The digital identity landscape includes multiple credential formats, each designed for different use cases and contexts. Understanding their strengths and tradeoffs helps governments, businesses, and technologists make informed choices about which standards to support.
What are the major formats at a glance?
ISO/IEC 18013-5 & 18013-7 (mDLs) are international standards specifically for mobile driver's licenses. They offer strong government adoption, TSA acceptance, and standardized presentation for travel and age checks. However, their scope is narrow, designed for driver's licenses only, and implementation can be complex. Best fit: state DMVs, airports, traffic enforcement, and age verification.
ISO/IEC 23220 (mdocs) extends the ISO framework to mobile documents, encompassing not only driver's licenses but also passports, residence permits, and other government credentials. It supports both offline and online use with strong interoperability goals, but adoption is not yet as widespread as that of mDLs. Best fit: immigration, cross-border travel, civil registries.
W3C Verifiable Credentials offer a flexible data model for any type of digital credential, supported by the World Wide Web Consortium. They're broadly applicable across industries, highly extensible, and support advanced privacy techniques. However, they're still maturing, and interoperability across vendors can vary without strong governance. Best fit: universities, employers, financial services, and governments experimenting with general-purpose digital ID.
SD-JWT (Selective Disclosure JWTs) bring privacy-preserving features to the massive JWT ecosystem already used in enterprise IT. They enable easy adoption without new infrastructure and support selective disclosure. However, they have limited expressive power compared to VCs and are less mature for long-term portability. Best fit: enterprises, healthcare, fintech, where JWTs are already dominant.
What is the case for multi-format issuance?
One challenge in this space is the sheer number of formats in play. Each has strengths: VCs offer flexibility across industries, ISO standards are backed by governments and transportation regulators, and SD-JWTs connect privacy-preserving features with existing enterprise systems.
The key insight is that these formats are not competitors, they're complements. Each solves a different piece of the identity puzzle. The best approach is not to pick a single winner, but to design for interoperability.
A best practice emerging in the field is multi-format issuance, which involves provisioning credentials simultaneously in multiple formats. Some programs and ecosystems explore multi-format issuance, supporting more than one representation or protocol family, to meet the diverse needs of relying parties across regulated, consumer, and enterprise contexts. This ensures acceptance in regulated contexts, such as TSA checkpoints, while supporting broader digital use cases and cross-border interoperability.
How to choose?
When evaluating formats, consider the use case, ecosystem maturity, and interoperability requirements. For government identity documents requiring federal acceptance, ISO 18013-5/7 is essential. For flexible, cross-sector credentials, such as diplomas or professional licenses, W3C VCs offer the broadest applicability. For enterprise adoption where JWT infrastructure already exists, SD-JWTs offer the lowest barrier to entry.
The safest approach is to align with established standards bodies, W3C, ISO, IETF, and the OpenID Foundation, and ensure implementations can bridge formats rather than being locked into just one. As the ecosystem matures, wallets, issuers, and verifiers should be designed to support multiple formats, since different industries and jurisdictions will inevitably favor different standards.
Want to keep learning?
Subscribe to our blog.
