The new DCHP WG supports a joint initiative between experts of ISO/IEC JTC1/SC 17 (ISO) WG10 and WG4 and the OpenID Foundation’s Digital Credentials Protocols Working Group (DCP WG) to harmonize their credential presentation protocols. 

Today, ISO/IEC 18013-7 Device Request/Device Response and OpenID for Verifiable Presentations (OID4VP) Authorization Request/Authorization Response take different approaches to credential presentation. The DCHP WG will develop a technical specification for a harmonized Digital Credentials Request Protocol that brings these together, and supports the exchange of multiple credential formats (mdoc and SD-JWT VC). 

The group’s charter was mutually agreed by experts from both working groups and sets out its purpose, scope, and method of work in full. This charter has been approved by the Specifications Council in line with the OIDF Process Document.

As the specification is intended for adoption by both ISO WG10 and the OpenID Foundation’s DCP WG, the DCHP WG will follow agreed Working Procedures designed to achieve this goal. 

First meeting and how to participate

The first DCHP WG meeting takes place on Monday 29 June 2026, 6am to 9am PT. Those interested in joining will find the Zoom link on the DCHP WG page.

To follow progress and connect with working group members, please join the mailing list by contacting openid-specs-dchp@lists.openid.net.

In order to contribute to a specification within the working group, an Intellectual Property Rights (IPR) contribution agreement can be submitted, either electronically or by paper by selecting “All WGs” or just the “DCHP WG.” 

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy-preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, OAuth2 – the FAPI standard for interoperable, high security – has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue that enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.

To learn more about conformance testing and self-certification, please visit the OpenID Foundation’s FAQ section.

The post Announcing the new Digital Credentials Harmonized Presentation Working Group first appeared on OpenID Foundation.

The AuthZEN Working Group has approved the AuthZEN Access Request and Approval Profile (AARP) and AuthZEN Profile for Model Context Protocol Tool Authorization (COAZ) official Working Group Drafts.

The AARP draft addresses a challenge that is becoming central as applications, services, and AI systems grow more autonomous: what should happen when policy cannot authorize an action yet, because a prerequisite must first be satisfied. Approval, consent, delegated authority, an attestation, a risk assessment, or additional justification may be required before a decision can be reached. AARP defines interoperable patterns for requesting, tracking, satisfying, and re-evaluating these prerequisites, so applications, authorization systems, governance platforms, and agents can coordinate while policy remains the ultimate authority.

The COAZ draft adds a profile for standardizing the mapping from different source information models into the AuthZEN Subject-Action-Resource-Context (SARC) structure which makes up the Authorization API 1.0 via metadata to allow different enforcement points such as API or AI Gateways, services meshes or downstream systems to know how to authorize requests against a compatible PDP. The initial target has been to enable Model Context Protocol tools to expose the authorization checks required to call a tool to bring a control to agentic workflows. 

Why now

Authorization has long been treated as a single allow-or-deny decision. In practice, organizations have always relied on human-in-the-loop governance around access: approvals, consent, exception handling, delegated decisions, and policy review are already part of enterprise security.

What is new is the frequency and the speed. Traditional applications ran inside predefined workflows; when extra approval was needed, a person stepped out, completed a separate process, and returned. Agents do not work that way. They discover tools dynamically, invoke services at runtime, coordinate across systems, and pursue goals rather than fixed scripts. As a result they routinely reach a point where policy cannot yet authorize an action, and there has been no interoperable way to express “not yet, and here is what is required.” Today that gap is filled with proprietary integrations. The industry needs a common pattern instead.

Approval as an input to authorization

Historically, authorization systems answered one question: can this action be performed right now?Increasingly they must also answer: what is required before policy can authorize this action?

This is a shift in shape, not in authority. The goal is not to bypass policy or to turn authorization systems into workflow engines. It is to let applications, agents, governance platforms, and trust services cooperate in gathering what policy needs, and then to ask policy again. Approval, consent, delegation, attestation, and risk evaluation each become an input to a decision; policy remains the decision-maker, evaluated at the moment of enforcement.

Consider an AI agent helping with vendor payments. When it attempts a transfer above a set threshold, policy does not simply deny the action; it signals that the request is approvable and what is needed. The agent records a handle to the pending request and can hand off or resume later. A manager approves through the organization’s existing process, policy is re-evaluated, and only then does the action proceed. The denial was never an opening to act; approval was one input to a fresh decision. 

This is to authorization prerequisites what Client-Initiated Backchannel Authentication (CIBA) is to authentication approval. Like CIBA, AARP defines a standardized, asynchronous, out-of-band interaction, here generalized to policy and able to be satisfied by a person or an automated governance system.

A consistent OpenID Foundation story

For more than two decades the OpenID Foundation has defined how trust is established across independent systems, and AARP and COAZ extend a clear progression:

• OpenID Connect standardized how systems establish identity.
• OAuth standardized delegated access.
• CIBA standardized asynchronous, user-mediated authorization and approval across devices and channels.
• Verifiable Credentials work standardized portable trust, authority, and attestations.
• AARP standardizes how systems acquire and manage the prerequisites that policy needs before it can authorize an action.

AARP and COAZ build directly on the AuthZEN Authorization API, which established a common interface for authorization requests and policy decisions and helped organizations separate authorization logic from applications. The API makes the decision interoperable; AARP defines the steps required when a decision cannot yet be reached and COAZ makes it portable to other information models. Together they move authorization toward the interoperability that OpenID Connect and OAuth brought to authentication and delegated access.

Industry participation

The OpenID Foundation is encouraged by participation from across the identity, authorization, governance, and AI ecosystems. Organizations contributing to the development and review of this work include:

• Axiomatics AB (axiomatics.com)
• C1 (c1.ai)
• Cerbos (cerbos.dev)
• Indykite (indykite.ai)
• Keycard (keycard.ai)
• Okta (okta.com)
• SailPoint (sailpoint.com)

With participants ranging from established enterprise security vendors to emerging AI infrastructure providers, their involvement reflects a growing recognition that authorization now depends on interactions spanning applications, governance systems, trust infrastructure, and policy services.

“Authorization has been overlooked for too long. It’s time we tackled the ‘what can happen’ question in a standardized way. Siloed, hard-coded, and brittle authorization is already a problem in today’s apps. AI is compounding the challenge at an unprecedented scale. The solution will come from well-designed, highly-decoupled and standards-based authorization systems that provide hooks into all the components of a modern AI architecture. AARP alongside other standards such as AuthZEN, Shared Signals, and ALFA, are the foundation for a future-proof AI authorization framework.”

— David Brossard, Co-chair, AuthZEN & CTO, Axiomatics, a Leonardo Company.

“Authorization is no longer just about answering ‘allow’ or ‘deny’. Modern systems, especially AI agents, often need approvals, attestations, delegated authority, or other prerequisites before a decision can be made. AARP provides a standard way for applications, governance systems, and authorization services to coordinate those interactions while ensuring policy remains the ultimate authority.”

— Alex Olivier, Co-chair, AuthZEN & Co-founder, Cerbos

“The new AARP and COAZ profiles for AuthZEN pave the way for true Agentic Workflow governance, and recognize the fact that AI Agents are truly different entities from anything we have encountered before in the Access Management world.”

— Alex Babeanu, Co-chair, AuthZEN & Lead PM, Indykite

“AI agents need a proper way to handle ‘no.’ Today an agent that hits a policy boundary works around it in increasingly complex ways. That behavior doesn’t belong in the workplace. AARP and COAZ give agents a real way to respond to denial and proceed only after policy clears them. That’s what lets organizations give agents the least privilege possible while keeping them useful, and Okta is proud to support this work to advance safe adoption of AI in the enterprise.”

—  Nick Davis, Vice President, Product Management, Okta

“Enterprises are moving rapidly to put AI agents to work, but adoption depends on securing those agents first, and security depends on control. Real-time governance and authorization is where that control lives. AuthZen and related standards give organizations a way to keep policy at the center of every agent action, so agents can request what they need, wait for approvals or attestations, and act only once policy allows it. That is how we extend least privilege and governance to autonomous systems for real-time control, and SailPoint is proud to support this work.”

— Levent Besik, Chief Product Officer, SailPoint

Looking ahead

The Working Group will continue refining the drafts through community review, implementation feedback, and interoperability testing, with the goal of a practical standard that lets applications, authorization systems, governance platforms, and AI infrastructure coordinate around authorization prerequisites using common patterns.

For more than twenty years the industry has standardized how systems authenticate users and grant access. As software increasingly acts on behalf of people, the next step is helping systems securely acquire what they need when authorization cannot yet be determined. The approval of the AuthZEN Access Request and Approval Profile and COAZ profiles for MCP as Working Group Drafts are an important move toward authorization infrastructure built for the agent era.

The OpenID Foundation welcomes vendors, enterprises, implementers, researchers, and standards contributors interested in shaping this work.

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy-preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, OAuth2 – the FAPI standard for interoperable, high security – has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue that enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.

To learn more about conformance testing and self-certification, please visit the OpenID Foundation’s FAQ section.

The post OpenID Foundation advances authorization for the agent era with new AuthZEN Working Group Drafts first appeared on OpenID Foundation.

Australian Digital Trust Community Group Innovation Day

The Australian Digital Trust Community Group is pleased to announce our second Innovation Day in Melbourne on Wednesday 24th June, 8.30-12.30pm.

This session will focus on Framework Interoperability, bringing together industry, government, and international perspectives to explore how digital id frameworks can work together in practice.

Our agenda includes expert perspectives, a panel discussion, interoperability analysis, and an interactive breakout activity.

If you’re interested in attending please email: stephanie.meli@oidf.org

Membership of the Community Group is open to all, inclusive of individuals from technology and service vendors, all industry sectors, representatives of consumer groups,  as well as federal and state governments. Community Group members are not required to join OIDF (although we recommend it). The only requirement is to sign a participation agreement, which you can review here.

To get involved, please join the mailing list. We look forward to welcoming you!

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, OAuth2 – the FAPI standard for interoperable, high security – has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue that enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.

To learn more about conformance testing and self-certification, please visit the OpenID Foundation’s FAQ section.

The post Australian Digital Trust Community Group’s 2nd Innovation Day – 24th June 2026 first appeared on OpenID Foundation.

The OpenID Foundation joined participants from across the industry at the 13th ISO mDL interoperability test event in La Ciotat, France last week, taking its

The two-day event, held 28–29 May, focused on interoperability testing against ISO/IEC 18013-5 and ISO/IEC TS 18013-7, including the draft appendices that reference the OpenID for Verifiable Presentations (VP) 1.0 Final and the High Assurance Interoperability Profile (HAIP) 1.0 Final specifications. These are the foundational standards for mobile driving licences and related document types. 

Conformance testing in action

The event gave implementers of OpenID4VP and the HAIP the opportunity to run their solutions through the OpenID Foundation’s conformance tests, with a significant number passing the tests on the day.

Where implementations required refinement, the tests did exactly what they were designed to do, giving implementers clear, detailed feedback on specific issues so they could resolve them quickly and move forward with confidence.

 Joseph Heenan, the OpenID Foundation’s Standards Specialist & Certification Director, also gave a presentation to the delegates at the international showcase, covering the value of conformance testing, how to use the OpenID Foundation’s test suite, and where development currently stands. This was followed by a live demonstration of the conformance suite working with a HAIP compliant wallet, bringing the tests to life for an international audience of standards bodies, government representatives and industry implementers.

The event also generated valuable feedback from participants on further improvements to the tests, input the OpenID Foundation team is already acting on.

Joseph said: “The number of successful implementations we saw in La Ciotat is a strong signal that OpenID for Verifiable Presentations and HAIP are ready for real-world deployment. The results from the OpenID Foundation tests showed that conformance testing isn’t just a checkbox. It plays a crucial role in building scalable and interoperable ecosystems.”

Freely available, open source tests 

Implementers of OpenID for Verifiable Presentations, OpenID for Verifiable Credential Issuance and HAIP can access the open source tests to build their implementations against. These are available at no cost using the links below. 

• Tests for OpenID for Verifiable Presentations 1.0 + HAIP 1.0 (with SD-JWT and mdoc).
• Tests for OpenID for Verifiable Credential Issuance 1.0 + HAIP 1.0 (with SD-JWT and mdoc).  

The OpenID Foundation welcomes any feedback on the tests to help improve them. Feedback can be sent to certification@oidf.org  

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, OAuth2 – the FAPI standard for interoperable, high security – has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue that enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.

The post OIDF conformance tests deliver results in La Ciotat first appeared on OpenID Foundation.

The OpenID Foundation was proud to join the recent

ID4Africa is the only pan-African movement dedicated to helping African nations build robust and responsible identity ecosystems, bringing together 48 member governments, international development agencies, and the private sector.

This year’s theme, Digital Identity: From DPI to Digital Public Ecosystems, reflected a maturing conversation. The conversation is about more than just infrastructure; it embraces governance, interoperability, and the full spectrum of human and institutional factors that make digital identity work in practice and across society.

The OpenID Foundation’s contributions were made within a track focused on building digital public infrastructure (DPI) for open finance. The OpenID Foundation contributors also focused on how technical trust can be established across borders and between actors with no prior relationship. 

Executive Director Gail Hodges, was joined by Vice-Chair and Co-Chair of the FAPI Working Group and Ecosystem Support Community Group Dima Postnikov, as well as Strategy and Marketing Director Elizabeth Garber, and SIDI Hub co-organizer and Secure Identity Alliance Executive Director Stéphanie de Labriolle represented the Foundation across two sessions.

Keynote: Digital identity as the backbone of modern financial systems 

Gail and Dima delivered a keynote presentation titled Digital Identity as the Backbone of Modern Financial Systems: Navigating eKYC, Open Finance, and Global Standards. The presentation set out the Foundation’s perspective on where digital identity standards are heading and the role it is playing in supporting markets in getting there.

They walked their audience through the growing global adoption of OpenID Foundation specifications, covering the FAPI Security Profile for open data and finance, as well as OpenID for Verifiable Credentials. They mapped the real-world footprint of the specifications across ecosystems and cross-border implementations.

Three trends shaped the keynote’s core argument. The first was the value of proven best practices – formally profiled standards, reference architectures, conformance testing, and interoperability events. They argued that markets that adopted this approach benefited from lower costs, faster implementation, stronger security, and freedom from vendor lock-in. Reference architectures were highlighted as particularly important for verifiable credential ecosystems, with AI threat mitigation and post-quantum cryptography readiness framed as additional reasons to invest in standards-based foundations now.

The second trend was an ecosystem approach – a shift from siloed implementations toward whole-of-economy thinking that spans identity, data, and payments across government, banking, health, and education. This means considering all identities (human, organisational, and system), establishing common trust frameworks, and evolving technology and policy together.

The third trend addressed the federated versus decentralised debate. This led to a pragmatic conclusion that many existing systems already work, and that privacy requirements differ by use case, so the right answer is often both. This theme was echoed in other presentations during ID4Africa, highlighting the « hybrid » model where foundational identity systems can blend verifiable credential solutions as well. 

The session closed with a call to action for markets making these decisions to join the conversation and help shape the playbook, not just the procurement.

Panel: Technical alignment in support of cross-border interoperability

Gail also moderated a panel discussion titled “Technical Alignment in Support of Cross-Border Interoperability.” It brought together Dima, Elizabeth, and Stéphanie to unpack several of these themes.

The session was designed to be concrete and practical, drawing on direct experience across Australia, Europe, Latin America, and beyond to focus on what has worked, what hasn’t, and what to avoid.

Topics included:

• Lessons from Project Aperta, the Bank for International Settlements’ (BIS) cross-border initiative involving the UAE, UK, Hong Kong, and Brazil, and its use of FAPI and federation.
• OSIA‘s evolving Authentic Source API and its alignment with eIDAS and ITU standards, and the recent addition of FAPI 2.0 to their architecture as an option for cross-trust domain interoperability.
• Trust framework mapping across 11+ countries through the SIDI Hub.
• The emerging security implications of AI-enabled cybercrime and post-quantum cryptography for identity infrastructure.

Beyond the formal sessions, conversations throughout the event signaled growing momentum across the continent. A number of African jurisdictions are actively exploring verifiable credentials, examining relevant use cases and implementation approaches, and there is emerging interest in how cross-border use cases might be advanced through their adoption. The OpenID Foundation welcomes this momentum and looks forward to supporting the community as these conversations develop.

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy-preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, OAuth2 – the FAPI standard for interoperable, high security – has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue that enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.

To learn more about conformance testing and self-certification, please visit the OpenID Foundation’s FAQ section.

The post Four OpenID Foundation voices at ID4Africa 2026 in Abidjan first appeared on OpenID Foundation.

The OpenID Foundation is pleased to welcome

CrowdStrike is a global cybersecurity leader whose CrowdStrike Falcon® platform delivers real-time threat detection, endpoint protection, and high-fidelity security intelligence across modern enterprise environments. 

CrowdStrike brings with it significant expertise in real-time threat detection and security threat intelligence. As identity has become a primary target for attackers, organizations increasingly need access controls that reflect current risk rather than relying on one-time authentication. Its Falcon platform is already generating the kind of signals that standards like Continuous Access Evaluation Profile (CAEP) are designed to share across identity systems.

And thanks to its acquisition of SGNL in February 2026, CrowdStrike arrives at the OpenID Foundation with an established presence in the ecosystem. SGNL had already been an active contributor to OpenID working groups and standards development, including Shared Signals and AuthZEN, and the OpenID AI and Identity Management community group. Central to this work are standards such as the OpenID Shared Signals Framework (SSF) and CAEP, which enable systems to exchange security signals as events occur, allowing identity decisions to adapt continuously to changing conditions.

That involvement now carries forward into CrowdStrike’s membership.

Gail Hodges, Executive Director of the OpenID Foundation, said: “CrowdStrike’s leadership in identity security and commitment to strengthening open identity standards make them an invaluable addition to the OpenID Foundation’s Working Groups and Board. Their participation sends a powerful message across cybersecurity: in the age of AI-accelerated attacks, open identity standards are not optional but a foundational requirement for effective, real-time defense.”

CrowdStrike also operates caep.dev, a platform that gives developers practical tools to test CAEP implementations and build transmitters and receivers using open source components, supporting adoption across the wider ecosystem. 

Atul Tulshibagwale, Senior Director for Continuous Identity Strategy at CrowdStrike, said: “CrowdStrike is proud to join the OpenID Foundation as a Sustaining Corporate Member, reflecting our deep commitment to open standards. That commitment is already embodied in our products, which support the OpenID standards: SSF, CAEP, and AuthZEN.”

As a Sustaining Corporate Member, CrowdStrike joins other global thought leaders on the Foundation’s Board of Directors from the identity, digital platform, and ecosystem communities, who jointly ensure the Foundation delivers on its mission as an open standards body.

The OpenID Foundation has long held that robust, interoperable identity standards depend on broad industry collaboration. CrowdStrike’s membership strengthens that collective effort considerably.

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, OAuth2 – the FAPI standard for interoperable, high security – has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue that enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.

To learn more about conformance testing and self-certification, please visit the OpenID Foundation’s FAQ section.

The post CrowdStrike joins the OIDF as a Sustaining Corporate Member first appeared on OpenID Foundation.

The OpenID Foundation congratulates the

The award was presented by KuppingerCole, one of the most respected analyst and research firms in the identity and access management space, who commented that AuthZEN that it “stood out among submissions and made a strong, positive impression” and demonstrated “a high level of quality, innovation, and dedication.”

The award was accepted on behalf of the working group by co-chairs David Brossard and Alex Olivier.  

David said: “Authentication has been well served by open standards for years, but authorization has always lagged behind. AuthZEN exists to close that gap. Building an interoperability standard from the ground up takes sustained commitment from a broad community, and the AuthZEN community has delivered. This recognition belongs to everyone who made that possible.”

Alex added: “This award reflects the work of the entire working group, a broad community that chose interoperability over proprietary lock-in. And it lands at exactly the right time: as AI agents begin acting on our behalf, a common standard for authorization is how the industry keeps the agentic era secure.”

Continuing a track record of excellence

This award continues a proud tradition of EIC recognition for the OpenID Foundation’s work.

In 2024, the Foundation’s OpenID for Verifiable Credentials work took the EIC award in the Future Technologies and Standards category. In 2018, the OpenID Certification Programme won the EIC Award for Best Innovation. And in 2012, OpenID Connect itself won the same award. 

Gail Hodges, Executive Director of the OpenID Foundation, said: “AuthZEN’s recognition at EIC 2026 adds another chapter to a proud story of innovation across the OIDF community. This is a highly deserved acknowledgment of the group’s collaborative work that has put interoperable authorization on the map. We congratulate everyone who has contributed to the AuthZEN WG, and we look forward to seeing what comes next.”

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, OAuth2 – the FAPI standard for interoperable, high security – has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue that enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.

The post OpenID AuthZEN wins EIC 2026 Outstanding Project Recognition first appeared on OpenID Foundation.

Written by Olaf Grewe, Head of Product, Sign-up and Log-in at National Australia Bank, and Co-Chair of the ADT CG 

This was the question explored at an Innovation Day organised by the OpenID Foundation’s Australian Digital Trust Community Group (ADT CG) earlier this year. 

Hosted by Mallesons in Sydney, Australia, the event brought together a broad mix of expertise from across Australia’s public and private sector, with international perspectives also represented. It explored digital identity frameworks, Open Banking, education, and emerging issues around death and the digital estate.

Digital identity is most commonly framed as a technology or compliance challenge, a matter of standards, architecture, and regulation. But that framing can obscure a deeper problem, that even well designed systems fail to deliver their potential if the underlying incentive structures are misaligned. The ADT CG’s Innovation Day started from that premise, that the structural and economic conditions shaping a digital ID ecosystem matter just as much as its technical design.

Why another lens is needed

Like telecommunications networks, energy grids, or payments infrastructure, digital ID only delivers value when many different participants work together. However, those participants have different commercial interests, different risk appetites, and different incentives to invest, optimising for their own position, rather than the health of the ecosystem. This means that while an individual organisation can make perfectly rational decisions for itself, the overall outcome can still be far below the potential of the digital ID ecosystem. 

The Innovation Day was designed to bring these tensions (or second order effects) to the surface, rather than push towards a single policy or technical fix.

The event combined presentations, open discussion, and structured breakout sessions. Using established economic concepts, participants examined in the breakout sessions how trust frameworks, market dynamics, behavioural incentives, and governance models shape digital ID ecosystems, as well as where they tend to go wrong. Expertise from the National Australia Bank, the University of Sydney Business School, and the Australian National University Research School of Economics was leveraged to prepare the sessions. 

What the workshop found

The practical lesson that emerged was equally clear – digital ID systems are more likely to work well for everyone when participants have genuine choice and can assess quality. Where competition can do its job, it should be allowed to. Where it cannot, due to coordination failures or market structure, targeted intervention is needed to address the specific problems that markets will not resolve on their own.

While technical standards are important, they are not enough. How a digital ID ecosystem is governed, and how it distributes costs and rewards among participants, will be just as important in determining its long-term social and economic value.

Why this matters

The ADT CG’s Innovation Day addressed that gap directly, complementing the technical and regulatory perspectives that typically dominate digital ID policy with an economic welfare perspective. The paper that has come out of the workshop brings together multiple economic perspectives into a single framework, giving policymakers, regulators, and practitioners a more rigorous basis for assessing design choices and their knock-on effects. The OpenID Foundation has been central to enabling this kind of work

The OpenID Foundation’s role

Community groups are an important part of how the OpenID Foundation engages beyond its core standards work. The ADT CG brings together Australian practitioners to examine how global standards and frameworks apply in local contexts, and to generate insights that can inform the Foundation’s work globally.

The death and digital estate discussion that featured in this Innovation Day is an area where the Foundation is also active globally, through its dedicated community group. The Australian event is a good example of how these workstreams can learn from each other, combining expertise across technical, legal, and economic domains. 

The paper detailing the full findings of the Innovation Day is available here: Workshop Summary Digital ID Economics OIDF.

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, OAuth2 – the FAPI standard for interoperable, high security – has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue that enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.

To learn more about conformance testing and self-certification, please visit the OpenID Foundation’s FAQ section.

The post Insights from the OIDF’s Australia Innovation Day first appeared on OpenID Foundation.

Representing the OpenID Foundation, Executive Director Gail Hodges made two presentations on day one of the event, covering the global state of digital identity and the standards landscape, trust framework mapping. The OpenID Foundation’s ITU-T Liaison, Bjorn Hjelm, presented remotely on day two in the AI for Good session covering the OpenID Foundation’s work on identity for agentic AI.

This blog post summarises the key points from those sessions.

The global state of digital identity

In her first session, Human-Centric Digital Identity: Overview and State of Play, Gail Hodges noted that more than 60 countries now treat digital identity as critical Digital Public Infrastructure. Verifiable credential deployments are live in the United States, Japan, the United Kingdom, India, and Switzerland (in beta), with the EU on track to launch its digital identity wallet by end 2026 and the Western Balkans expected to follow. Approximately 43 countries are issuing or actively planning to issue verifiable credentials.

The reasons governments are investing are consistent: equity and inclusion, economic growth, cross-border trade, health services, saving time and money, and averting cybercrime – estimated to cost the global economy between $1 and $10 trillion. In 2023, most national identity models were centralised. By 2026, a clearer pattern has developed. Countries are building on foundational identity infrastructure to issue verifiable credentials held in user-controlled wallets. These are digitally signed, tamper evident statements that allow holders to share only what is needed, such as confirming they are over 18 without revealing a date of birth. 

The standards landscape

Gail’s first session also covered the standards landscape, noting that the Foundation’s OpenID for Verifiable Credentials suite – OID4VCI, OID4VP, and the High Assurance Interoperability Profile (HAIP) – has been adopted as the technical foundation for the EU Digital Identity Wallet, trusted by the EU and its 27 member states, with the We by stern Balkans and other jurisdictions following suit.

Since December 2025, ISO and the OpenID Foundation have been conducting joint due diligence on where to host work that can support both the ISO 18013-5 and OpenID4VP presentation protocols in a harmonized solution, with more information forthcoming. 

Separately, the Foundation has launched an accreditation programme for ecosystem testing, with MOU signatories including FIDO Alliance, Kantara Initiative, FIME, Raidiam, TrustID Solutions, and BixeLab. The Foundation is working with the European Commission, NIST, the Australian Government, and California on conformance programmes.

Last but not least, jurisdictions that consider verifiable credentials may also want to consider the optimal standard for discovery. OpenID Federation 1.0, has been selected by EDUGain, the Italian Government, and the Bank of International Settlements for Project Aperta, a cross-border open data initiative in trade finance. Federation includes use of the ITU-T’s own x509 but it allows for greater flexibility to support new requirements.

Trust Frameworks – the policy layer

Gail’s second session, Trust Framework Mapping and SIDI Hub, addressed why the policy and governance layer is as important as the technical one. Trust frameworks define the rules and policies that allow users, organisations, services, and devices to rely on one another, but they must reflect local legal systems, civil registration infrastructure, institutional arrangements, and the role of the private sector.

The SIDI Hub has conducted original trust framework analysis across more than ten countries, including the UK, EU, US, Canada, Singapore, Sweden, Japan, Thailand, Australia, and New Zealand. Working with Fraunhofer, it is developing a comparison tool for policy makers, GovTech teams, and private sector organisations building for multiple markets.

The session also presented a worked financial services example: the NIST NCCoE SP 1800-42A publication on mobile Driver’s Licences, developed through 11 interoperability events involving state issuers, banks, digital platforms, and the OpenID Foundation. Four jurisdictions, including the US, EU, Australia, and New Zealand, are aligning on financial institution compliance through protocol level metadata covering assurance levels, proofing methods, and authentication types.

Agentic AI – identity and delegation

Bjorn Hjelm’s session addressed identity and authorisation challenges for autonomous AI systems, drawing on the AIIM Community Group‘s 2025 whitepaper Identity Management for Agentic AI. Existing frameworks can support current agent use cases, including agents working within a single organisation or helping users access their own data, with the Model Context Protocol (MCP) – the leading standard for connecting AI models to external tools.

As AI systems move toward greater autonomy, those frameworks face new challenges around delegated authority across networks of connected agents. The OpenID Foundation has been developing the OpenID Connect Authority Claims Extension for on-behalf-of delegated authorisation that can also support AI systems. The specification supports use cases including AI-driven identity, the use cases supported in the Death and Digital Estate (DADE) community group, and age assurance.

Continuing the conversation

The OpenID Foundation will continue to engage with ITU-T and the broader international community as digital identity deployments scale globally and AI systems become more autonomous. The Foundation’s work is open to participation through working groups, community groups, and conformance programmes. 

Those wishing to engage are encouraged to get in touch: help@oidf.org  

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, OAuth2 – the FAPI standard for interoperable, high security – has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue that enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.

To learn more about conformance testing and self-certification, please visit the OpenID Foundation’s FAQ section.

The post OIDF presents at ITU-T workshop on digital ID and agentic AI first appeared on OpenID Foundation.

• International Government Assurance (iGov) Profile for OAuth 2.0: https://openid.net/specs/openid-igov-oauth2-1_0-ID2.html 

• Approve – 68 votes
• Object — 2 votes
• Abstain – 35 votes

The post Implementer’s Draft of International Government Assurance (iGov) Profile for OAuth 2.0 Approved first appeared on OpenID Foundation.