Last week, some of us attended the OpenID Foundation’s OpenID Workshop and the Internet Identity Workshop (IIW) in San Francisco, California. The foundation’s workshop provides a great opportunity to hear about all the latest going on in the various working groups; IIW is a place where you can meet fellow identity experts and grow in knowledge from various industry experts. The IIW agenda is open and created by the attendees each day in an unconference style. It creates very open discussions and makes room for any topic enough people find interesting.
This year, it was clear that the verifiable credentials movement has gone from a dream of a better Internet to practical discussions and proofs of concepts. This is something that we are working passionately on, so it was great to join other like minded people working to digitize bits of identity information into digital wallets. The space is still new with good standards emerging both from the OpenID Foundation and other standards bodies. The path to true interoperability for wallets and credentials is still incubating but there is a strong force heading in the right direction. Meeting face to face like this really shines the light on the right issues and helps us all work on the right problems.
Adjacent to the verifiable credentials is decentralized identifiers (DIDs); DIDs are a method of distributing keys in a decentralized manner. This space is exploding with ideas and implementations; there is still a ways to go before we see more convergence, but the early adoption is already underway. Eventually, certain DID methods will prevail, and the issue of trust will be sorted out. To this end, different groups are working to provide trust frameworks for various DID methods. This will be critical for applications using decentralized identities with verifiable credentials.
I also spent some time discussing and listening to others about the work that has been done on FIDO2 passkeys. This is the big password replacement initiative that comes out of the FIDO Alliance, another standards organization. Passkeys are WebAuthn keys that support multi-factor authentication and that can roam between devices. The Operating System (OS) support for this is growing and made a leap earlier this year when Apple introduced passkey support in iOS 16 (and its sister operating systems); soon, other OS vendors, like Google, will follow.
In summary my main takeaways are:
The time for organizations to experiment with verifiable credentials and digital wallets is now.
FIDO passkeys are maturing and will replace passwords in the coming years.
DIDs are maturing but convergence is yet to occur.