Standards bodies are organizations that develop and publish technical specifications ensuring digital identity systems work consistently across jurisdictions, industries, and technology providers. These organizations bring together governments, technology companies, and experts to create shared rules that enable interoperability, security, and privacy at scale.
International Organization for Standardization (ISO)
ISO is an independent, non-governmental international organization that develops and publishes standards across industries worldwide. In digital identity, ISO collaborates with the International Electrotechnical Commission (IEC) on the standards that define mobile driver's licenses and mobile documents.
The ISO/IEC 18013 series establishes the foundation for mDLs. ISO/IEC 18013-5 defines requirements for mDL applications, including data elements, privacy protections, cryptographic safeguards, and secure communication protocols. ISO/IEC 18013-7 provides a framework for online mDL verification, extending the standard to remote use cases critical for digital onboarding and online services. The complementary ISO/IEC 23220 series extends these concepts to mobile documents beyond driver's licenses, enabling digital wallets to store credentials such as diplomas, permits, and professional certifications.
World Wide Web Consortium (W3C)
The W3C is an international community that develops open standards for the web. In digital identity, W3C has produced two foundational standards: Verifiable Credentials (VCs) and Decentralized Identifiers (DIDs).
Verifiable Credentials provide a universal data model for digital credentials. A VC is a cryptographically signed digital version of documents, such as diplomas, licenses, or membership cards, structured so that any recipient can parse and verify it. Decentralized Identifiers create globally unique, cryptographically verifiable identifiers that aren't tied to any central authority. Together, these standards enable credentials that are portable, tamper-proof, and verifiable across industries and borders.
W3C has also developed Web Authentication (WebAuthn), which enables passwordless authentication using public key cryptography, and the Credential Management API, which provides browser interfaces for credential-related flows, with storage security dependent on the user agent.
Internet Engineering Task Force (IETF)
The IETF is a global community dedicated to the evolution of Internet architecture and the development of Internet protocols. IETF develops voluntary Internet standards that facilitate interoperability and reliable network operations.
For digital identity, IETF has developed standards including Transport Layer Security (TLS) for secure communications, and more recently, Selective Disclosure JSON Web Tokens (SD-JWTs). SD-JWTs enable privacy-preserving features within the familiar JWT ecosystem already used across enterprise applications, allowing holders to choose which claims to disclose while verifiers can still check the issuer's signature.
OpenID Foundation
The OpenID Foundation is a nonprofit organization that promotes open standards for digital identity and authentication. Its flagship standard, OpenID Connect, builds on OAuth 2.0 to provide secure, interoperable authentication across websites and applications.
The Foundation has extended these protocols to verifiable digital credentials through OpenID for Verifiable Credential Issuance (OID4VCI) and OpenID for Verifiable Presentations (OID4VP). These protocols define how credentials are exchanged between issuers, holders, and verifiers, leveraging familiar authentication infrastructure to facilitate adoption. The Foundation also houses working groups covering identity assurance (eKYC), financial-grade APIs (FAPI), healthcare (HEART), and government interoperability profiles (iGov).
Other key organizations
The European Telecommunications Standards Institute (ETSI) develops standards for telecommunications and electronic communications, including those supporting eIDAS trust services, such as electronic signatures and seals. The Organization for the Advancement of Structured Information Standards (OASIS) has developed essential security standards, including Security Assertion Markup Language (SAML) for federated identity. The Institute of Electrical and Electronics Engineers (IEEE) contributes standards for biometric privacy and smart grid identity applications. The American National Standards Institute (ANSI) accredits other standards organizations and contributes to digital signature and identity management standards.
Why standards bodies matter
Without standards, identity systems remain fragmented. Each organization might design its own credential format, making cross-system verification nearly impossible. Standards create shared rules that enable a mobile ID issued in one state to be recognized at airports nationwide, a digital diploma to be verified by any employer globally, and healthcare credentials to work across different systems.
By aligning with credible standards development organizations, such as ISO, W3C, IETF, and the OpenID Foundation, digital identity implementations gain predictable data models, reliable security controls, and interoperable presentation flows that reduce fragmentation and build trust at scale.
Want to keep learning?
Subscribe to our blog.
