Upcoming

• German “EUDI Wallet Prototypes“: The Use Cases-Conference Berlin and Online October 14th, 2025

• W3C CCG APAC Friendly Time: 15th of October: Bhutan National Digital Identity Implementation

• Registration Open for OpenID Foundation Hybrid Workshop at Cisco on Mon 20th October 2025

• Internet Identity Workshop #41 October 21-23 Mountain View California

• W3C CCG APAC Friendly Time 22nd of October: A microcredential ecosystem

• Agentic Internet Workshop* October 24th Mountain View California (*Inspired IIW by and hosted by the IIW Foundation

DIF Steering Elections are coming up soon!

Thoughtful

(Peter Davis) A Journey from the Origins of Identity to AI Agents and Beyond

These early systems taught me something crucial: identity is not just a technical problem—it’s a human trust problem expressed through technology. Every authentication protocol, every authorization decision, and every identity federation ultimately poses—and hopefully answers with sufficiency—the question: “Should I trust this entity to do what they’re asking?”...

It showed me that identity systems must be designed for global scale from the start, with privacy and regulatory compliance as top priorities, not afterthoughts.

Countries around the World

Switzerland: Wafer-thin majority in favour of E-ID

In the first e-ID vote in 2021, the matter was much clearer: at that time, for example, several personalities from science, business, and politics spoke out in an open letter in favour of rejecting the Federal Act on Electronic Identification Services (BGEID). Based on the BGEID, a digital, national, and standardized identification option should be introduced, as already exists in other countries….

Now everything will be different, say the supporters. This time, the responsibility lies entirely with the state. The federal government will develop and operate the necessary infrastructure and issue the E-ID. To this end, it provides an official smartphone app, a wallet called “Swiyu.” Users can use it to apply for, store, and present an E-ID (beta tests with fictitious data can already be carried out with it).

Presentation by Christopher Allen re: Swiss eID

Build a 20-Year Architecture

[Korea] ETRI to Lead International Standard for Digital Identity Wallets

Digital identity wallets, which began with mobile government IDs in Korea in 2021, are now expanding their use to mobile driver’s licenses, mobile resident registration cards, and more.

Through ongoing research in identity authentication technologies, ETRI researchers have developed

* user-centric identity management technologies and

* multi-factor authentication technologies, which form the foundation of digital identity wallets, and ETRI holds a number of core IPRs.

[Canada] New National Standard Published for Age Assurance Technologies

The Digital Governance Standards Institute (DGSI) has published a new National Standard of Canada: CAN/DGSI 127:2025, Age Assurance Technologies. This National Standard, the first of its kind in Canada, outlines minimum requirements and guidance for the responsible design, implementation, and use of technologies that estimate or verify an individual’s age.

New Zealand seeks Trust Framework Register provider, targeting February launch

DIA describes the Register as “a centralised, standards-based platform for communicating the accreditation status of digital identity providers and services.” Trust Framework Authority staff must be able to edit the Register through a web interface and update it based on status changes. The Register will be delivered as a public API that can be queried for information.

US State Age Verification Efforts Threaten Online Speech and Privacy – The Supreme Court Seems Ready to Allow Them

As lawmakers continue to push the boundaries for online restrictions in the name of youth safety, the courts will be forced to further define the limits of age verification. It’s imperative for lawmakers to understand that, at their core, age verification mandates create unnecessary burdens to access speech for everyone—regardless of age—and endanger user anonymity and privacy in a way that threatens to completely change the web’s legacy of free and open use.

(DIACC) Learning from BritCard: Why Architecture Matters for Digital Trust and Identity

* The UK’s Announced Approach

* Architecture as Values Made Concrete

* Canada’s Distinctly Different Approach

* The Technologies That Enable Privacy

* What This Means for Canada’s Digital Future

* Building Services Worthy of Trust

DPI

[Report] Foundations of Digital Public Infrastructure

The true power of this playbook lies not in replication but in adaptation. Each nation must customize this framework and guiding principles to suit their unique regulatory landscape, cultural context and economic realities. India’s contribution lies in sharing knowledge from its experiences and by fostering collaborative partnerships with nations to enable them to build their own digital sovereignty.

Making a case for a Digital Public Infrastructure (DPI) Act for America

An opinionated case for a legislation on Digital Public Infrastructure for U.S.

Identity and AI

OIDF Supports National Strategy on Fraud and Scam Prevention

Today, the Aspen Institute Financial Security Program launched a groundbreaking National Strategy on Fraud and Scam Prevention.

Scaling AI DIFferently: Why your content needs an ingredient list

What this looks like in the real world is Google’s Pixel 10 now shipping with C2PA conformance built in, YouTube tagging select videos as “captured with a real camera”, and LinkedIn marking images with a “Cr” symbol to show when they carry Content Credentials.

Their Identity Claims Aggregator mechanism verifies the disparate identity signals through trusted third parties, and issues a single verifiable credential that binds the creator’s chosen identity to their content.

Together, C2PA, CAWG, and JPEG Trust form a layered trust stack, proving what happened, who did it, and under what rights.

Our first Trusted AI Agents Working Group @DIF

Our first Trusted AI Agents Working Group Decentralized Identity Foundation meeting today was a big success! We ran a cross-work item session to brainstorm use cases and shape initial ideas for the group’s focus areas.

Why AI agents are a new kind of identity

So, as Okta sees it, we cannot give AI agents the same kind of loose supervision we give NHIs. We need to strictly manage, monitor and control them in the way we handle human users. And we need to account for the fact that AI agents don’t eat, don’t sleep and seem to move at the speed of light.

(Heath Flanagan) Delegation and Consent: Who Actually Benefits?

“When not distracted by AI (which, you have to admit, is very distracting), I’ve been thinking a lot about delegation in digital identity. We have the tools that allow administrators or individuals to grant specific permissions to applications and services.”

A Range of Topics

Credential Schema Specification 1.0 Released (Spec)

DIDComm Messages as the Steel Shipping Containers of Secure, Trusted Digital Communication

The steel shipping container transformed global trade by introducing a standardized, secure, and interoperable abstraction for transporting goods. Similarly, Decentralized Identifier Communication (DIDComm) offers a standardized, secure, and interoperable mechanism for transmitting trusted digital information between agents. This paper explores the analogy between DIDComm messages and steel containers, examining their properties, benefits, and limitations, and assessing the potential of DIDComm to catalyze a transformation in digital ecosystems comparable to the shipping container revolution.

MSc Information Systems & Digital Sovereignty

The MSc in Information Systems & Digital Sovereignty is a unique international program designed to train experts capable of designing, governing and innovating within sovereign digital infrastructures.

Requirements Engineering for Decentralized Identity

Visa Isn’t Centralized—and Neither Is First Person Identity

Recently, I heard someone describe Visa as a “centralized” model. That’s a common misconception. Visa doesn’t operate a single, central database of all transactions…There won’t be a single “identity Visa.” Instead, there will be tens of thousands: ecosystem-specific trust frameworks for finance, healthcare, education, workforce, commerce, government services, and beyond. Each will be tailored to its own needs, but they will all be possible because of the same first-person identity foundation.

[WEF White Paper] Advancing Digital Trade: Insights from the UAE TradeTech Regulatory Sandbox

[Report] Decentralized identity: The superpower every 2026 budget needs

Research

A verifiable credential scheme for resisting long-term tracking in self-sovereign identity

This paper addresses security vulnerabilities in self-sovereign identity systems where selective disclosure of verifiable credentials can enable long-term tracking of users. The proposed solution uses threshold Pointcheval-Sanders signatures and dynamically generated pseudo-identities that change with each disclosure, providing enhanced privacy protection while being more computationally efficient than existing schemes.