A Summary of Internet Identity Workshop #39

Mathieu Glaude

November 7, 2024

(Images used in banner courtesy of Ankur Banerjee, @ankurb)

 

Introduction

Below are my personal highlights from the Internet Identity Workshop #39, held from October 29–31, 2024, at the Computer History Museum in Mountain View, California. The Internet Identity Workshop (IIW) is a one-of-a-kind, unconference-style event that gathers professionals across the digital identity space to openly discuss, debate, and innovate. IIW39 set a record for attendance, with 178 sessions, giving us the opportunity not only to stay up-to-date but also to contribute through sponsorship and active participation, reinforcing our commitment to this evolving field.

Images courtesy of Internet ID Workshop (@idworkshop)

Our team left inspired by the range of perspectives and in-depth conversations and are excited to share some of the key takeaways relevant to digital credential ecosystems. To organize the insights, I’ve grouped the most impactful sessions into three themes: trust establishment, adoption, and tech stack updates. These themes helped me categorize sessions that stood out and offered valuable perspectives for our work in digital credentials, wallets, and trust establishment infrastructure.


#1 – Trust Establishment

This IIW featured many discussions around governance, trust registries and trust establishment.

Progressive Trust in Issuer Registries with LinkedClaims

This session explored the concept of “progressive trust” in issuer registries, where entities can initially join a trust registry with minimal requirements and gradually build their credibility over time by adding claims. LinkedClaims was proposed as a potential solution to enable this approach, allowing ecosystem participants to add claims to a trust registry incrementally, thereby increasing their level of assurance as they demonstrate further compliance or meet additional standards. By setting low initial barriers for inclusion, this model supports a more accessible and open ecosystem, where entities can start with a basic level of trust and enhance it progressively. This approach provides an inclusive framework for building transparency and encouraging a steady flow of verifiable claims, enabling credentials to gain broader acceptance across different ecosystems as entities solidify their trustworthiness.

 

Well-Attended Discussion on Bridging Trust: DIDs, DNS, and X.509

Another session that ultimately brings trust establishment into the discussion was focused on creating layered assurance by bridging decentralized identifiers (DIDs) with established infrastructures like DNS and X.509. This hybrid approach allows any entity—not just credential issuers—to build more assurance by combining DIDs with established, trusted systems. This setup is particularly valuable for organizations with a strong digital presence, as it lets them leverage existing DNS or certificate frameworks to increase the assurance of their identity or credentials. We’ve already implemented this concept with DNS bridging in our IETF draft on High Assurance DIDs with DNS, demonstrating how entities can use this approach to create dependable, transparent interactions. As one of the co-chairs of the High Assurance VID Task Force (HAVID), I’m actively engaged in advancing this approach, proving that layered trust realms can support higher assurance in decentralized ecosystems.

A diagram provide by Dr. André Kudra which was showed in the IIW session

European Union Digital Identity Wallet (EUDI Wallet) Relying Party Authentication

The topic of relying party authentication for the EUDI Wallet sparked enough discussion to span two sessions. The first session on day 2 raised several open questions around the best approach for authenticating relying parties, leading to a follow-up session on day 3 to further unpack the issues.

One of the key points in discussing EUDI Wallet’s architecture was the requirement for relying parties to provide certain data about themselves to the wallet and, by extension, to the holder. This requirement, stemming from the EU’s eIDAS regulation, allows the holder to have insight into what data a relying party wishes to access and how they intend to use specific credentials. This transparency is essential for enabling informed decisions by the holder and safeguarding data privacy.

Various technical options were explored for implementing this authentication, including traditional X.509 solutions, OpenID Federation, and SD-JWTs (selective disclosure JSON Web Tokens). Each approach has unique strengths and challenges, with OpenID Federation emerging as a flexible option for interoperability. However, concerns around the complexity of the OpenID Federation specification led to discussions on simplifying or segmenting it to make it more accessible, particularly for the EUDI Wallet context.

Northern Block has been actively investing in implementing OpenID Federation across our solutions, aligning with the standard’s potential for fostering trust and interoperability in digital credentialing. Yesterday, on November 6, 2024, we presented an update at a Findynet-hosted event, sharing insights on our progress. A recording of the session is available on the event meeting page for those interested in learning more.

Additionally, the sessions considered how OpenID Federation might integrate with the European Blockchain Services Infrastructure (EBSI) and other European trust establishment technologies, potentially serving as an abstraction layer to connect multiple verification methods. While OpenID Federation shows promise for trust establishment in the European context, the sessions underscored that simplifying the spec could be key to overcoming current barriers. There’s clear interest in OpenID Federation’s role in the European market, and as this work evolves, it could provide a streamlined path for cross-border compatibility and trust in digital credentials.


#2 – Adoption

IIW39 offered a strong forum to gauge the state of adoption in digital credentialing and examine what’s required to drive it forward.

 

“Has Our SSI Ecosystem Become Morally Bankrupt?”

In one of the very many thoughtful sessions at IIW39, Christopher Allen raised a challenging question: has the self-sovereign identity (SSI) ecosystem strayed from its founding principles? His blog on the topic served as inspiration for the session. Allen questioned whether current implementations are compromising core SSI values—such as existence, control, access, transparency, and protection—that were foundational to the concept of self-sovereign identity. Increasingly, we’re seeing the industry willingly delegate key functions to platform providers, often replicating centralized or federated models that limit user control and freedom.

As examples, Allen pointed to the rise of mobile driver’s licenses (mDLs) and DID implementations such as did:web. These approaches may gain traction through their ease of adoption and existing infrastructure but risk overlooking some key principles as mentioned above. This trend raises concerns about whether these solutions are being designed in a way that prioritizes control for platform providers rather than the individuals using them. Allen’s critique highlights how some modern implementations of SSI risk sacrificing these core principles for the sake of convenience or widespread adoption.

From my perspective, these principles remain the goal for myself, our company, and many collaborators in the industry. However, achieving true self-sovereignty in a scalable way involves navigating significant structural and funding challenges. 

Much like the internet was seeded by the U.S. government through projects like ARPANET, where initial government funding was critical to establishing its foundations, digital trust infrastructure requires substantial investment to reach critical mass. This foundational funding enabled others to build value on the internet through commercially driven models that continue to reshape society as a whole. Today, governments and large organizations—particularly those with a public benefit as their core mission—are often the only entities capable of making this level of investment, viewing digital trust infrastructure as a form of public infrastructure that justifies their funding.

But with funding comes influence. Governments and large entities exercise control over their constituents through controls (e.g., rules, laws, and regulations)—frameworks that don’t always align seamlessly with the digital world’s principles of openness and user autonomy. This creates a tension between the need for investment to build digital public infrastructure and the inherent incentive models these large entities operate under, where control and oversight are often prioritized. This represents a larger struggle in balancing innovation with institutional authority, especially as digital identity and trust infrastructure continue to develop.

In my view, balancing SSI’s principles with these real-world constraints isn’t an all-or-nothing endeavor. Each implementation should strive to maximize user control, privacy, and transparency, even if some trade-offs are necessary. The investments we’re seeing are undeniably driving amazing advancements, and it’s a matter of taking the best parts and continuously improving upon them. This isn’t a zero-to-one leap but rather a journey of chipping away at constraints, making incremental progress toward a digital world that aligns more closely with self-sovereign ideals.

This session was an important reminder for me—and for all of us in this space—not to lose sight of the vision and principles that brought us here. Even as we navigate complex environments, we must stay grounded in the values that underpin SSI, ensuring they remain central as we move forward, one step at a time.

 

Public Sector Momentum and Cross-Ecosystem Acceptance

There continues to be significant momentum in the public sector around digital credentialing, with the U.S., Canada, Europe, and other regions like Bhutan each advancing in their own unique ways. In the U.S., states are increasingly adopting mobile driver’s licenses (mDLs), with many offering digital driver’s licenses through platforms like Apple and Google Wallets, while others provide their own state-specific wallets. Similarly, Canadian provinces are moving forward with their own digital wallets, and the European Union is working toward nation-state-approved wallets as part of a cohesive digital identity strategy. Each region’s approach reflects key differences and nuances in the technical stacks and governance models across these public sector ecosystems. Bhutan’s launch of its National Digital Identity (NDI) project exemplifies how even smaller nations are adopting digital credentials, contributing to a global trend in verifiable credentials across public sector initiatives.

While the public sector is a key driver, there are notable differences in approaches across these regions. Organizations like the Global Acceptance Network (GAN) are essential in bridging these varied approaches, fostering cross-ecosystem compatibility through multiple sessions and discussions around trust establishment at IIW39. For readers interested in how GAN supports the adoption of verifiable credentials across sectors and regions, we recommend our recent podcast episode on GAN’s ecosystem, which delves into its development and vision.

For anyone seeking a lay of the land in public sector credentialing, Northern Block has a strong perspective from our work in both North America and Europe. Feel free to reach out to us for further insights into how digital credentialing is evolving in the public sector across these regions.


#3 – Technical Updates

With the rapid evolution of standards and interoperability frameworks, IIW39 highlighted some of the latest tech stack advancements that are shaping digital credential ecosystems.

 

Digital Credential Query Language (DCQL)

The Digital Credential Query Language (DCQL) proposes to offer a streamlined solution to the complexity of existing credential presentation models, presenting a simplified, structured approach to querying credentials. Developed as part of the upcoming Implementer’s Draft for OpenID4VP, DCQL is designed as an alternative to Presentation Exchange (PE), which, though flexible, has become complex and challenging to implement. With dependencies like JSONPath, regular expressions, and extensive schema filters, PE can be cumbersome and potentially insecure, especially in browser-based environments.

DCQL aims to address these issues by introducing a more straightforward, JSON-based syntax that is largely credential format-agnostic, allowing for simpler and faster implementation. By reducing optional elements and removing complex dependencies, DCQL lowers the technical barriers for organizations adopting digital credentials, making credentialing solutions easier to implement and scale. However, as the adoption of DCQL grows, it is expected to coexist with PE, creating a phase where both standards are in use. This dual adoption could lead to interoperability challenges, as some organizations might choose to implement only one standard. DCQL’s simplified approach thus highlights the need for careful handling of interoperability across digital identity ecosystems, especially where both PE and DCQL are expected to operate.

Although initially specific to OpenID4VP, DCQL’s adaptability has the potential for broader use, supporting a more consistent and accessible querying standard as digital identity implementations grow across ecosystems.

 

Google’s Zero-Knowledge Proof (ZKP) for Mobile Credentials

Google introduced an advanced, high-performance ZKP for mobile environments, which represents a significant breakthrough in privacy-preserving credentials. With this implementation, users can present specific claims without revealing additional data, aligning with SSI principles. The optimization of ZKPs for sub-second performance opens new doors for real-world use cases in identity verification. As this technology becomes more accessible, it could drive widespread adoption across industries that require privacy-centric solutions for sensitive interactions.

 

Revocation and Status Mechanisms Comparison

Managing credential status and revocation is essential, particularly for high-volume and regulatory-sensitive use cases. The session on revocation mechanisms provided a detailed comparative analysis of various approaches, evaluating them on key criteria such as scalability, privacy, security, and deployment readiness. These comparisons offer digital identity architects a clearer framework for selecting revocation methods that best align with their operational needs and compliance requirements. As digital credential ecosystems grow, a flexible approach to revocation—one that adapts to different regulatory environments and use cases—will be increasingly critical. For more details, you can view the session slides here.

 

Conclusion

IIW39 consistently provides a lens into the current adoption cycle and maturity of digital credential and wallet ecosystems. As digital identity continues to grow, events like IIW serve as critical forums to assess the evolving landscape of digital credentials, standards, and wallet functionalities. For organizations navigating this space, these insights highlight the importance of transparent governance backing credentials and ecosystems, practical adoption strategies, and streamlined technical solutions that simplify yet secure digital interactions.

I hope this summary was useful to readers. As always, feel free to reach out to me directly at mathieu@northernblock.io or connect with me on LinkedIn if you’d like to discuss these topics further. We’ll be attending the next Internet Identity Workshop, IIW40 (IIWXL), in Spring 2025 from April 8 to April 10, and we urge anyone who finds this discussion interesting to consider joining us there.

–end–

Related Posts

Introducing our groundbreaking Trust Registry platform

The ultimate solution for forging resilient trust ecosystems in today's digital landscape.

Trust Registry

Products

 

Orbit Enterprise

Establish your own trusted digital interactions ecosystem with your customers, partners and suppliers

Orbit Edge Wallet

Hold and manage issued verifiable credentials securely and in a privacy-preserving way

Orbit Trust Registry

Empower your organization to establish credibility, verify identities, and foster secure interactions with confidence and ease.

Updates

 

Product Updates

Solutions

Verified Person

Receive a verifiable credential from Northern Block

OpenID4VC

Try our new OpenID4VC demo

Energy and Mines Digital Trust

Organizational Wallet and Credentials

Receive, store and exchange organizational credentials within your ecosystem

 

 

 

Resources

 

SSI Orbit Podcast

Self-sovereign Identity, Decentralization and Digital Trust

Blog

Insights and News from the Forefront of Self-sovereign Identity

Latest Content

 

The United Nations Transparency Protocol (with Steve Capell)

The United Nations Transparency Protocol (with Steve Capell)

🎥 Watch this Episode on YouTube 🎥🎧   Listen to this Episode On Spotify   🎧🎧   Listen to this Episode On Apple Podcasts   🎧 About Podcast Episode Are you confident in the environmental and social claims about your products? In this episode of The SSI Orbit Podcast,...

read more