[MINUTES] CCG Weekly 2025-09-16 from meetings@w3c-ccg.org on 2025-09-16 (public-credentials@w3.org from September 2025)

From: <meetings@w3c-ccg.org>
Date: Tue, 16 Sep 2025 15:05:56 -0700
To: public-credentials@w3.org
Message-ID: <CA+ChqYfXu4L4m8PWQZtMq8ejmAfY+yYc03s4aN6GDRq2N838_g@mail.gmail.com>
CCG Weekly Meeting Summary - 2025/09/16

*Topics Covered:*

   -

   *Center for Digital Public Infrastructure (CDPI) Presentation:* The main
   focus of the meeting was a presentation by Lina Hadboun and Anusree
   Jayakrishnan from CDPI. They detailed CDPI's work supporting governments in
   building digital public infrastructure (DPI).
   -

   *CDPI's Approach to DPI:* CDPI provides free, product-neutral
   architectural guidance and support to governments, focusing on open-source
   solutions where appropriate. They emphasize a phased approach, often
   starting with low-risk, high-impact projects like digital credentials.
   Their "DPI as a Package" solution accelerates deployment.
   -

   *Verifiable Credentials:* A significant portion of the presentation
   highlighted the use of verifiable credentials (VCs) as a key component of
   DPI. CDPI emphasizes the versatility and relative ease of implementation of
   VCs for various use cases (education, healthcare, etc.).
   -

   *Challenges and Opportunities with VCs:* Discussion included challenges
   surrounding issuer revenue models in the transition to VCs, establishing
   issuer authenticity and trust, revocation mechanisms, long-term key
   management for VCs, and schema interoperability. A cross-border VC pilot in
   Latin America and the Caribbean was mentioned.
   -

   *DPI Architectural Principles:* CDPI's approach to DPI emphasizes
   interoperability, minimalism, inclusive ecosystems, federated and
   decentralized architectures, and security/privacy by design. They contrast
   this approach with government monopolies and private sector monopolies,
   advocating for a balanced ecosystem.
   -

   *Digital Identity:* The presentation addressed common misconceptions
   about digital identity, emphasizing the importance of building on existing
   systems rather than starting from scratch, and focusing on foundational
   identity rather than replacing all existing ID systems. The successful
   Aadhaar system in India was used as a case study.
   -

   *Data Sharing:* CDPI advocates for tailored approaches to data sharing,
   distinguishing between personal data (using VCs and APIs) and non-personal
   data (using federated data marketplaces).

*Key Points:*

   - CDPI offers practical, hands-on support for governments building DPI,
   often starting with verifiable credentials.
   - Verifiable credentials are presented as a low-risk, high-impact entry
   point for DPI implementation.
   - Several challenges related to the practical implementation and scaling
   of verifiable credentials were identified and discussed.
   - CDPI's approach to DPI prioritizes open standards, interoperability,
   and a balanced public-private ecosystem.
   - The Aadhaar system in India serves as a successful example of DPI
   implementation.
   - CDPI emphasizes the importance of usage and demonstrable value in
   driving DPI adoption.

Text: https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-weekly-2025-09-16.md

Video: https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-weekly-2025-09-16.mp4
*CCG Weekly - 2025/09/16 11:53 EDT - Transcript* *Attendees*

Alex Higuera, Anusree Jayakrishnan, Art Finch, Benjamin Goering, Erica
Connell, Fireflies.ai Notetaker Ivan, Greg Bernstein, Harrison Tang,
Hiroyuki Sano, JeffO - HumanOS, Jennie Meier, Jonathan Bryce, Kayode Ezike,
Leo Sorokin, Lina Hadboun, Parth Bhatt, Phillip Long, Przemek P, Rashmi
Siravara, Sharon Leu, Ted Thibodeau Jr, Vanessa Xu, Venu R, Will Abramson
*Transcript*

Harrison Tang: Hey Lena, thanks for joining us.

Will Abramson: Hey, It's good to see you.

Harrison Tang: Lina, you might want to check your sound or if you have a
presentation, maybe we can double check the setup.

Anusree Jayakrishnan: Hey Harrison. Hey Bill. I'm Madashri. I'm Da's
colleague. Let me just text her and…

Will Abramson: Cool.

Anusree Jayakrishnan: see what's up.

Harrison Tang: Sounds good.

Will Abramson: Maybe she just knew it and she's trying to speak to us.

Lina Hadboun: Hi. Can you hear me?

Will Abramson: Yep.

Will Abramson: Got you now. How you doing?

Lina Hadboun: Perfect. Bye everyone.

Harrison Tang: Hello.

Will Abramson: Okay, we'll get started in just a couple of moments and Lena
will have some administrative stuff for the first five minutes and then
I'll hand over to you and you guys can talk to us.

Lina Hadboun: Sounds good.

Will Abramson: Cool.

Will Abramson: Should we get started? Harrison. Cool.

Harrison Tang: Yep.

Will Abramson: Thanks Welcome to today we have Lena and Anushri here.
They're going to talk to us about the Center for Digital Public
Infrastructure. before we get into that, I'll just run through our
housekeeping. So first up, code of ethics and professional conduct. treat
people with respect. let's continue to foster a warm, friendly,
collaborative environment here at the TCG and on the mailing lists. I think
everyone's great at this, but let's continue to do so.

Will Abramson: next IP note. So anyone is welcome to participate in these
calls. However, substantiative contributions to TCG work items will require
that the contributors are members of The credentials community group with
full IPR agreements signed. It's a pretty straightforward process. But if
you are wanting to contribute to any work items that are under the CCG, you
will need to do this.

Will Abramson: So just reach out to us if you have any questions and we can
help you with that. so these call notes are shared after We have Google's
AI bot transcribing this call and the call is recorded. So within 24 hours
you should all get an email that kind of shows you that transcription and
has a link to the recording if you want to rewatch it or you're welcome to
share this with anybody. this is public record, right?
00:05:00

Will Abramson: this meeting happens in public record. Next, introductions
and reintroductions. Is there anyone new to the community today who'd like
to say Or anybody who hasn't said hi to us for a while, just wants to be
friendly, please jump on the queue. Okay, not seeing anyone. I see it's
quite a small group today, so maybe we'll move on. announcements and…

Will Abramson: reminders. Does anybody have any announcements for the
community or…

Harrison Tang: Yeah, we will just a quick preview.

Will Abramson: reminders that they'd like to share?

Harrison Tang: We will have the quarter three kind reviews and updates.
you're not rob …

Will Abramson:

Will Abramson: Okay, I'm not hearing anyone. So final thing Is there any
work item updates that we want make people aware of? I don't have anything
for the community today, but I don't see Mano on the call. So maybe also
nothing. Harrison, you're a bit robot.

Harrison Tang: So we will have the core core three review and work item
updates next Tuesday. Yeah.

Will Abramson: Harrison. maybe it's me.

Harrison Tang: So if you are leading any of the work items please just help
us update the presentation deck. Thanks. Yeah. Yeah.

Will Abramson: Sorry.

Harrison Tang: just going to say that there are two weeks later we'll have
the quarter three review and…

Will Abramson: I had some audio issues there, Harrison, but I think it's
okay.

Greg Bernstein: So I. Couldn't hear it.

Will Abramson: I thought it might have been I think Harrison was just
reviewing our upcoming meetings,…

Harrison Tang: work item updates. So yeah,…

Will Abramson: right, Harrison? Maybe I can talk to this all,…

Harrison Tang: if you are leading one gu items please help us. Yeah.

Will Abramson: but Harrison, we can't hear you, so I'll talk to them. Yeah,
I think what Harrison is just trying to say is, our upcoming agenda of
calls, particularly on the 30th of September, we will be having a Q3
quarterly review where we'll focus on the work that this community has been
moving forwards in the last quarter. yeah.

Will Abramson: So yeah, I don't know why that was Harrison, but we kind of
had some robot voice coming through. Maybe it's fine. I guess we will send
out a reminder to folks who are leading work under the CCG to provide us
input to this call. and with that, I think I'll hand over to you Wena and
if you want to share your screen or anything like that, feel free to go
away.

Lina Hadboun: And hi everyone, showing my face for the beginning. super
happy to be here. I'm Lina from the center for DPI and really happy to have
this opportunity to talk to you guys. we met with Will back in Geneva and
he told me about this group during the conference for credentials and it
sounded very cool and I was really happy to have this opportunity to talk
to you guys and also hopefully to collaborate in the future and be in
touch. So feel free to reach out as I'm happy to be here also today with An
so I work on country preparation but Anistri is one of our tech architects.

Lina Hadboun: So she's here as well to introduce some of our work. yeah, so
maybe before starting my role in the organization is to work with a lot of
our activities for franophhone Africa. So as you can tell from my accent
probably I'm franophhone and also a bit in Latin America. So I do some
countries of the Caribbean including Barbados, Mexico and before joining
CDPI which was a year ago I worked at the UN and so yeah my background is
more international relations and public policy. So the angle that I'm going
to present on today is more on the policy perspective rather than a very
technical one. But we also have an will tell you a bit more about the
credential work. So let me share my screen.

Lina Hadboun: Give me a second.
00:10:00

Will Abramson: Yeah, that was good.

Lina Hadboun: Can you see it? Awesome. So, yeah, today basically I want to
talk to you a bit about what CD is doing. the approach that we have in our
work with countries and maybe deep dive a little bit after on our
activities on ID and credentials as well mentioned would be of interest to
you guys. So who are we? What is CDPI? First of all we are a proono DPI
tech architecture organization. So we are philanthropically funded.

Lina Hadboun: So we are proono we able to give free advice to countries
that we work with. we're based out of an academic center and so because
we're proono we're able to have this software approach and product neutral
approach. So We're not trying to push any specific products. we do focus of
course a lot on open source tools but not exclusively if a proprietary
solution is better for a country will advise that so our team very global
as you can see lots of practitioners working all across the world Asia,
Africa Europe and Latin America. A lot of our staff has experience with
rollout in their own countries.

Lina Hadboun: so a lot of people that have actually built DPI systems. So
for example our chair promot is one of the chief architects behind ADAR in
India and we also have Daniel who he built a lot of the existing DJ systems
in Argentina. So we're not talking just Yuri who bring a lot of practice
from building and from the field. So the countries we work with it's a lot.
We're working with about 30 governments across many countries. we've
already supported maybe in the past probably double 75 even in some ways
that we've interacted with. and the entry points are often government that
come with identity payments or credentials and these are generally the
doors that open with everything else. so yeah we've seen recently a lot of
momentum.

Lina Hadboun: I think it's a period that a lot of governments are trying to
execute a lot of transformations quickly and so they're looking for a
partner that they can learn from, people that have experience with rollouts
and that they can partner with. so when I say government by the way I mean
often government it comes through the form of ministry of IT or ministry of
digital transformation but not exclusively. Sometimes it's different
ministries like education, health, it can be justice, it can be even
central bank. So for payments, so a lot of different pathways. so what does
our support look like in practice? So countries come to us, they look for
architectural guidance as I mentioned, question how can we build a system
that's inclusive, that's minimal, but that we can still scale. it can be
very general.

Lina Hadboun: so we're trying to build a DPI road map for the whole
country. can you advise us on it? That's what we do for South Africa.
That's what we do for Mexico as well. But it can be also very targeted and
very specific to a ministry or specific issue. so for example yeah
comparing solution for a specific problem we want to implement a digital
platform should we go with open source should we go with apg or should we
go with this private solution and then we're able to give recommendation
based on that can be technical requirements for a specific wallet
assessments on DPI principles like somebody's trying to build something
they can come to us being like hey can we be sure that this is scalable for
the whole country etc.

Lina Hadboun: So it can be very general and it can be also very targeted
also on safeguards and governance. and more policy issues I would say. So
how to have different ministries cooperate correctly? How do you design
with inclusion in mind right from the start? So as I mentioned it's a lot
of technical question but also governance questions. so we recommend also
usually on the approach to try to start with small minimal use case for
example credentials and then use open standards and other can plug in. So
we're not trying to really do prescriptions we're trying to have more of a
playbook that we can recommend. and also to a big thing that we're trying
to advise on policy side is usage especially more than issuance.
00:15:00

Lina Hadboun: So making sure that the systems are addressing pain points
from people that they're going to be used etc. and yeah and also a lot of
risk adversity from countries like a lot of people know the potential that
DPA DPI has they've seen example from India from payments for Brazil but
they also know that if they try to recreate these systems on their own it
can be risky financially and it can be risky politically as well. So they
don't want to spend many years and millions of dollars only to find out
that the designer was kind of flowed and that it's too late to go back. So
that's where we come in and we advise country on a case by case basis on
whatever they need. And as I said we have the chance to be neutral and open
source oriented and completely for free. So if we remove a bit of that
financial elements that we're not charging the countries and also they're
not getting monies money from us.

Lina Hadboun: So So when we remove that financial element, there's a lot of
trust. so that's a really good position to be in to advise for the best of
the systems. so that's our engagement model that we have for what we call
advisory and we created on top of that model also a different way to
implement DPI which we call DAS DPI as a package solution and it's a way of
helping countries to set up modules for DPI quickly without having all the
risk of starting from scratch.

Lina Hadboun: So a big challenge that countries have is that procurement
and custom builds really take a long time for them. it can take up to two
years in general before they even start building anything. And a lot of
governments, with election cycles and politics, they don't want to do
projects that take six years. They want something that they can show really
quickly. So with this system of packaging and compressing cycle we are able
to do something that can be rolled out in a couple of months. So we
prepackaged DPGs with other essentials. So we have playbooks, we have
policy templates, service providers that are trained as well and legal
participation terms and also access to funding which is not insignificant.

Lina Hadboun: So we package all of that and this is really great for scale
for rolling out quickly. So we use DPGs so it's not green field build. it's
also cloud agnostic. It can be private, hybrid and the aim is to have
something that can be deployed very fast and it preserves for the country
the ownership of their data of their operation etc. So right now we're
offering three modules. We're hoping to offer more officially very soon.
But the three modules that we have that can be deployed in a few months are
digital authentication. So adding secure method of authentication to
existing ids. That's the first one. Then we also have mapper. connecting
beneficiary IDs to financial accounts with APIs. And the last one is
digital credentials.

Lina Hadboun: So issuing and managing VCs with wide support. So
credentialing is a really good use case that we have. it's one of the one
that we have the most demand for. it's quite low risk. it has a lot of
value. It's a good starting point. So every country already issues
certificates So birth certificates, marriage, education, all of that. So
just moving them to VCs is very simple and quite safe politically.

Lina Hadboun: I would say and it touches everyone and it has very good
impact. So it's a good way to show value very fast and then build momentum
for the rest of the stack. So we like to start with a small use case and
then there's adoption and other ministries sees what the first one is
doing, they want to buy in. So they use it as well. It's reusable and
really love credentials as a way to start. so this package models I was
mentioning, it. we started last year so we already have several countries
that are putting it into practice. one of them wanted to give an example is
Trinidad and Tobago. so they're doing verify credential as I mentioned it's
very popular. so we work with the ministry of digital transformation in
that case and they're setting the policy direction and there's a national
company that's deploying and managing inep.
00:20:00

Lina Hadboun: the NG is the DPG that we're using for this fast roll out. so
yeah, the platform is going to give capabilities for issuance storage
verification of the credentials and the government wanted to begin with
education because there was a clear pain point as I mentioned trying to
find a use case that people really find immediate use they've on boarded
several institution the University of Trinidad and Tobago and another one
and a skilled programs as well.

Lina Hadboun: So all of the degrees and the certificates from this
institution they will be issued at VC and importantly also it's not a pilot
it's not an experiment it's something that's already the legal equivalent
to paper documents so it's already fully recognized by the government on
design all the credential will be delivered in different formats QR code
PDF etc JSON file and different channels so it's going to be via wallet of
course, but also portal sent by email and it can also be printed and
delivered in person. and it has really good opportunities for scaling up
not only in terms of users but also having additional issuers and
verifiers. it will be also integrated with platform that do for employment.

Lina Hadboun: So it can be used basically directly in the labor market and
the government will also train his public servants so that they can fully
manage the system themselves after the very ambitious road map. I think
they want to do 1 million users by next year and expand the system to other
government agencies in the next couple months years and have also private
sector of course. So the system was built not just a technical upgrade but
just really they want to change how records and services will be managed
through the whole economy.

Lina Hadboun: So yeah, that's a bit of an overview of how CDPI works. we go
well beyond just giving advice. Basically, we're sitting with the
governance to help them design and roll out for the core digital rails. But
at the same time, we make sure that we also share lessons really well. are
you able to hear me?

Will Abramson: Yeah, I can hear.

Lina Hadboun: Okay.

Will Abramson: It's all good.

Lina Hadboun: Skipped a slide. So, we try really to have a lot of the
lessons that we learned not only from our staff that has, so much
experience, but also from all the country work we've done for the past
years. we try to really share this. It's sort of learning in progress. and
we try to capture the things that work, the pitfalls, the risks, etc. And
we try to share that knowledge as much as possible.

Lina Hadboun: so we have a lot of trainings we do workshops, deep dives
with countries for example we love to find a country that does something
really well and try to give them the opportunity to showcase to other
countries. So I don't know for example we had Benen recently we did an
amazing platform on data exchange for government and so we do workshops
with African countries that can directly to government ask questions and
try to get inspired but also learn from what they did. we also have a DPI
wiki which I encourage you to check out.

Lina Hadboun: it's a repository where we put all of our basics on DPI but
also a bunch of playbooks, blueprints. it's publicly available. So happy to
also get input from you guys on it if you have ideas for things that should
be added there. so yeah, basically we help shape a bit all a bit of the
ecosystem around DPI, not only country work. We bring a lot of people So
tech providers, government, open source, projects, etc., in addition to
packaging DPI for robots. And our goal basically is just to make sure that
DPI gets built a bit better. And our bias is really trying to work with
countries that have high chances of implementation. We're trying to because
we're a small team, so we're trying to select or work based on what we
think has good chances of succeeding.

Lina Hadboun: then I can tell you a bit more about how we work. I know that
many of you are probably very familiar already with DPI but I wanted to
share how at CDPI we are pitching it to countries and how we frame it and
hopefully it's still interesting. So when we talk to governments we often
do the comparison you guys you have physical infrastructure roads power
lines like the cell towers etc. and in the digital economy you have
equivalents. These are identity, payments and data sharing. So just
physical infrastructure you should invest and make sure that these rails
are into place and then all the markets will be organized around them. U
but yeah unlike roads etc it's much faster to deploy it's easier to scale.
It's much cheaper and when it's done correctly it can have incredible
effects.
00:25:00

Lina Hadboun: so yeah so basically when moving from platforms to open
networks with protocols and standards So the same way the mobile networks
were built the open standards had amazing waves of innovation that they
triggered and it reshaped economies. So really trying to convey that the
idea that you cannot have a physical infra that can drive as much
innovation as adopting these open protocols. So that's our inspiration to
have minimal layers that other can build on and not have fragmentation. So
that's what we pitch like as an ecosystem approach. Okay.

Lina Hadboun: So when we talk about DPI from two countries or anyone even
for academia etc we like to break it into these five categories. sometimes
it's three with just payment data sharing and identity but we had to do
extra so we have these five u identifiers and registries. So, people,
business, land, objects. it's not really the form, it's just the fact that
they're reusable, that they're verifiable, just an ID that you can
authenticate and it can be online or then payments. So, the rails that
makes value move the same way that information is moving and we want to
have that any account to any accounts provider borders doesn't matter data
sharing.

Lina Hadboun: So consenting for data sharing obviously but also having open
APIs standards for NPD and having verifiability as a core mechanism trust
in FRA so yeah digital signature PKI constant artifacts it's just what
ensures that there's integrity and provenence across all of the other
layers and finally discovery and fulfillment. So basically the APIs that
make the system usable to register a business to book an appointment in a
clinic apply for a license, join the marketplace. basically what translates
infrastructure into daily services. So they're not really silos. they
overlap and they reinforce each other. yeah, so we like to see to visualize
them as building blocks.

Lina Hadboun: So many vertical layers can be added to the blocks with the
same principle to have u building and then governing it well and then
activating the market and of course I know it's a lot of categories but
it's not really like silos we know there's a lot of crosspollination
between them for example digital signatures in the trust layer they're used
everywhere the consent flows they apply to ID and beta as well payments can
be thought

Lina Hadboun: of us a data exchange type. So the point is not to create a
lot of verticals. It's just to make sure that the rails are universal that
they can be interoperable and reusable. So the categories we just talked
about, so identifiers, trust, payment data, etc. discovery, they only work
if they sit inside of the right environment. So obviously you need the
technology layer, the standards, protocols etc. without that you just have
digital silos. But the tech alone is not enough. You also need markets. You
need an ecosystem of innovators who will actually build the services on top
of it and that's where you really get inclusion and that's where you really
get value. if only the state only the government is building there there
won't be any evolution.

Lina Hadboun: And finally you need frameworks that are very transparent
accountable trusted etc. this is the part that addresses all the problems
with inclusion privacy competition etc. and governance we like to think
about it as not just having a law on paper. it's more like the day-to-day
rules that make adoption possible. So who owns the rails, who can reuse
them, who expensive it is to plug in, the responsibilities in case
something go wrong, the feedback, etc. So because the legal aspect matter,
but they're very slow and they have to catch up on technology. So you also
need the mandates so that you have the right people in charge, the right
ministry, communities sometimes, and then of course like the code itself.
00:30:00

Lina Hadboun: So things like consent flows, audit logs, all these things
that enforce accountability by design are super important especially in the
context where the legal legislation aspect is really lagging. So you need
the code itself to have this safeguards. So when all of this is lined up,
all of these layers are well done, then you have a good environment to have
a solid DPI. without them like you you won't have an easy technology
implementation like it will probably stall.

Lina Hadboun: Then finally some of the architectural principles that make
DPI different from a standard IT project because a lot of time governments
think DPI but they're actually just talking about digitization of
government. So just translating to just digital but not really having a
true DPI aspect. So these elements that we use to help them distinguish
between actual DPI and you're just digitizing are these So first one is
interoperability. So being driven by specifications the goal is to have
network effects and having open protocols to prevent monopolies etc. So
that's the only way to get at the same time scale and also competition.

Lina Hadboun: then minimalism we always preach for starting small. what I
was mentioning earlier we try to start with something small that gets a lot
of adoption and then can be reused. and we don't try to predict every use
case possible or build a full stack portal. We create very small highress
components like Lego pieces and then you can reuse them and combine them in
many way. Also it keeps the cost down. So when you're in government that's
always a very good argument and makes way easier. diverse inclusive
ecosystems yeah so just that the infrastructure is not the end product in
itself. It's not like the ultimate goal to have DPI the goal is to have the
ecosystem build the products on top. So it has to be able to support
multiple modes of access.

Lina Hadboun: So yeah, online and offline smartphones or how do they call
the future phones. having all of that is super important. it's not to build
just for the 10% of users that do have a smartphones. it's enabling the
ecosystem to innovate for everyone with API SDKs QR codes etc. fed
federated and decentralized. So yeah avoiding to build a huge giant
database it's safer more resilient and preserve also the autonomy of the
institutions and finally security and privacy by design yeah so knowing as
little as possible for each system encryption etc.

Lina Hadboun: granular consent. that's how you also protect from risk but
also gain trust from the users. And my last point on the DPI model that we
have and the principles we're trying to apply it's just DPI is not about
really choosing between government monopoly or a private monopoly.

Lina Hadboun: So on the governance side, if you just have too much of
governance on the DPI implementation, you can end up with a single provider
just like one ministry or one agency with fully in charge of building full
solutions like end to end. they do get control but it comes at the cost of
not having innovation and the user experience is usually not that and
governance are quite slow as you can guess. So the services as I mentioned
before they tend to lag behind what people expect. private side it's the
opposite. You have big tech platforms and app stores and this moves really
fast. Sure they innovate a lot but you don't get interoperability. You get
a lot of lock in you get antitrust issues and the competition is within the
silos and not across the silos.
00:35:00

Lina Hadboun: so for countries also it creates a big concern with
sovereignty because nobody wants their entire digital economy to be
dependent on one or two vendors or foreign vendors. The DPI approach that
we try to push is really the middle ground between these two. you build
open rails and that can be interperable and they have shared standards.
they have API enabling policies and then you let both the government and
the market innovate on top of that. So you preserve sovereignty you don't
have underlocking and you make interoperability of default.

Lina Hadboun: So yeah, is not anti-private sector. It's not because it's
public in the name that it's anti private sector. It's just about having
something that's like a level playing field and everyone public and private
can build and deliver services and not having one side that captures the
whole stack. and then we mentioned that it would be good to talk a bit more
about identity. So I can make a few points here. So when we think about our
work that we've done with countries on ID, a lot of what we have to do is
fight some misconceptions. there's a lot of fake ideas running around in
the people we work with and generally in the field on building digital ID.

Lina Hadboun: the first thing is that people think they have to build stuff
from scratch and throw everything out and build something completely new
and that's obviously not the case. most countries already have some form of
foundational ID. sometimes it's a physical card, sometimes it's a registry.
but you don't need to rebuild everything. You can just add a thin digital
layer on top. So we suggest often you can have a digitally signed QR code
or credential etc. So that's the first thing that we need to usually work
on. the other thing is also the idea that digital ID has to replace all
other ID in the country. So that's really a technical headache and
political push back because there's so many turf wars between different
ministries.

Lina Hadboun: sorry that have their own ID and want this one to become the
main one. So you just need the foundational ID that proves who you are and
that's the only thing it needs to do and then the other systems for example
driver's license or your tax ID or your health card etc. they keep their
attributes and they do their job. So the functional ID should strengthen
and not replace any of the systems. then the last point also on idea that I
wanted to make is that we have to fight also this misconception that
digital ID it means that you have to get this really expensive card with
chips and holograms etc and that we really have to convey that the security
doesn't really live in the plastic but rather in the cryptography.

Lina Hadboun: so it's some struggle with the idea that you can have a A4
sheet of paper with a digitally signed QR and we thought yeah it's just as
verifiable and what matters is is that it's digitally checkable and secure
and not that it's really high deck or expensive. So that's a bit of how the
approach for pitching to countries on I can also talk to you a bit more
about India on digital ID which is one of the amazing examples we have of a
successful DPI design and especially for adoption which is what I mentioned
usage is the most key thing.

Lina Hadboun: So back in which year was it I want to say 15 years ago when
India wanted to build the biometric ID for its population which is over a
billion people it seemed really really tricky to do very complex etc. But
they pulled it off really really well and they were very deliberate in the
design to respect these DPI principles and they kept it really minimal. the
ID in India is just four fields. it's just name gender, date of birth and
address and a photo. but no additional data on I don't know health even
citizenship is delin so that simplicity really mattered and when we preach
minimalism it's also what we mean.
00:40:00

Lina Hadboun: also politically it avoided a lot of fights between
ministries as I mentioned and the system was very easy to understand and
very easy to scale. So they didn't try to do everything from the center.
the authority that was in charge really tried to I mean they didn't try
they succeeded in training and certifying local operators that were in
charge of going across villages and towns and they were paid by enrollment.
So they had a very good incentive to register people. And finally also what
they did really well is that they focused on usage and adurance. and even
at the very beginning of the system being implemented the IDs that were
already issues were already being used to open all these bank accounts and
for G2P payments.

Lina Hadboun: So for government subsidies and so it was so you useful from
the beginning that it really drove demand and it helped built it to what it
is today. So today there's basically 1.4 billion people enrolled. So it's
quite spectacular. upwards of 90 million authentication every day. So
that's really a good illustration of the principles I was mentioning
earlier and why India is often quoted as the example for DPI adoption and
and then from identity you have all this things that are being unlocked
because identity by itself is not that useful it's not enough I would say
if you have your ID in your pocket it doesn't really change your life it's
really useful when you start unlocking something else at the moment you
really need it.

Lina Hadboun: So for India the unlock was payments and starting with a bank
account and then make it usable. and then they added electronic KYC so it
was possible to open accounts in minutes payments and the GDP mapper for
governance subventions. so it was really easy to do and then the usage
really grow. so yeah basically once the rails were in place the government
benefits could reach the right persons really fast into verified accounts.
There was middleman and basically with fewer leakage because of this
middleman. They saved so much money that they paid back the whole system
very very fast. and everyone was able to use the accounts for day-to-day
transactions.

Lina Hadboun: it also closed the gender gap so that the women were able to
get a bank account and yeah it's not really just ID it's just not a card
it's just a capability and yeah it didn't stop at payment because by using
the accounts you also create a history and access because once you have
this history of payments you can also do consent based data sharing. people
can share their bank statement, they can also share their VCs digitally. so
people are able to get small loans at low cost e signatures with eocers
etc. So it really unlocked a lot of things. So just here the lesson to keep
it short is that DPI isn't really just building DPI for its own sake. It's
not the end product as I mentioned.

Lina Hadboun: it's just the idea of having this small minimalist reusable
building blocks and to govern them well and then turn access into use and
then this use is really transformative and that's the difference between
digitization and real transformation. yeah so I think that's it from my
side. I want to hand it over to Annustri who can also tell you more about
credentials. yeah because yeah just same after payments there's also so
many things that can be done. So I will leave it to her and she want to
want to take over

Anusree Jayakrishnan: Thanks, Nida. so I'll just share my screen and
continue from where you left off. so basically as she said credentials have
been part of the most popular DPI blog that we've found to be in our
conversations with countries. Before I get to that, I just want to cover
how do we approach the whole data sharing from a DPI lens. So there is of
course personal data which is inherently private some parts of it is even
secretive and then there is non-personal data and the way we found is that
we need tailored approaches for all these kinds of data not a
one-sizefits-all approach. So for personal data we've found that there are
two common DPI approaches.
00:45:00

Anusree Jayakrishnan: First is user controlled and asynchronous way of
sharing your data which is of course verifiable credentials and the second
is a real time API based data sharing which is often found in open finance
frameworks or even between government to government departments commonly
implemented through Xroad or the likes of Xro

Anusree Jayakrishnan: code etc. and in both these cases user should be in
the center as per the DPI principles and the consent of the user should be
captured whether that's implicit or granular all that would depend on the
tones of the land but there should be a framework to capture consent and
the second type of data is of course nonpersonal data which are anonymized
aggregated open data sets. So how do we collect these data sets and make it
easy for people to discover them wherever they are and create the terms of
contractual negotiation and fulfillment. All this can be done through
federated data marketplaces. that goes back to the fifth category that Dina
talked about a bit earlier.

Anusree Jayakrishnan: the reason why we see verifiable credentials to be so
popular is they are general purpose. If you have one infrastructure in your
country that can be used for anything ranging from digital identity to
academic certificates to even longer transaction history like your entire
medical health records or transaction data like the number of rides that
you have done as a Uber driver which might be able to give you a loan and
so on and so forth.

Anusree Jayakrishnan: Again, they're quick to market. the workflows are not
that drastically different from what people are used to today. So, it's
very quick to market and compared to many of the API based data sharing
setups, and even payments networks and so on, it's very inexpensive. So, as
Selena mentioned before, nearly half of our engagements with countries are
on PCs. Additionally, we also have been exploring and have done a proof of
con concept for crossber credential exchange healthcare VCs with WH and
this is beyond the instant patient summary thing that they have.

Anusree Jayakrishnan: So yeah, so we do see a lot of demand on that and
CDPI has been driving credential scale up through a variety of approaches
because we see the potential of this in terms of how the citizen can
actually benefit. So there is a bit of thought leadership where we go to
countries give trainings as well as put out a few artifacts that are
reusible including vision papers, implementation guides, use cases list
that countries can pick and choose from.

Anusree Jayakrishnan: We've been also organizing a couple of hackathons in
both the Latin American region as well as globally to help more startups
come and innovate in this space in addition to all the innovations that are
already happening and also we've been doing some supply side
reorganizations to get countries to actually get used to sa SAS kind of
model for credentials instead insisting on building the infra in their own
nation because a lot of the countries we interact with have populations in
hundreds of thousands doesn't really make sense for them to have that inra
in subscribing to some sort of an infra with data so data protection all
taken care of.

Anusree Jayakrishnan: the third part is rapid DPI deployment for verifiable
credentials that we have facilitated and it's almost done in both Brazil
and Trinidad and Tobago along with the country advisory. Now I'll just end
with this slide. So we are at a at a government's level we are still in the
early days of implementing verifiable credentials at scale. And I just want
to take a couple of minutes to cover a few of the questions that we see
where there could be more discussion around. The first and foremost
hesitation that we are met with especially from a market perspective is
that today the issuers earned some money by reverifying the nondigital
credential or the physical certificate again and again.
00:50:00

Anusree Jayakrishnan: So is there a way to make sure when we move to the
verifiable credentials world that this source of income is maintained or
the provenence of when and where not when how many times the credential has
been used can be tracked and securely verified by the issuer and some sort
of royalty can be given back to the issuer. Can that be done? That's part
of the question we get really often here. We can think about whether we
should even support this kind of a model because the data is users data
after all and they should be free to do whatever they want with it.

Anusree Jayakrishnan: So we can choose to take opinated views on this but
this is how the market works today and we'll have to make that transition
to a verifiable credentials world smooth enough so we met with lesser
hesitation. The second question is issuer authenticity. How do we re
reliably verify that the institution issuing a credential is indeed ed?
here most countries ask for a chain of trust where they probably trust a
central bank of another country and if that central bank trusts this bank
that I'm interacting with then by default I also trust this bank but how do
you establish that trackable chain of trust with the issuer and link it
back to someone as a verifier actually trust.

Anusree Jayakrishnan: Third is rivetation and misuse. how can you do
revocation at scale without having a middleman or involving any issue to
verify relationship again and how can that be discovered globally across
any applications and so on. And the fourth is for credentials that are
issued decades earlier or that will be used decades into the future for an
academic credential. How can you validate and discover public keys and DIDs
without just relying on public key certificates that are stored on websites
that might be lost once the website is refactored and so on.

Anusree Jayakrishnan: And finally, one interesting pilot we have going on
is a crossber verifiable credentials pilot in the Latin America and the
Caribbean region. So a couple of the above questions come up plus we want
to explore and find answers for how do we facilitate schema
interoperability because everyone has their own interpretation or extension
of even the schema that's on schema.org. So how do we make sure that the
credentials are selfescribing and basically organize all this in a
discoverable fashion universally. so it's been really interesting exploring
all this and understanding the value that credentials bring to humanity not
just as a technical elegant solution but as something very tangible that
ensures low

Anusree Jayakrishnan: cost, high trust. we're even more motivated to
continue driving some of this questions. And with that, I'll hand it over
back to Lina. Thanks,

Lina Hadboun: Thanks and thank you so much for joining because she's based
in India so she has some merit in joining very very late. but yeah that
concludes our presentation. I hope it gave you a bit of an overview on how
we work. and that it wasn't too basic especially for the first part. and
just in terms of you guys, feel free to reach out to me and to industry,
we're happy to also get contributions from you guys, very eager to
collaborate. As I mentioned, we have several articles on the wiki that if
you have thoughts on, we'd be very eager to hear them.

Lina Hadboun: And yeah, thank you so much for giving us the space to
present what we're doing and thanks for having us.

Will Abramson: Yes. Great.
00:55:00

Will Abramson: Thanks, I really appreciate you and Anushi coming on,
especially late in the day. Yeah, we got a bit of time for some questions.
so Benjamin.

Benjamin Goering: I was looking for the heart emoji which I found. I didn't
mean to raise my hands. Sorry about that. good presentation.

Will Abramson: Yeah, it was a fab is I mean you guys are very interesting,
because you are actually building this stuff out in the wild in countries
around the world. So I think you have a lot of practical experience that we
probably in this community could learn from. I had a question which is you
talk about credentials and verifiable credentials.

Will Abramson: do you mean W3C verifiable credentials according to the
standards or do you mean that more broadly as in digital credentials that
have a cryptographic signature on

Anusree Jayakrishnan: I can take that. We do mean both, but of late we've
been trying to get everyone to align to verifiable credentials. And so the
later part of the conversations and engagement would just refer to
verifiable credentials. But we believe there is still some merit in the
digital credentials that were just cryptographically secured even before.
so that is a valid approach but this is a clearly better one as per
alignment with standards is our positioning.

Will Abramson: Thank you. Anyone else have any questions?

Will Abramson: Go for it.

Harrison Tang: Yeah, great presentation.

Harrison Tang: Just curious if you are thinking about hey what are the new
features or room for improvements in regards to verifiable credentials
standard what would they be based on your conversations with different
clients and stakeholders. First,

Anusree Jayakrishnan: So I think I've listen so rather than I think
improvements to the W3C verifiable credential standard itself I think there
is a need to create an ecosystem of trust around the verifiable credentials
to make them more usable in the real world and that's some feedback that we
have been getting with regards to standards I think one pro point I
probably would want to bring out here is how do we address that for longer
credentials like pages and pages of health records not a instant patient
summary that's a condensed version of it with multimodel data and so on.
I'm not sure…

Anusree Jayakrishnan: if there is already an approach to this but I think
that was a conversation we had that I found to be interesting.

Will Abramson: Maybe I have a follow up on that when you talk I think it's
so important right to build this ecosystem of trust around these technical
pieces.

Will Abramson: What kind of advice would you have? you talked about
engaging government and private sector, but do you also find that there are
some really important civil organizations that you have to convince or
bring into the room to make adoption of these systems more smooth? have you
had success with that or even failures where you haven't engaged the right
civil organization and had a lot of push back?

Anusree Jayakrishnan: Do you want to take that?

Lina Hadboun: on other organizations. Just in terms of which organization
are you talking about?

Will Abramson: So sort of like not government…

Will Abramson: but kind of like these civil organizations who are
advocating for civil rights and human rights of their citizens but
typically often against governments right …

Lina Hadboun: Yeah. Yeah. Yeah.

Will Abramson: trying to push back on government's control or I don't know
overreach Then

Lina Hadboun: That's a good question. so in terms of external
organizations, we're working also with UNDP World Bank etc. multi regional
development banks. so they collaborate with us a lot in terms of narrowing
down on the country needs etc. And on the rest of civil society first of
all we need a lot of contacts with innovators.

Lina Hadboun: So we work sometimes with hubs from countries of tech hubs
extra to make sure that there's someone to build on top of what's being
built that there's an ecosystem behind and in terms of the safeguards on
all the things like that's something that I mentioned for governance there
needs to be a legal framework and…

Lina Hadboun: it needs to be embedded in the code as well but yeah we have
some contacts from some countries some academia is often involved as well
they give us some input as well. so yeah it's a full ecosystem that we get
input from and we give advice on that as well for us like security privacy
etc. it should be embedded from the start. So that's also something we look
out for.
01:00:00

Will Abramson: Thanks, Lena. Okay, with that I think we're at time. So,
thanks again both of you for coming on. I really appreciate you taking the
time to tell us about the work you've been doing. look forward to
collaborating in the future hopefully. Lena, I noticed the link you shared
is private,…

Anusree Jayakrishnan: Thank you. Bye.

Lina Hadboun: We'll do and…

Will Abramson: so maybe you can just change it to public and that link
should still work.

Lina Hadboun: and likewise, thank you for having us.

Will Abramson: Cheers. Thanks everyone. See you next week.

Lina Hadboun: Bye everyone.
Meeting ended after 01:01:04 👋

*This editable transcript was computer generated and might contain errors.
People can also change the text after it was created.*
Received on Tuesday, 16 September 2025 22:06:07 UTC