Jun 2026
DIF Website | DIF Mailing Lists | Meeting Recording Archive
Table of contents
- Decentralized Identity Foundation News
- Universal Resolver Task Force
- DID Recommended Methods Announced
- ITU Takeaways
- Working Group Updates
- Hot Takes
- Upcoming Events
- Get involved! Join DIF
Decentralized Identity Foundation News
Summer event season is upon us! Between hopping from EIC to Identity Week and DICE, DIF Members have been busy at dedicated Hospitality and Travel Events, ITU Study Group 17, and upcoming IETF and Dweb gatherings. The Working Groups have been churning out announcements, which keeps our blog calendar full. Highlights this month include:
- An overhaul of DIF's instance of the Universal Resolver
- KYA-OS v1.0 is closing in on formal ratification
- DID Recommended Methods announced (did:webvh and did:webplus) with more in the pipeline (did:cid and did:ethr)
- Hospitality and Travel WG publication of initial HATPro specifications
- Upcoming DIF Hot Takes from ITU SG17, Identity Week, NeoCypherpunk Summit, and DICE 2026.
- DIDcomm survey results to be released! (There's still time to fill in the survey if you're using DIDcomm.)
- Grace and Juan weigh in on ITU participation
With all of this action, the Working Group section is based primarily on the inputs from the working groups themselves, rather than a summary from the DIF staff. For Working Groups who would like their sections to be longer and more detailed, we strongly encourage you to write up your monthly summaries and submit them to the DIF newsletter.
Universal Resolver Task Force
DIF members have rallied around the cause of the Universal Resolver, resulting in a Task force that is taking over the server management in the short term, while they come up with long-term solutions for Universal Resolver. More details below in the Identifiers and Discovery Working Group section.
DID Recommended Methods Announced
did:webvh and did:webplus are the first to pass the DIF vetting process for Recommended DID Methods. The effort to create DID Recommended methods was launched together by DIF, the Trust over IP Foundation, and the W3C DID Working Group in 2024. While only two methods have made it over the line, several more have been submitted or are in the pipeline.
ITU Takeaways
Grace and Bumblefudge attended an ITU plenary session in Geneva as observers, to see how DID- and VC-based proposals for standardization were faring in the cradle of X.509 orthodoxy and multi-stakeholder governance of scalable identity.
Juan’s Take: We saw presentations about national-scale PKI deployments that pseudonymize end-users as DIDs and track many issuers, as well as an interesting presentation from Huawei about a pilot using a smart-watch “DID Wallet” to present lightweight identity attestations across language barriers in an international athletics context, presenting those VCs over EUDI/OIDC4VC protocols. (While there are many languages involved, it’s a use case with thankfully simple issuer governance, short expiry dates, and not too many verifiers to coordinate, therfore perfect for a tech-stack prototype). We heard about some fascinating research ideas from NXP Semiconductors, various identity companies, and R&D departments of multinationals, including an update from the Thales-Google project that presented to TAAWG last month. Nuances of unlinkability and the exact details of software supply chain authenticity and revocation mechanisms were table-stakes, and more than one claim was dismissed as "unverifiable marketing speak". It was great to see the ITU community trying to find scaffolding, ontologies, and new conceptual models for how to measure trustworthiness in agents; the challenge in finding ITU approval for decentralized tech stacks hinges, however, on proving layer-by-layer that alternate trust infrastructures can be as auditable and governable as the good old X.509 that powers so much of our modern world at scale.
Grace’s Take: The ITU is making efforts to seriously address the problems around Agentic AI, Identity and Security. As part of that effort, they have decided to create a Focus Group that will be open to the public to research these areas. This is a welcome side-channel to the ongoing work happening within Study Group 17, where issues of AI and Identity are moving towards standardization.
It was encouraging to see the work on DIDs and AI coming out of Korea and China. For me, this brought up some questions regarding how "soft power" mechanisms within our international systems exhibit biases toward different cultures and economies. Organizations such as ITU, IETF, and W3C are built on the idea that to show validity as an international standard, it's necessary to show at least two unrelated implementations. This assumption is important to avoid collusion where a large entity (government or company) brings in a partner who is being paid to say that they have an independent implementation, when in fact, it's one business case with two name tags. That model is challenged today even in the Global North, where corporations are so large that they can set de-facto standards and influence governments. In some countries, such as China, it's always been difficult to differentiate between a "government" versus "corporation," as ownership stakes between the two are not as distinct as in Europe. Given the changes in the global landscape, does it make sense to reconsider what is considered adequate for an international specification?
A more important issue, from DIF's perspective, is the question of Open Systems. When it comes to East and Southeast Asia, many of the organizations use open standards in ecosystems that aren't entire open or competitive. Larger corporations and telecoms may be using DIDs, but they aren't using them in a way that is practically interoperable with other systems. For that reason, there is no possibility, and also no real need to make them into an international standard. We've seen some implementations in several countries where the implementers have no desire to share in a public or open source way. This is the main barrier to adoption at an international level. Even here, though, there's a level of nuance, where we see in the international community that large corporations dominate the mobile phone operating systems and app stores. The choices of "open standards" are limited by soft power, so what looks like an industry standard was implemented with some level of "lack of choice," if not outright market-power coercion. As the open source community, we are somewhat culpable for not implementing a stack that could securely and easily be adopted by larger entities. In other cases, there was no coercion involved, but concentration of power unintentionally emerged, such as in the case of TLS being dominated by a tiny and shrinking circle of mega-capitalized vendors, as a participant at the ITU called out in the plenary.
At DIF, we have always insisted both on "open systems" and the "two entity" rule. We require two interested entities to start a Working Group or Work Item. Is that still valid today, when the large corporations collaborate with each other and the governments? Moreover, do we need to rethink how we consider this rule in a world where we are now aware that different cultures think about this differently? There's no clear answer, and we are probably at least half a year away from seeing how the ITU will address this issue.
As DIF, we are excited to see the potential for a DID-based Agentic AI standard to be making its way through the ITU. These specs are still in early stages, where quite a bit of additional work needs to be done to have them presented in a format that meet the needs of an ITU specification. It's not just a question of the "rule of two" but also a question of making sure these standards adhere to the longstanding governance requirements that have given the ITU its global standing as "regulation-ready". Although DIF is miniscule in size compared to the entities that drive most ITU work, we are looking into what our role might be in helping bridge the gap between these initial presentations and their eventual adoption.
Working Group Updates
DIF Members are welcome to join and participate in any working group. Most working groups meet on a weekly basis, and the most active groups have task force meetings that focus on specific work items. All public meetings are recorded and you can find all of the information on our working groups here.
Creator Assertions Working Group
The Trust Task Force reported progress on adding governance-backed assertions and two new processing hooks, with the chairs planning to finalize changes for presentation next week. The Verifiable Credential Task Force continued working on CBOR payload specifications and discussed archival-quality identifiers to ensure long-term verifiability of claims. The Consent Task Force published version 0.21 of the consent assertion specification and identified the need for consistent definitions of terms like creator, rights holder, and subject across CAWG specifications. The group extensively discussed a proposed definition for archival-quality identifiers. The group is planning to incorporate a comprehensive set of definitions into the identity assertion specification and discussion of aligning CAWG terminology with C2PA definitions.
CAWG had an extensive discussion about defining "creator" in the context of digital assets, with Erik presenting a proposed definition that sparked debate about whether organizations should be considered creators, particularly in commercial contexts. Several pull requests were reviewed, including network traffic policy requirements, archival-quality identifier terminology, C2PA version updates, and X.509 verification section modifications to avoid status code conflicts with C2PA.
Trusted AI Agents Working Group
The Trusted AI Agents Working Group has been chugging along iterating on and cleaning up two clusters of work items, the KYA-OS specification and reference implementation on the one hand, and the Delegated Authority Reports on the other.
KYA-OS has cut a v1 which is working its way through working group feedback and Steering Committee approval at time of press, with a roadmap for defining extension points (such as pluggable support for arbitrary additional DID methods, [delegated] authorization languages, etc) and hardening them as DIF members author or inform extensions at various levels. (Cheqd is the first to add their own compliance-focused DID method, and notably their extension avails itself of DID-Linked Resources, i.e. complex DID URLs for fetching verifiable information via a did:cheqd resolver).
The Delegated Authority task force, having a complete draft of their problem space report, a complementary threat modeling guide, and a distinct governance considerations report problem space’s terminology and evaluative framework (see members-only Slack for draft sections of this research). Taken together, this suite is really a significant contribution to the research literature, and we hope it will change the conversation around making agents and their harness genuinely trustworthy (and objectively gradeable) by making authorization powerful enough for runtime chaos (and KYA-OS).
Ideas for a new work item around machine-readable policy, as well as a position paper or blog post about bad habits and momentum from the golden age of bearer tokens, are being discussed, but no working group consensus to collaborate on a defined work item have emerged from either.
Hospitality and Travel Working Group
DIF announced the preliminary draft release of the Hospitality Travel Profile (HATPro) open-source schema. HATPro is designed to enable a consumer of hospitality, travel, and/or leisure services to create once, and to communicate to any supplier or intermediary, their highly detailed identity information, needs and preferences. The schema is now fully published for use by developers. It includes all critical core identity information as well as extensive modeling of food and beverage preferences and allergies for more than 1000 ingredients and cuisines, and categorization of activities. Input from early adopters is encouraged and will help the group prioritize any requirements they have that are not already addressed.
The executive summary, overview, and implementation guide (updated for the current version) are available on the Hospitality and Travel WG Website.
DID Methods Working Group
The DID Methods Working group hosted the second “deep dive” presentations for both did:ethr and did:cid. Both DID methods are in their home stretch, dotting the last of their Ts and crossing the last of their Is across various github repositories and registries. The did:ethr presentation includes a helpful hands-on "about did:ethr" mini-website with all relevant links on the final page.
If you haven’t been following along, now is a great time to read their respective “findings documents” for overviews of (and links to) their presentations, and comment on the Pull Requests linked above to show support or get in any last-minute questions that arose for you watching the recordings. did:hedera (based on the Hedera Hashgraph, which is a decentralized global acyclical graph data structure rather than a traditional linear blockchain) is also in the queue, and volunteers are being chased down for did:key and did:peer to round out the roster with some different kinds of DID method.
Identifiers and Discovery Working Group
A temporary task force has emerged to do work on the Universal Resolver, make technical changes and direct users to commercial solutions for production-grade resolvers. As this Task Force has been put in place, DIF will continue to maintain its public instance of the Universal Resolver.
- The Did:webvh community keeps iterating on and discussing designs for reputation systems on top of the web-hosted Verifiable Data Registry, and the code donations for those cross-compatible VDR servers keeps pouring in (with feature-complete Java and Dart versions now V1-stable and managed through DIF's github organization; keep an eye on our blog for a forthcoming piece about these).
- Several DIF members are working on commercial solutions and collaborating on the task force. For DIF, this is an important indicator that this is a highly valuable task force for our members, indicative of DIDs becoming commodity infrastructure for some markets. For example, ThisDID.com, which is proposing a new design for the DIF-hosted Resolver, works hand-in-glove with the "blockchain explorer" for the Algorand virtual machine, and gets much of its traffic from Algorand-ecosystem developers investigating (or debugging) on-chain records and histories of on-chain actors, while DanubeTech's Uniresolver.io and VidOS have been supporting research and production deployments on a more classic SaaS tooling model as developer tools.
- Expenses are stable, though still high. We have started to get better stats about the Universal Resolver, but we have found that the bulk of the costs are for compute, specifically, for running so many heterogenous drivers, many of which cost almost as much to run idle as to run under load. There are a number of services we can reduce and eliminate in the short term to further reduce AWS costs. The task force is looking into technical solutions to reduce more costs in short term.
- A load-balancing architecture has been proposed to use very low cost storage that can replace the current AWS server cluster, for dramatic cost reduction and easy maintenance. Additionally, metrics for studying cost (and comparing the classic resolver to the TypeScript variants, for which fewer drivers have been submitted) are also being proposed as a work item of the task force; this may validate that many of the more expensive-to-run servers can be drastically cheaper in a different "form factor", or cheaper run on one cloud provider than another. If this turns out to be the case, the Task Force could document a few exemplary refactors/cloud-migrations, and encourage the developers of prior drivers to convert their existings drivers to get more uptake. To contribute or inquire about any of these efforts, find MG (from ThisDID.com) in the #universal-resolver channel on DIF's Slack server, or just attend the every-other-week UR call on the DIF calendar (note new time).
Claims and Credentials Working Group
DIF is working on a specification for "DIF credentials" (i.e. externally-presentable credentials that attest to contribution or participation history in DIF) as a way of prototyping some of the DID and VC toolings DIF has hosted or contributed to in recent years. If you're interested in getting involved, please reach out via email to ed@.
If you are interested in participating in any of the Working Groups highlighted above, or any of DIF's other Working Groups, please click join DIF.
📢 Upcoming Events
ITU SG17: Hot Takes with Grace Rachmany and Juan Caballero
📅 10AM Pacific Time on June 29, 2026
📍 Live on Zoom
Check the DIF Calendar for more details
AI for Good (ITU event)
📅 July 7-9, 2026
📍 Geneva
Event information
Dweb Camp
📅 July 8-12, 2026
📍 Alte Hölle, Germany
Event information
GDC 2026
📅 September 1-3, 2026
📍 Geneva, Switzerland
Event information
Tickets
DIF will be supporting applications to speak until the end of June. Tickets for DIF Members are limited, so if you register, we may ask you for more details before approving the application.
Identity Week America
📅 September 2-3, 2026
📍 Washington, DC
Event information
👉Are you a DIF member with news to share? Email us at communication@identity.foundation with details.
🆔 Join DIF!
If you would like to get in touch with us or become a member of the DIF community, please visit our website or follow our channels:
New Member Orientations
If you are new to DIF join us for our upcoming new member orientations. Find more information on DIF’s slack or contact us at community@identity.foundation if you need more information.
