Comment on page
Digital identity is a burgeoning paradigm for how people create relationships digitally with peers, companies, and governments. As a result, there is a wide cohort of organizations and bodies that are involved in crafting the future of standards and how implementations can interoperate to protect the interests and privacy of individuals.
Here is a non-exhaustive list of the players to be aware of and a summary of their contributions to the space:
The ACLU is a national nonprofit organization with chapters in all 50 states, plus Washington D.C. and Puerto Rico. The group is dedicated to protecting and increasing all human rights and civil liberties, especially through legislation. It is typically the first to respond to privacy, identity, and data protection developments.
The group advocates for individuals to control as much of their online identity as possible. As states across the country have been developing digital identity and data privacy legislation in the internet age, the ACLU has been front and center. In May 2021, they published a report on the potential dangers--and benefits--they see with mobile driver's license systems.
The American National Standards Institute (ANSI) is a non-profit organization that oversees the development of voluntary consensus standards for various industries, including information technology. ANSI has been involved in the development of digital identity standards through its role in accrediting standards development organizations, such as the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (NIST).
In the realm of digital identity, ANSI has contributed to the development of standards related to identity management, including the development of the ANSI X9.79 standard for digital signatures and the ANSI INCITS 498 standard for identity and access management. These standards aim to promote interoperability and security in digital identity systems, as well as to ensure that identity management systems are accessible and usable for all individuals.
The Association of American Motor Vehicle Administrators (AAMVA) is a non-profit organization representing state, provincial, and territorial officials in the United States and Canada who administer and enforce motor vehicle laws. The group also counts associations, organizations, and businesses that share an interest in its goals as members.
AAMVA creates model programs that DMVs across the US and Canada can choose to implement, allowing for best practices to be developed, tested, and eventually followed, and for motor vehicle programs to have uniformity and reciprocity across state lines. For instance, State-to-State is a verification service that provides states with the information to ensure an individual doesn't have a valid license in two different jurisdictions. These services are a very tight and intensive technical integration with each state and contribute significantly to the trust and high level of assurance entities and society has in state-issued IDs and licenses.
AAMVA also houses a research and development program and serves as an advocate and liaison between its members, other government bodies, and the private sector.
The Better Identity Coalition is a group of public and private organizations in the United States that are working together to promote the development and adoption of more secure, user-friendly digital identity solutions.
The Coalition focuses on four key areas: enhancing identity proofing, improving authentication and authorization methods, increasing the use of identity data in decision-making, and promoting privacy and security. The coalition brings together a wide range of stakeholders, including technology companies, financial institutions, consumer advocates, and government agencies, to collaborate on these issues and develop best practices and standards for digital identity.
The group also advocates for the use of open standards and frameworks, such as those developed by the National Institute of Standards and Technology (NIST), and supports the development of emerging technologies like biometrics, blockchain, and artificial intelligence in the context of digital identity.
The Decentralized Identity Foundation (DIF) is a non-profit organization that aims to promote the development of decentralized identity technologies and standards. DIF seeks to create an open, decentralized, and interoperable identity ecosystem that empowers individuals, organizations, and devices to control and share their digital identities securely and efficiently. DIF members include technology companies, non-profits, governments, and academic institutions.
DIF members collaborate to build decentralized identity solutions prioritizing users' privacy, security, and control over their data. The organization has developed a set of technical specifications and protocols to support interoperability between different decentralized identity systems.
The US Department of Homeland Security (DHS) is a federal agency responsible for securing the nation's borders and ensuring public safety. One of its initiatives is the implementation of the RealID system, which is a set of federal standards for state-issued identification cards and driver's licenses.
The Digital Identification and Authentication Council of Canada (DIACC) is a non-profit organization that aims to establish a secure and privacy-enhancing digital identification and authentication ecosystem in Canada. The Council comprises members from the private sector, government, and academia. It works to develop a common framework and approach for digital identity and authentication that all organizations in Canada can adopt.
The DIACC focuses on addressing challenges and developing solutions for issues such as identity theft, fraud, and online authentication, as well as promoting the use of digital identities for individuals and organizations in Canada. It also works to ensure that the use of digital identities is secure, trustworthy, and interoperable across different sectors and jurisdictions.
The DIACC has developed a set of principles for digital identity called the Pan-Canadian Trust Framework, which outlines the standards and requirements for digital identity and authentication in Canada. The Council also promotes collaboration among its members to develop innovative solutions for the evolving digital landscape and advocacy efforts to raise awareness and encourage the adoption of digital identity solutions.
The Digital Identity and Data Sovereignty Association (DIDAS) is a Swiss non-profit organization that works to educate the public on and advance the development and adoption of decentralized, user-centric digital identity solutions that prioritize privacy, security, and interoperability. The group advocates for the use of decentralized identity solutions such as self-sovereign identity (SSI) systems that allow individuals to control their own digital identities and personal data.
The Electronic Frontier Foundation (EFF) is a non-profit organization that defends digital civil liberties such as privacy, freedom of expression, and consumer rights. It advocates for strong privacy laws, against government surveillance, and for balanced copyright policies. The EFF also provides resources and support to individuals and organizations fighting for their rights online. Its goal is to promote a free and open internet.
The EFF, along with the Americans for Civil Liberties Union (ACLU) and the Electronic Privacy Information Center (EPIC), co-authored a letter to the Department of Homeland Security (DHS) on mobile driver's licenses in July of 2021, outlining the potential dangers and benefits of their adoption and recommending essential considerations in designing such systems.
The Electronic Privacy Information Center (EPIC) is a non-profit research center focused on privacy and civil liberties issues in the digital age. It advocates for privacy-protective laws, conducts digital investigations, and participates in privacy-related legal cases. EPIC also provides information and resources on privacy and technology to the public and works to promote transparency and accountability in government and industry practices. Its goal is to protect privacy and civil liberties in the digital age.
EPIC has been vocal in its concerns about user privacy in light of developments on the Department of Homeland Security's RealID program. And, along with the Electronic Frontiers Foundation (EFF) and the Americans for Civil Liberties Union (ACLU), EPIC co-authored a letter to the Department of Homeland Security (DHS) on mobile driver's licenses in July of 2021, outlining the potential dangers and benefits of their adoption and recommending essential considerations in designing such systems.
The European Telecommunications Standards Institute (ETSI) is an independent, non-profit organization that develops standards for telecommunications and other electronic communications networks and services. ETSI is essential in developing digital identity standards in Europe and beyond.
ETSI has developed several key standards related to digital identity, including the Mobile Signature Service (MSS), which provides a secure and standardized way for users to digitally sign electronic documents using their mobile devices. MSS is based on PKI (public key infrastructure) and provides a high level of security and authenticity.
ETSI has also been involved in developing standards for eIDAS (electronic IDentification, Authentication, and trust Services)--a European Union regulation regulatory framework. eIDAS defines the rules and requirements for electronic signatures, seals, time stamps, and other trust services used across the EU.
The Fast Identity Online (FIDO) Alliance is a consortium dedicated to improving online security and privacy. Established in 2013, it creates open and interoperable standards for secure online authentication. The FIDO Alliance is known for developing the FIDO Universal Authentication Framework and FIDO Universal Second Factor protocols, which allow for secure authentication using biometrics and one-time codes instead of passwords. Many leading technology companies are members and implementing FIDO-compliant technologies. The FIDO Alliance is recognized as a significant player in online security and privacy.
The Global System for Mobile Communications Association (GSMA) is an industry organization that oversees the development and implementation of GSM technology. It has played an essential role in developing digital identity standards for mobile devices.
The GSMA has developed several key standards related to digital identity, including the Mobile Connect framework, which provides a secure and standardized way for users to authenticate themselves to online services using their mobile devices. Mobile Connect is based on the OpenID Connect and OAuth 2.0 protocols, and it allows users to access online services without the need for usernames and passwords.
The GSMA has also been involved in developing standards for eSIMs (embedded SIMs), which are SIM cards built into devices and can be programmed over the air. eSIMs can be used to securely store digital identities and enable secure authentication for a wide range of services. The GSMA has developed technical specifications for eSIMs and works with mobile network operators and device manufacturers to promote their adoption.
The ID2020 Alliance is a global public-private partnership that aims to provide digital identities for people lacking access to traditional identification forms. The organization is focused on developing and implementing a standards-based, user-managed, portable, and privacy-protecting digital identity system that is accessible to everyone, including refugees, stateless persons, and others who are underserved by traditional identity systems. The ID2020 Alliance brings together stakeholders from the public sector, private sector, and civil society to collaborate on the design, development, and deployment of digital identity solutions that are secure, scalable, and inclusive.
IDunion SCE is a European cooperative society focused on developing decentralized digital identity solutions. The organization comprises companies, research institutions, and other stakeholders working together to create a user-centric, privacy-preserving digital identity ecosystem. IDunion's mission is to develop interoperable decentralized identity solutions and best practices that enable individuals and organizations to control their data and to promote the adoption of such solutions across Europe.
The Information Technology Laboratory (ITL) is a division of the National Institute of Standards and Technology (NIST) within the US Department of Commerce. The ITL is responsible for developing and promoting measurement, testing, and standards to advance cybersecurity and other areas of information technology.
As part of its work, the ITL has developed a variety of standards and guidelines related to digital identity, including those related to authentication, access control, and biometric technologies. The ITL also collaborates with other organizations and US government agencies to advance cybersecurity and privacy. It also provides resources and tools for industry, government, and other entities to improve their security posture.
The Institute of Electrical and Electronics Engineers (IEEE) is the world's largest global professional association, with over 400,000 members in more than 160 countries. It is involved in a wide range of technical fields, publishes technical publications, sponsors conferences, and offers educational and career development resources for its members. IEEE also promotes ethics, diversity, and inclusion within the engineering profession.
The IEEE is actively involved in developing and promoting digital identity standards, which aim to enhance online security and privacy. It is a member of the National Strategy for Trusted Identities in Cyberspace (NSTIC), a federal initiative in the United States aimed at creating an "identity ecosystem" that is secure, convenient, and privacy-enhancing. IEEE is also involved in developing the IEEE 2410 standard, which focuses on the use of digital identity in smart grid systems.
The International Committee for Information Technology Standards (INCITS) is a non-profit organization accredited by the American National Standards Institute (ANSI) that develops and promotes standards for information and communications technologies (ICT). It is responsible for developing and maintaining standards in programming languages, character sets, security, storage, networking, and more.
INCITS brings together experts from industry, government, and academia to develop consensus-based standards through a voluntary, open, and transparent process. Its membership includes more than 100 companies, government agencies, and other organizations from the United States and abroad.
The group develops standards for various aspects of digital identity, such as authentication protocols, public key cryptography, and biometric technologies. For example, it has developed standards for the use of smart cards in identity management systems, including the Personal Identity Verification (PIV) card used by US federal agencies.
The Committee also participates in international efforts to develop standards for digital identity, such as those led by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
The International Electrotechnical Commission (IEC) is a global organization that develops and promotes international standards for electrical and electronic technologies. The IEC works with organizations such as the International Organization for Standardization (ISO), the International Telecommunication Union (ITU), and the International Accreditation Forum (IAF) to develop standards for digital identity management.
The IEC has helped and is continuing to help develop the ISO/IEC 18013 mobile driver's license standards, which provide technical, design, and policy specifications for mobile driver's licenses and related systems. They also set security, authenticity, and validity requirements, promoting interoperability and consistency between different implementations. The IEC's work on this standard is part of its broader efforts to advance the safe and effective use of technology in the transportation sector by improving the safety and efficiency of roadways all while protecting drivers' privacy.
The International Organization for Standardization (ISO) is an independent, non-governmental international organization that develops and publishes standards to ensure the quality, safety, and efficiency of products and services worldwide. ISO also provides training and support for the use and implementation of its standards. The group's work helps advance the global economy by promoting safe, reliable, and consistent technology systems and practices, including digital identity.
ISO Standard 18013, for example, is a standard that specifies the technical and interoperability requirements for digital identity in the form of mobile driver's licenses (mDLs). mDLs are cryptographically signed ID documents that can be stored on a mobile device such as a smartphone or tablet. They are designed to provide a more convenient and secure way for individuals to prove their identity and driving privileges.
The creation of ISO 18013 involves the collaboration of experts from various countries and organizations, including government agencies, industry associations, academic bodies, and technology companies. The standard covers a range of topics, including the format and content of mDLs, the security and privacy requirements for storing and transmitting mDL data, and the technical specifications for reading and verifying mDLs.
The standard is intended to facilitate the development of mDL systems that can be used globally, with the aim of providing a more streamlined and secure approach to verifying identity and driving privileges. It is also designed to ensure that mDL systems are interoperable, meaning that mDLs issued in one jurisdiction can be recognized and accepted by others. ISO 18013 is broken into 7 sections. While ISO 18013-5 has been completed, 18013-1 through -7 are still being developed.
The International Telecommunication Union (ITU) is a specialized agency of the United Nations responsible for developing international standards and regulations for telecommunications and information and communication technologies (ICTs). The ITU promotes the adoption and growth of telecommunications systems and digital identity solutions in developing countries, where both play an important role in creating and accessing essential services such as healthcare, education, and banking.
One of the ITU's key initiatives in the digital identity arena is the Focus Group on Digital Identity, which brings together experts from government, industry, academia, and civil society to identify emerging trends and best practices in digital identity technologies and develop guidelines and best practices to create secure and interoperable digital identity systems. For example, the Group tests, reviews, and proposes technical standards for electronic authentication and identity management.
The ITU also works closely with other international organizations, such as the World Bank and the World Economic Forum, participating in global policy discussions related to telecommunications and ICTs. It hosts a range of international conferences and meetings to facilitate dialogue and cooperation between countries and stakeholders on issues such as Internet governance, cybersecurity, and the digital divide.
The Internet Engineering Task Force (IETF) is a global community of network designers, operators, vendors, and researchers who are focused on the evolution of the Internet's architecture and the smooth operation of the Internet. IETF develops and promotes voluntary internet standards, in the form of protocols, procedures, and technologies that facilitate the interoperability and reliability of network operations. This includes the development of standards for digital identity and security, such as Transport Layer Security (TLS), Simple Authentication and Security Layer (SASL), and Domain Name System Security Extensions (DNSSEC), among others. The IETF's mission is to make the internet work better by producing high-quality, relevant technical documents that influence the way people design, use, and manage the Internet.
The Linux Foundation is a non-profit organization that supports the development and growth of the open-source software community. It provides a neutral platform for collaboration and innovation among developers, vendors, and end-users. The Foundation hosts various projects, including the Linux operating system, Kubernetes, and Hyperledger, among others, and is committed to advancing open-source technologies.
The Linux Foundation has played a role in digital identity through its project Hyperledger Indy, a decentralized identity platform that provides tools for creating, storing, and managing digital identities that are self-sovereign, privacy-preserving, and secure. Indy offers an interoperable infrastructure for identity solutions and enables different identity systems to work together seamlessly.
The group also hosts the Trust over IP (ToIP) project, which aims to create a global standard for trusted digital identities that can be used across various domains and platforms. Through its projects, the Linux Foundation has contributed to the development of open, decentralized, and interoperable digital identity solutions that promote privacy, security, and user control.
The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the United States Department of Commerce. It promotes innovation industrial competitiveness, and cyber security through the development and implementation of standards, measurements, and interoperable technology across sectors.
Working closely with stakeholders from industry, academia, and government, NIST has played a critical role in the development and adoption of technical standards and guidelines of best practices for digital identity management systems. These include:
- 1.NIST Special Publication 800-63: Digital Identity Guidelines: This publication provides guidelines for implementing digital identity systems that are secure, privacy-enhancing, and interoperable. It covers a range of topics, including identity proofing, authentication, and federation.
- 2.NIST Special Publication 800-63B: Digital Identity Guidelines: Authentication and Lifecycle Management: This publication focuses specifically on the authentication and lifecycle management aspects of digital identity systems. It provides detailed guidance on selecting and implementing authentication mechanisms based on risk and usability considerations.
- 3.NIST Cybersecurity Framework: The Cybersecurity Framework provides a set of best practices and guidelines for managing cybersecurity risks across a range of industries and sectors. It includes guidance on managing digital identity risks and protecting sensitive personal information.
The Institute also works to create policy guidance. For example, NIST, along with the Identity Ecosystem Steering Group (IDESG), created the Identity Ecosystem Framework (IDEF)--a set of technical standards and policy recommendations designed to foster an interoperable, secure, and privacy-enhancing identity ecosystem for online transactions.
Created in 2011, the National Strategy for Trusted Identities in Cyberspace (NSTIC) was a US government initiative aimed at improving the security and privacy of online transactions. It seeks to create a trusted digital identity ecosystem, promoting the development and adoption of identity technologies that are secure, interoperable, and cost-effective. The NSTIC provided a framework for collaboration between government agencies and private sector organizations and resources to support research and development in identity technologies to increase confidence in online transactions.
While housed within the National Institute for Standards and Technology (NIST) and the US Program Office, NTSIC was led primarily by private sector actors comprising the Identity Ecosystem Steering Group (IDESG), which created identity ecosystem frameworks, such as the Identity Ecosystem Framework (IDEF) Registry. Such frameworks were tested in pilot programs, and one such pilot program, login.gov, is now widely used in production nationwide.
The Open Identity Exchange (OIX) is a non-profit organization that focuses on building trust in digital identities. Stemming from a trust framework created by the Open ID Foundation and the Information Card Foundation and supported by the then-US Chief Information Officer, OIX was founded in early 2010.
OIX brings together businesses, governments, and non-profit organizations to develop and promote open identity standards and best practices for secure online interactions. OIX aims to create a more trusted digital ecosystem by providing a framework for establishing and verifying digital identities, improving identity security and privacy, and reducing fraud and identity theft.
The organization works on a variety of projects, including the development of technical specifications and policy recommendations for digital identity, as well as pilots and proof-of-concept projects to demonstrate the effectiveness of identity solutions.
ID4Me is an open, non-profit group of Internet service providers, software developers, and other entities that care about the future of the Internet and want to defend its distributed and federated architecture when it comes to digital identities. The initiative aims to provide end-users with open and internationally available identity services that adhere to security and data protection standards, foster user choice, and avoid identity lock-ins. To this end, the ID4Me protocol was created.
The ID4Me protocol is an open and federated identity protocol that allows users to create a single digital identity and use it across multiple websites and applications. It is designed to provide a privacy-focused and user-centric approach to digital identity management while allowing easy interoperability and integration with existing systems.
The protocol uses domain-based authentication, meaning a user's identity is verified based on their domain name (such as their email address). This allows for a decentralized approach to identity management, where users have complete control over their own data and can choose which websites and applications they share it with.
The OpenID Foundation is a non-profit organization that promotes the adoption of open standards for digital identity and authentication. Its primary goal is to enable individuals to control their digital identities and make it easier and safer for them to access online services.
The Foundation's flagship standard is the OpenID Connect protocol, which builds on the OAuth 2.0 framework to provide a secure and interoperable way for individuals to authenticate and authorize themselves across multiple websites and applications. OpenID Connect is widely used in enterprise and consumer applications, as well as in the public sector.
The OpenID Foundation also works on other related standards, such as the Account Chooser API and the Financial-grade API (FAPI), which aim to provide better user experiences and more robust security for online authentication and authorization.
In addition to its technical work, the Foundation advocates for the principles of user-centricity, privacy, and security in digital identity management. It engages with policymakers and stakeholders to promote the adoption of open standards and to ensure that individuals' rights and interests are protected.
The Foundation also collaborates with other standards bodies and industry groups to ensure that its standards are aligned with best practices and emerging trends, and houses multiple working groups, including:
- OpenID Connect Working Group
- eKYC & Identity Assurance Working Group
- Enhanced Authentication Profile (EAP) Working Group
- Fast Federation (FastFed) Working Group
- Financial-grade API (FAPI) Working Group
- Health Relationship Trust (HEART) Working Group
- International Government Assurance Profile (iGov) Working Group
- Mobile Operator Discovery, Registration & autheNticAtion (MODRNA) Working Group
- Research & Education (R&E) Working Group
The OpenWallet Foundation is a non-profit consortium founded in 2023 as part of the Linux Foundation Europe. The OWF is a consortium of companies and non-profit organizations collaborating to drive global adoption of open, secure, and interoperable digital wallet solutions. It also aims to provide access to expertise and advice to government entities and implementors through its Government Advisory Council.
The OWF aims to set best practices for digital wallet technology through collaboration on standards-based OSS components that issuers, wallet providers, and relying parties can use to bootstrap implementations that preserve user choice, security, and privacy.
Its goal is to support the development of portable and secure wallets that can be used on any device, with any operating system, for any app or service, and with any currency or credential. To this end, its mission is to develop an open-source wallet engine to enable secure and interoperable multi-purpose wallets anyone can use to build solutions.
The group is not a Standards Development Organization (SDO) but it does collaborate with SDOs in the development and proliferation of open standards related to digital wallets.
The Organization for the Advancement of Structured Information Standards (OASIS) is a non-profit consortium that develops open standards for a wide range of technologies, including security, privacy, cloud computing, and web services. OASIS is a global organization with members from academia, government, and the technology industry.
OASIS produces standards that are widely used by businesses and governments around the world, and its work is often focused on enhancing interoperability, security, and privacy in digital systems. All standards development work is conducted in a public forum; anyone can participate in the process, regardless of affiliation or background. OASIS also adheres to a set of policies and procedures designed to ensure its standards are relevant, high-quality, and widely adopted. For example, in partnership with the American National Standards Institute (ANSI), OASIS administers U.S. Technical Advisory Groups that contribute to standard-making within the International Organization for Standardization (ISO).
In the realms of digital identity and security, OASIS has developed several important standards, including the Security Assertion Markup Language (SAML), the eXtensible Access Control Markup Language (XACML), and the Security Services (SAML) Bindings. These standards help to enable secure identity and access management in a variety of contexts, such as web services, cloud computing, and enterprise applications.
The Platform for Good Identity is an initiative led by the World Economic Forum which aims to promote the development of digital identity systems that are secure, inclusive, and respect individual privacy rights. The Platform brings together stakeholders from various sectors, including government, industry, and civil society, to collaborate on the design and implementation of digital identity solutions that meet these criteria. The goal of the Platform is to help ensure that everyone can participate in the digital economy and society, regardless of their background or circumstances, while also protecting their personal data and privacy.
The Secure Identity Alliance (SIA) is a non-profit organization funded by industry members that works to advance the development of secure identity technologies, promote interoperability between different identity systems, and establish common standards and best practices for identity management. The organization brings together stakeholders from across the identity ecosystem, including governments, industry, and academia, to collaborate on developing open standards and best practices.
The group also conducts research and provides thought leadership on issues related to digital identity and cybersecurity. It publishes reports and white papers on topics such as biometric authentication, mobile identity, and identity fraud, and works to raise awareness of these issues among policymakers and the general public.
SIA has recently created OSIA, an open standard set of interfaces (APIs) that enables interoperability between the building blocks of the identity management ecosystem, independent of technology, solution architecture, or vendor.
Spurred by a whitepaper written in 2019, the Trust over IP (ToIP) Foundation, an independent project housed within the Linux Foundation, is a global initiative that aims to create a trustworthy and interoperable digital identity ecosystem. It provides a framework for creating interoperable and decentralized identity systems based on the principles of user-centricity, privacy, security, and interoperability.
The ToIP Stack whitepaper, the ToIP Foundation's progenitor, created a framework that leverages advanced cryptographic techniques to ensure secure, private, and tamper-proof digital identities, and provides a governance framework that ensures the interoperability and trustworthiness of digital identity solutions.
The Foundation builds upon this work by convening member-organized working groups and committees, allowing for stakeholder-driven solutions to be created to face global identity ecosystem challenges. The group values transparency and open-source methods, and as such, membership and participation are open to anyone.
A non-profit organization founded in 1971, the World Economic Forum (WEF) brings together global leaders from business, government, academia, and civil society to engage in dialogue and find solutions to some of the world's most pressing issues. WEF's annual meeting in Davos, Switzerland, is one of the world's most high-profile gatherings where global leaders discuss economic growth, international trade, technological innovation, climate change, and global health. The Forum also hosts regional meetings and publishes research reports and analyses on various topics related to global economic and social issues.
The WEF has been working to establish global standards for digital identity to promote privacy, security, and portability. The group recognizes that the lack of a globally accepted framework for digital identity poses a significant challenge to achieving digital technology's full potential, particularly in financial inclusion, economic growth, and social development.
To address this issue, the Forum has established the Digital Identity program, the Identity in Financial Inclusion initiative, and the Platform for Good Digital Identity, which bring together stakeholders from various sectors to develop a common vision for digital identity and a set of principles to guide the development of digital identity systems. The organization has also published a report called "A Blueprint for Digital Identity," which outlines key principles, challenges, and opportunities for digital identity systems and their builders.
The Forum continues to emphasize the importance of designing digital identity systems that are user-centric, privacy-preserving, and inclusive, and has called for the development of open standards and interoperability between different digital identity systems. It also works with governments, international organizations, and the private sector to pilot and implement digital identity systems that adhere to these principles and standards.
The World Wide Web Consortium (W3C) is an international community that develops open standards and guidelines to ensure the long-term growth of the web. The W3C has played a significant role in the development of digital identity standards, particularly in the areas of authentication and access control.
The W3C has developed several key standards related to digital identity, including Web Authentication (WebAuthn) and the Credential Management API. WebAuthn is a web standard that provides an API for authenticating users using public-key cryptography, making it easier and more secure to log in to websites and applications. The Credential Management API provides a standard way for web applications to store and manage user credentials securely.
The W3C has also developed standards for Verifiable Credentials (VCs) and Decentralized Identifiers (DIDs), which provide secure and private ways to manage and share identity information. Verifiable Credentials are a digital form of identity credential that can be cryptographically verified and trusted by third parties, while Decentralized Identifiers are unique identifiers not tied to any central authority. These technologies have the potential to transform digital identity and dramatically enhance online security and privacy.
Digital identity touches every industry and spans across global borders. The contributions of these organizations outlined above help to ensure solutions built are interoperable for many use cases and adopt the best practices for digital security and protecting privacy. Part of the efforts of some of the aforementioned organizations has yielded global standards and guidelines for digital credentials, like mobile driver’s licenses and, more generally, mobile documentation.
We’ll explore the relevant standards and guidelines in the next section.