s Strategic Partnerships Proof of Concepts by leveraging credential issuance as a service, with identity verification technologies, and biometric-based credential presentation as an additional layer of security while authenticating a passenger. This advancement is set to enhance security by verifying ownership through biometric authentication, facilitating the adoption of digital identities in sectors that demand the highest security standards, such as immigration.
Author: Miguel Santos Luparelli Mathieu, Facephi's Product Innovation Director
