Key takeaways from the OpenID Foundation and World Bank webinar on verifiable credentials

The OpenID Foundation was proud to join the World Bank's Innovation for Service Delivery series for a webinar exploring the growing global momentum behind verifiable credentials (VCs) and digital wallets. The session was aimed at governments as a whole, not just their digital or identity teams, because the potential of VCs extends well beyond identity into health, agriculture, financial inclusion, and everyday public service delivery.

The two organizations bring complementary strengths to a shared mission. The World Bank brings direct relationships with client governments around the world, and is working closely with partners across the ecosystem to support countries in digitalization journeys that enable service delivery at scale. The OpenID Foundation brings deep technical standards expertise as its specifications are used by billions of people every day across login, open banking, and digital identity. The Foundation is actively shaping the open standards that underpin VC deployments worldwide. Together, they represent a powerful bridge between the standards community and the governments that need to implement them.

Moderated by Marie Eichholtzer, Senior Digital Development Specialist at the World Bank, speakers from both organizations unpacked what VCs are, why they are genuinely transformational, and how governments can realistically get started.

Setting the scene

Goran Vranic, Senior Digital Specialist at the World Bank, opened by grounding the discussion in real-world stakes. He highlighted that cross-border trade, health services, agriculture, and financial inclusion all still rely heavily on paper-based processes that are slow, costly, and difficult to verify. Verifiable credentials, he argued, are already changing this across more than 40 countries, and the webinar would unpack both the technology and the opportunity it presents for governments and development institutions.

Why are verifiable credentials being adopted? 

Gail Hodges, the Foundation’s Executive Director, offered a panoramic view of why so many jurisdictions are investing in digital identity infrastructure. The motivations vary from equity, financial inclusion, health access, fraud reduction, and GDP growth. The underlying infrastructure, however, can serve all of them simultaneously.

Gail noted that where digital identity once meant centralized, government-controlled systems, more than 38 jurisdictions are now pursuing wallet-based, decentralized architectures built on open standards. This includes the OpenID Foundation’s own OpenID for Verifiable Credential Issuance (OID4VCI) and OpenID for Verifiable Presentations (OID4VP). 

Apple Wallet, Google Wallet, and Samsung Wallet are already issuing identity credentials in early adopter markets, including the US, Japan, and Australia.

Referencing Microsoft's Digital Defence Report 2025, Gail highlighted that government agencies, financial institutions, and critical infrastructure are among the most common attack targets globally. In the US alone, estimated fraud losses linked to identity infrastructure weaknesses exceed $1 trillion annually. AI-enabled attacks are making the situation worse. She argued that high-assurance verifiable credentials are among the most powerful tools available to address this, not just for user convenience but also as a matter of national security.

The superpowers of verifiable credentials

Oliver Terbu, leading conformance testing for the European Commission and working on digital identity standards for MATTR, went a level deeper. He explained what makes VCs fundamentally different from traditional identity documents – the fact that authenticity is embedded in the credential itself via a cryptographic signature from the issuer. This takes away the need to visually inspect a document, call the issuer, query a database, or trust the channel. If even a single bit of data is altered, the signature breaks, making verification “deterministic rather than probabilistic.”

Oliver introduced the concept of selective disclosure. Rather than sharing an entire passport to prove a single attribute, a VC holder can share only the specific claims a verifier needs. For example, proving age without revealing a date of birth, name, or address. Credentials can also be bound to a specific device or wallet application, adding a further layer of security.

He recommended the OpenID Foundation’s High Assurance Interoperability Profile (HAIP) as a practical starting point. Rather than leaving implementers to navigate a complex range of technical options, HAIP makes those choices for them, defining how credentials are issued and presented, and which formats to use. 

The result is a faster path to deployment and built-in interoperability with the EU Digital Identity Wallet and other major ecosystems. Oliver's practical advice was to design the user journey before selecting any protocols, calibrate security to the sensitivity of the credential, and always validate that implementations work with others through conformance testing.

Policy foundations for verifiable credentials and wallets 

Elizabeth Garber, Strategy and Marketing Director at the OpenID Foundation and SIDI Hub Program Coordinator, addressed the policy layer that underpins any trustworthy digital identity system. Drawing on trust framework analysis of ten or more countries through the OpenID Foundation’s work within the SIDI Hub, she outlined the many dimensions that need to be defined. This included the legal authority behind credential issuance, data protection and cyber security provisions, institutional roles, procurement practices, and assurance levels.

Her core message was that getting the technology right is only half the job. Governments also need to establish who is authorised to issue which credentials, under what rules, and with what accountability. A cryptographic signature proves a credential hasn't been tampered with, but it doesn't tell a verifier whether to trust the issuer in the first place. Elizabeth pointed to UNDP's DPI Safeguards documentation as a practical starting point for governments working through these questions, and noted that the OpenID Foundations and SIDI Hub are developing tools to help countries compare their frameworks and identify gaps.

Insights from the World Bank

Drawing on his work advising governments across Europe and Central Asia, Christopher Tullis, Senior Digital Specialist at the World Bank, made the case that VCs and digital wallets aren't simply a better version of what exists today. They redistribute responsibility across institutions in a way that reflects how governments actually work.

On the European Digital Identity Wallet Framework, his view was that while countries do not need to replicate it wholesale, aligning with it removes a lot of difficult technical decisions and creates a foundation for cross-border interoperability. The World Bank is actively supporting governments across the Western Balkans, South Caucasus, and Eastern Europe to do exactly that.

His advice for any government getting started was simple - find a motivated partner, pick a straightforward use case, and build a pilot with one issuer and one verifier. The technology is less daunting than it looks; open source tools keep costs manageable. The biggest barrier is usually not technical; it's making sure the right institutions know what role they are expected to play.

On inclusion, he made the point that not everyone needs a digital ID, but those who do are typically already using a smartphone to access digital services, even in lower-income countries.

VCs are not simply an identity technology

Closing the session, Goran highlighted that VCs are the foundation of a trust layer for the internet itself, with applications spanning cross-border trade, health, agriculture, education, and beyond.

He also flagged AI agent identity as an emerging priority. As AI systems increasingly act on behalf of people and organizations, being able to identify and authenticate those agents will matter. VCs are well placed to help.

Reflecting on the OpenID Foundation’s collaboration with the World Bank, Gail said: “Verifiable credentials offer governments a rare opportunity - to improve security, inclusion, and service delivery simultaneously, using open standards that are already proven at scale. But the technology alone is not enough. The trust frameworks, institutional arrangements, and interoperability validation have to be built alongside it. 

“We are delighted to work with the World Bank on this, bringing together the standards expertise of the OpenID Foundation and the World Bank's exceptional reach with governments around the world to help turn that opportunity into reality." 

Both organizations welcomed governments and other stakeholders to reach out and engage. A further session in the series is planned. Beyond the World Bank resources and expertise,  ecosystems considering verifiable credential deployments are always welcome to engage in the Ecosystem Support Community Group, at no cost by signing the group’s participation agreement. 

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, OAuth2 - the FAPI standard for interoperable, high security - has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue that enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.

To learn more about conformance testing and self-certification, please visit the OpenID Foundation’s FAQ section.