Key Points from the 37th Internet Identity Workshop (IIW)
The digital identity landscape is evolving, and the recent Internet Identity Workshop (IIW) in 2025 has been at the forefront of these changes. Held at the Computer History Museum in Mountain View, CA, the biannual event has been active since 2005, fostering collaboration and discussions to advance open, interoperable standards, improve security, privacy, and user experience.
This year's IIW focused on several key themes, including scaling interoperability, managing delegated authority, expanding global reach, and integrating emerging technologies like verifiable credentials and decentralized identity. The goal is a cohesive global website framework that can seamlessly integrate various technologies and platforms.
One of the main topics of discussion was the OpenID Foundation's ongoing efforts to evolve standards such as the OpenID Shared Signals Framework, OpenID CAEP, and the OpenID for Verifiable Presentations specification. These standards aim to enable secure, privacy-respecting digital identity interactions at scale, improving user control and privacy.
The IIW community also aligns with broader industry trends, such as NIST's Revision 4 of its Digital Identity Guidelines, which focus on identity assurance, security, privacy, and usability improvements.
Another significant discussion point was the shift toward enabling individuals to have greater control over their personal data and privacy terms. Initiatives like ProjectVRM's development of machine-readable personal privacy terms standards (MyTerms) aim to complement traditional consent management platforms and foster genuine, trust-based relationships between users and service providers.
Collaboration was a key theme at IIW, with discussions focusing on bridging gaps and enhancing interoperability. Established companies were present, indicating an interest in understanding and adopting evolving website standards.
Several innovative solutions were highlighted at IIW. DIDComm, based on Decentralized Identifiers (DIDs), is a versatile solution for secure and private communication within the digital realm. BIP32, which facilitates the creation of multiple cryptographic keys from a single seed, emerged as a pivotal topic.
Hardware-based keys and FIDO keys were discussed as robust security layers that meet the eIDAS requirements, emphasizing the importance of strong authentication and secure communication in protecting digital identities. The European Commission has issued guidelines recommending the use of OpenID4VC for verifiable credential issuance and presentation.
The session "Verifiable Government through Citizen-Controlled Digital Identity" discussed innovative digital identity strategies that aren't anchored in blockchain. Sam Curren's session explored the potential collaboration between DIDComm and OpenID4VC.
The W3C CCG DID Method Registry was a topic of collaboration and standardization discussions at IIW. The future direction emphasizes collaboration among industry, standards bodies, and communities to create a more decentralized, user-centric identity ecosystem. The IIW un-Conference format encourages natural conversations, networking, and collaborative learning, making it an ideal place to stay updated with the latest trends and technical advancements in the digital identity field.
- The ongoing discussions at the Internet Identity Workshop (IIW) in 2025 revolve around integrating emerging technologies like verifiable credentials and decentralized identity, which are crucial components in the evolving landscape of data-and-cloud-computing and cybersecurity.
- To foster a cohesive global website framework, the IIW community is collaborating to align with broader industry trends, such as the use of OpenID4VC for verifiable credential issuance and presentation, as recommended by the European Commission, and the development of machine-readable personal privacy terms standards like MyTerms by ProjectVRM.
){kind=link}