
Hi, I'm Eric.
I’m an avid world traveler, photographer, software developer, and digital storyteller.
I help implement the Content Authenticity Initiative at Adobe.
Hi, I'm Eric.
I’m an avid world traveler, photographer, software developer, and digital storyteller.
I help implement the Content Authenticity Initiative at Adobe.
8 April 2025
This week I’m attending the 40th biannual Internet Identity Workshop, which is one of the most valuable conferences I’ve encountered in any professional space. As the name might suggest, the topics are largely around how to express human and organizational identity in digital terms that respect privacy and security.
I’m part of a team at Adobe that is dedicated to helping content creators and content consumers establish genuine connections with each other. We do this through three organizations that we’ve helped to create:
Content Authenticity Initiative: CAI is a community of media and tech companies, NGOs, academics, and others working to promote adoption of an open industry standard for content authenticity and provenance. The CAI does outreach, advocacy, and education around these open standards. Content Authenticity Initiative is also the name of the business unit of which I’m a part at Adobe through which we participate in all three of these organizations, develop open source and open standards, and guide implementation within Adobe’s product and service suite.
Coalition for Content Provenance and Authenticity: C2PA is a technical standards organization which addresses the prevalence of misleading information online through the development of technical standards for certifying the source and history (or provenance) of media content.
Creator Assertions Working Group: CAWG builds upon the work of the C2PA by defining additional assertions that allow content creators to express individual and organizational identity and intent about their content. NEW: As of March 2025, CAWG has become a working group within the Decentralized Identity Foundation (DIF).
Last year, I published an article titled Content Authenticity 101, which explains these organizations and our motivations in more detail.
IIW is held at the lovely Computer History Museum, which recounts the formative years of our tech industry. CHM is located in Mountain View, California, right in the heart of Silicon Valley.
I’ll share a few photos of the venue and the conference. My non-technical friends might want to bow out after this section as it will rapidly descend into lots of deep geek speak.
IIW is conducted as an “unconference,” which means that there is a pre-defined structure to the conference, but not a predefined agenda.
There are several variations on how the agenda gets built at an unconference. In IIW’s case, there is an opening meeting on each morning in which people stand up and describe sessions they’d like to lead that day. Then there’s a mad rush to schedule these sessions (see photo below) and we all choose, in the moment, which sessions to attend.
You might think that not having a predefined agenda would mean that the topics that occur could be flimsy or weak or low in value. In practice, the opposite is true. Both times I’ve attended this conference so far, I’ve had to make very difficult choices about which sessions not to attend so I could attend something else which was also very compelling.
With that, here is my description of the sessions I’m attending this time around:
Markus Sabadello, Danube Tech
Update on the various working groups working on DID methods.
Has ratified the as a DID Core 1.0 standard recommendation. New W3C DID WG is currently building:
DID 1.1 standard
application/did
which can be used as a simplification compared to application/did+json
or application/did+ld+json
DID resolution and DID URL dereferencing 1.0 – adds detail around
DID extensions registry
(Collaboration between DIF, W3C CCG, ToIP, and INATPA.)
This WG is intended to address the question of “which DID methods should be used and implemented.” This is an effort to curate the currently-overwhelming list of DID methods.
So far, this group has:
Related to currently-proposed W3C DID Methods WG.
Likely outcome: A curated list of “DIF-endorsed DID methods” which may be formally standardized elsewhere (DIF, EBSI, W3C, ToIP, etc.).
See also (crunched for time at the end):
Darrell O’Donnell and Drummond Reed
Swiss non-profit that aims to build trust ecosystems.
Ayra facilitates ecosystem interoperability.
Each ecosystem (including Ayra itself) governs itself and runs its own trust registry and decides who are legitmate issuers and verifiers within its own ecosystem.
Ayra offers:
We need to know that connections between any wallet and any data consumer will work.
Business -> Governance -> Tech – in that order.
Ayra follows a process to ensure that Ayra creates value for each member and partner.
Ayra is exploring 2-3 projects in next several months.
(Stay tuned for demo in session 4 today.)
Define “first person:” (See Doc Searles’ blog post from a decade ago.) Meaning that the identifier is acting in your interest first and foremost. Avoiding the terms “user-centric” and “self-sovereign” because they have become overloaded and contentious.
Bhutan no longer allows username and password for access to government services. 50%+ of country uses national digital ID, which is truly SSI.
DIDs are not enough – we need SCIDs. A SCID is “the most self-sovereign identifier.” It can be generated for free and retained for life.
There are several SCID-based DID methods:
did:webs
did:webvh
did:jlinc
(FedID)did:plc
(BlueSky)did:scid
(ToIP) – which rules them all because it can be:
Drummond thinks did:scid
is the DID method we need for first-person identifiers.
Much more detail in Drummond’s slide deck (PDF) or Google Slides.
did:webs
for vLEIsCole Davis, Switchchord, Lance Byrd, GLEIF, and Jonathon Rayback
Switchchord moving from did:web
to did:webs
. Bringing “full decentralization” to an industry that is “historically not good with tech.”
Why? Gives assets and songwriters portability without tying them to specific domains or key holders. Cole: “It gives me a lot of building blocks to marry the worlds of legal and cryptography.”
Advantage: did:webs
can be bound to a vLEI. But … did:webs
is undergoing major revision to the current draft to incorporate multi-sig.
Switchchord is working on enabling did:webs
in production. (Behind a feature flag for now.)
Drummond Reed and several others
Early (alpha) version of mobile app that demonstrates first person credentials and creation of in-person relationships.
It’s a “key signing party.”
Ooh, cool, all the data exchange is offline.
This is foundational to what Linux Foundation wants to address the open-source supply chain risks.
Group is planning to come back to IIW 41 with a production-ready version of this same app.
Kim Hamilton Duffy, DIF
(No notes taken; Kim will publish slides soon.)
Eric Scouten, Adobe
Discussion followed my slide deck (PDF).
(Thank you to Luke Nispel of OriginVault for notes.)
Scott Perry, Digital Governance Institute
(Notes and slide deck to follow.)
Andrew Dworschack, Yakoa
Lively discussion about potential credentials to be used for CAWG identity assertion. Sadly, no notes taken.
Ben Curtis, JLINC
Interested in how content provenance could apply to text/HTML content.
Anti-pattern: Physics forum alleged to have generated posts on behalf of long-dormant users.
JLINC has prototyped a system to use DIDs to authenticate text content with potential for capability delegation. (In other words, authorize a system to post on your behalf.)
What’s the smallest possible shortcode that could serve as a pointer to more detailed signature/credential information?
Decentralized method for storing signature using shortcode embedded in plain text.
Discussion about privacy implication of varying SSI technologies. Emphasis on potential selective use of server-retrieval mode in mDL.
(Notes to follow.)
Dmitri Zagadulin and Phillip Long, LinkedCreds
Work sponsored by US Chamber of Commerce with interest in democratizing access to and presentation of various skills credentials.
50% of US workers have no documentable credentials.
How to make self-asserted skills have at least a little bit more credible than hearsay?
Credentials are generated via two workflows:
Thesis: “We can make VCs more interesting by adding evidence of reputation.”
Visible now (for some months, at least, depending on funding) at LinkedCreds.
This project pairs really well with first-person credential project.
Subscribe to my free and occasional (never more than weekly) e-mail newsletter with my latest travel and other stories:
Or follow me on one or more of the socials: