Key Topics Shaping the Future of Digital Identity

Earlier this month, members of the SpruceID team attended the 39^th installment of the Internet Identity Workshop, or IIW. The biannual conference is on the cusp of its third decade, and one reason we love it is that it still embodies the collaborative, grassroots spirit of its 2005 founding era. This ethos still guides the open, standards-based world of identity, making IIW an ideal place to check in on important developments and ideas.

Held at the Computer History Museum near Google’s campus in Mountain View, California, each installment of IIW begins with an iconic opening circle to introduce all attendees and solicit session proposals on the fly. This “unconference” structure means you never know quite what you’ll see at IIW until it starts – and input was on hand from every corner, from Microsoft and Google to solo entrepreneurs and the government administrators bringing the next wave of identity to life.

Over 3 days and 177 discussion sessions, the breadth of topics at IIW was huge, but a few key themes came into focus for us: Collaboration and convergence across groups of stakeholders; the new concept of “personhood credentials”; and the cryptographic innovation known as Zero Knowledge Proofs.

Personhood Credentials

SpruceID may be a bit biased, since Wayne Chang, SpruceID CEO was part of the team that rolled out the idea in a whitepaper earlier this year, but it was gratifying to see a lot of discussion of “personhood credentials” at IIW. Broadly, a personhood credential is a kind of verifiable digital credential that shows its holder is a natural person, without revealing other personal information. The broad goal is to help combat disinformation and spam online by making it easy to identify content posted by a real human.

Various breakouts delved into technical details of implementing personhood credentials and potential applications, such as in “know your customer” procedures for financial services. But the discussion also turned to deeper quandaries, including a challenge to the premise of the personhood credential: Why is the burden of proof on humans? One panel on “approved AI agents” explored how digital credentials could be used to identify autonomous agents online, sparking a lively debate about trust and accountability in the digital age.

Zero Knowledge Proofs

Finally, there was both a wealth of discussion and a significant piece of news about Zero Knowledge Proofs, a recent innovation in privacy-enhancing cryptography. ZKPs remain largely theoretical, but would make it possible to do something wildly interesting with digital information: prove the truth of a claim, without revealing the underlying details. For example, a ZKP-based digital credential could be presented at a bar to prove you’re old enough to buy a drink, without revealing your specific date of birth.

There were sessions presenting things like digital wallets built to handle ZKPs in verifiable credentials, and software libraries that will make the technology easier to implement. But probably most exciting was the announcement that Google is hard at work on building ZKPs that work on the mDoc credential standard, using existing hardware. The search giant announced that it plans to make their techniques open-source in early 2025, which could spark a flurry of further technical advances and even real-world implementations.

Collaboration in Overdrive

The most interesting part of IIW 39 may not have been a technical topic at all, but the powerful mixing and collaboration on display everywhere you looked. That’s particularly notable because attendees represented a cross-section of the identity world in every sense. Founders of the first IIW 20 years ago rubbed elbows with young engineers bringing those pioneers’ ideas to life.  Government staffers leading the charge on mobile drivers’ licenses shared their issues with vendors building the tools they need. 

Perhaps most importantly, representatives of key standards came together to share insights and reconcile approaches. Teams developing mDocs/mDL, OpenID, European identity groups, the Open Wallets Foundation, and the Decentralized Identity Foundation kibitzed and compared notes with an eye towards getting these systems to work together better. With everyone in the same room, there were significant breakthroughs in finding shared solutions to sticky problems.

With digital identity gaining real-world traction in recent years, it's exciting to see the spectrum for digital credentials shifting from being discussions of theory, to competing standards, to now who wins/how we all win by moving into the marketplace of implementation.

From Theory to Practice

This new work on ZKPs embodies perhaps the single overarching theme of IIW 39: a lot of things that the identity world has spent years talking about and refining are now actually becoming reality. For example, we saw intense interest in our work on California’s mobile driver’s license (though again, we’re biased) and discussion of strong privacy requirements that would be considered for Utah’s state digital ID. Utah appears to be truly committed to protecting the privacy of users, a gratifying payoff to decades of commitment to safety-centric design in digital ID.

The passage from ideas to reality even capped off this year’s IIW: many attendees went from Mountain View straight to Sacramento, where the California DMV was hosting an mDL hackathon. After days focused on aligning the principles and architecture of digital identity, developers were able to get their hands dirty building real-world tools and exploring ways digital identity can fulfill its promise of better security, privacy, and trust in the digital age.

Turning Conversations into Solutions

Wrapping up these recent discussions, we're energized by the progress and collaboration happening in the world of digital identity. The transition from theory to implementation is becoming more tangible, with advancements like personhood credentials and Zero-Knowledge Proofs paving the way for privacy-first solutions. As we continue to tackle challenges and refine standards, we’re excited to contribute to a future where secure, user-controlled digital interactions are the norm.

About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions.