Identity, for the most part, is not natively digital. We have digital artifacts that refer to real-world physical credentials, like driver's licenses and passports. Identity, however, is at the core of most of our interactions in daily life, both physically and digitally, with ever-increasing dependency on digital interactions.
However, since the internet was built without an identity layer natively baked in, significant coordination and collaboration efforts are required to ensure what is built and adopted can serve use cases across the internet, spanning various industries across the public and private sectors.
Spruce participates in various working groups of global standards bodies and foundations to champion open-source, interoperable solutions that help create a more privacy-forward, user-centric internet. We have also implemented and architected multiple global emerging identity standards, such as W3C Verifiable Credentials, Sign-In with Ethereum, and more.
Here are non-exhaustive highlights from our participation in the first quarter of 2023:
Global Working Groups:
W3C Working Groups: We continued participating as co-editor in the W3C Verifiable Credentials Working Group to work on the Verifiable Credentials Data Model (VCDM) v2.0 standard where we are also leading the holder binding discussion that will contribute to more secure digital credentials for pure online use cases and interactions with digital identity documents. Additionally, we are actively contributing to the definition of the formal semantics for the new RDF 1.2 quoted triples in the W3C RDF-star Working Group.
ISO Working Groups: We continued our participation in ISO/IEC JTC 1/SC 17 Cards and security devices for personal identification in WG4 and WG10 as delegated experts to work on ISO 18013-7, a specification to securely exchange mobile Driver’s License (mDL) online, and on ISO 23220 which is a series of specifications for building blocks for mobile identity documents (mdoc).
OpenID Foundation Working Groups: We continued our participation in the OpenID Foundation AB/C Working Group as co-editor and contributors. We helped to publish the second implementer’s draft of OpenID for Verifiable Presentations (OpenID4VP) and contributed to OpenID for Credential Issuance (OpenID4CI) to get it closer to the first implementer’s draft.
Additional Working Groups: We joined the Open Wallet Foundation (OWF), a project of the Linux Foundation Europe, as a founding member and are working to stand up its first Technical Advisory Committee with some of the world’s largest digital identity technology and solutions providers. You can learn more about the OWF here:
At the end of 2022, Sign-In with Ethereum (SIWE), or EIP-4361, moved from “Draft” to “Review” and we are currently incorporating feedback from the community to improve the specification. We are actively working on advancing the specification to the next stage.
After we authored and published a draft for Sign-In with Ethereum Capabilities, or ReCaps (EIP-5573), we received significant interest from the Ethereum Magicians and Chain Agnostic Standards Alliance (CASA) communities. As one of the outcomes, we updated the specification to align it more closely with the User Controlled Authorization Network (UCAN) Specification for interoperability and composability reasons.
Authorship and Events:
In February, we finalized and published our Rebooting the Web of Trust (RWOT) whitepaper on holder binding from RWOT XI: The Hague, which is co-authored by people from the Federal Printing House of Germany, TNO, Danube Tech, and other leaders in the identity standards community.
Across the world, there are various digital credential and digital identity guidelines currently being considered for various purposes, like official government-issued documentation, learning and employment records, and more. As contributors to many of the standards paving the way for global adoption, we are thoughtful in reviewing and submitting comments to improve specifications where feedback or formal comments are requested.
We recently submitted comments for the Canadian National Technical Specification for Digital Credentials and Digital Trust Services. We also intend to provide comments for the NIST SP 800-63 Digital Identity Guidelines, which had its latest major revision in 2017 to accelerate the adoption of the work that is happening across the other various working groups, such as ISO and W3C, that we participate in.
And last, but certainly not least, next week, we will have a live demonstration of interoperability with Microsoft and Ping Identity at the Internet Identity Workshop (IIW) in Mountain View, California. This quarter, we continued our engagement in the DIF JWT Interoperability Presentation Profile Initiative, and at IIW, we will demonstrate interoperability based on the OpenID for Verifiable Credentials specifications. We look forward to meeting you there!
We fundamentally believe this work to champion global standards is core to the success of further adoption of digital identity, allowing for more secure and privacy-preserving, yet seamless interactions that build digital trust across the web.
If you're interested in discussing or contributing to any of our work outlined above, please contact our team.
About Spruce: Spruce is building a future where users control their identity and data across all digital interactions.