46 min read

Two Standards Bodies, One Presentation Protocol: How ISO and OpenID Are Ending the mdoc-vs-SD-JWT War Without Picking a Winner

Digital credentials split into two presentation protocols, not two formats. How the joint ISO/OpenID DCHP group unifies the wire while both formats coexist.

Permalink

1. The Verifier That Has to Speak Two Languages

A bar in Marseille wants to do the simplest thing in the world: confirm that a customer is over 18 without reading their name, address, or birthday. Two customers hold up their phones. The first presents an ISO mdoc, the mobile driving licence format built by the automotive-and-documents standards world. The second presents an SD-JWT VC, the JSON-based credential built by the web-identity world. To accept both, the bar's verifier app has to implement two completely different presentation protocols, authored by two standards bodies that, for years, never sat in the same room.

Here is the question, far deeper than it looks: why does accepting a digital ID require speaking two languages at once, and what would it take to speak just one?

The instinct is to call this a format war and predict a winner. That instinct is wrong, and the reason it is wrong is the whole point of this article. The customer's two phones are not the problem. Each credential arrives wrapped in its own request-and-response machinery.

To read the mdoc, the verifier speaks ISO/IEC 18013-7's Device Request and Device Response. To read the SD-JWT VC, it speaks OpenID for Verifiable Presentations (OID4VP), an OAuth-shaped Authorization Request and Authorization Response. Two protocols, two code paths, two conformance regimes, two sets of edge cases. That is the hidden two-stack tax.

Ctrl + scroll to zoom
The two-stack tax: one verifier must implement two separate presentation protocols to accept two credential formats.

The tax is invisible in a demo and expensive in production. Every verifier that wants to serve the whole market pays it twice: once to build each stack, and forever to maintain both. And it exists at a layer most people never name, because they collapse two independent ideas into one.

Presentation protocol vs. credential format

A credential format is the document itself: how the claims, the issuer's signature, and the selective-disclosure machinery are encoded (an ISO mdoc in binary CBOR/COSE, or an IETF SD-JWT VC in JSON/JWS). A presentation protocol is the wire exchange around that document: how a verifier asks for specific claims, how the wallet returns them, and how nonces, consent, and transport bind the exchange. They are separate layers. Conflating them is the mistake this article exists to correct.

Once you separate those layers, the headline rewrites itself.

The mdoc-versus-SD-JWT-VC "war" was never a format war. The pain a verifier feels comes from having to implement two entirely different presentation protocols. Fix the protocol layer, and the two formats can coexist untouched.

That fix now has a name and a date. In June 2026, ISO and the OpenID Foundation chartered a joint group, the Digital Credentials Harmonized Presentation (DCHP) Working Group, to develop one harmonized Digital Credentials Request Protocol that carries both mdoc and SD-JWT VC. Its first meeting is Monday, 29 June 2026 [1] [4].

To see why one credential moment needs two protocols, you have to visit two rooms that, for most of the last decade, never shared a table.

2. Two Lineages, Two Rooms

Credential presentation was solved twice, by two communities that optimized for different worlds and never had to agree. Neither was wrong. They simply answered different questions, and each answer came with its own protocol attached.

Room A: the documents-and-devices world

The first room is ISO/IEC JTC 1/SC 17, the committee behind cards and security devices for personal identification, and specifically its Working Group 10, home of the mobile driving licence [6]. Its members carried decades of experience with physical identity documents, chip cards, and issuing-authority public-key infrastructure, with organizations like AAMVA (the American Association of Motor Vehicle Administrators) at the table. In September 2021 they published ISO/IEC 18013-5:2021, which defined the mDL and, with it, the mdoc [7].

mdoc

The credential defined by ISO/IEC 18013-5:2021 for the mobile driving licence. It is encoded in CBOR (a compact binary serialization) and protected with COSE signatures over a Mobile Security Object, and it supports element-level selective disclosure: the holder returns only the data elements a verifier asks for. It was designed to be presented device-to-device, in person, with no network required [7].

The design center was an officer checking a licence at the roadside with no connectivity. That priority explains everything downstream: a binary encoding for compactness, a device-to-device retrieval model over QR, NFC, and Bluetooth Low Energy, and no assumption that anyone is online. It was high-assurance identity, in person, and it shipped with its own request-and-response model baked in. Its only online mode was a limited, privacy-problematic server retrieval, in which the verifier fetched the data from the issuer's own server; it had no model for a holder to present an mDL remotely to a website of their choosing.

Room B: the web-identity world

The second room was the open web's identity community, spread across the W3C, the IETF, and the OpenID Foundation. It began with a shared vocabulary rather than a protocol. In November 2019 the W3C published the Verifiable Credentials Data Model 1.0, standardizing the issuer-holder-verifier triangle and a JSON/JSON-LD shape for a credential [8]. That was a data model, deliberately silent about the wire exchange, which left room for a presentation protocol to grow up beside it.

Two things grew there. On the format side, Daniel Fett and colleagues started SD-JWT at the IETF OAuth Working Group around 2022, a way to add selective disclosure to signed JSON Web Tokens; the credential profile built on top became SD-JWT VC [9]; the base SD-JWT draft was later published as RFC 9901 [10] [11]. On the protocol side, the OpenID Foundation published its "OpenID for Verifiable Credentials" whitepaper in May 2022 and the early editors' draft of OID4VP, framing presentation as an OAuth-family Authorization Request and Authorization Response [12].

SD-JWT VC

SD-JWT-based Verifiable Credentials, an IETF OAuth Working Group specification (draft-ietf-oauth-sd-jwt-vc, authors Oliver Terbu, Daniel Fett, and Brian Campbell) layered on SD-JWT, which is RFC 9901 [9] [11]. A credential is a JSON/JWS token whose selectively-disclosable claims are salted, hashed, and released one Disclosure at a time. It is an IETF format that OID4VP carries; it is not an "OpenID format."

That attribution matters and is easy to get wrong. SD-JWT VC belongs to the IETF [13]; OID4VP belongs to the OpenID Foundation's DCP Working Group. OpenID's contribution is the protocol, not the format. Kristina Yasuda (Keio University) is a useful bridge figure to hold onto: she co-authored RFC 9901 and edits OID4VP, one person linking the IETF credential format and the OpenID presentation protocol [11]. Daniel Fett and Brian Campbell similarly span SD-JWT and SD-JWT VC [9].

The load-bearing point

Here is the fact the rest of the story hangs on: each room shipped its credential format fused to its own request-and-response protocol. The ISO world bound mdoc to Device Request/Device Response. The web world bound SD-JWT VC to OID4VP's Authorization Request/Response. Neither treated "how you ask for a credential" as a separable layer that could be shared. So the moment a verifier needed to accept both, it inherited both protocols. The two-stack tax was not a bug anyone introduced; it was the sum of two independently reasonable designs.

Ctrl + scroll to zoom
Two lineages growing in parallel, then converging between 2019 and 2026.

Two rooms, two credentials, two protocols. So how did each one actually make a holder show a credential? Put the two mechanisms side by side, and the split stops being abstract.

3. How Each World Made a Holder Show a Credential

Start with the ISO world, because it is the one most web developers have never seen. Its presentation exchange assumes no network at all.

The flow begins with Device Engagement: the verifier's reader and the holder's phone bootstrap a set of ephemeral keys, typically by scanning a QR code or tapping over NFC. That handshake establishes an encrypted channel over Bluetooth Low Energy, NFC, or Wi-Fi Aware.

Across that channel the verifier sends a Device Request, a CBOR structure naming the exact data elements it wants. The wallet answers with a Device Response containing only those elements, carrying two signatures: the issuer's COSE signature over the Mobile Security Object (proving the data is authentic) and the device's own key (proving this phone is the legitimate holder) [7].

Device Request / Device Response

The ISO proximity presentation exchange from ISO/IEC 18013-5. After Device Engagement bootstraps ephemeral keys over QR or NFC, the verifier sends a Device Request naming the data elements it wants, and the holder's device returns a Device Response with only those elements, authenticated by the issuer's COSE signature over the Mobile Security Object and by the device's own key [7].

Ctrl + scroll to zoom
ISO/IEC 18013-5 proximity presentation: an offline, device-to-device exchange.

Now the web world, which assumes the opposite: everyone is online, and the exchange looks like OAuth. Per the OID4VP 1.0 Final specification, section 8.2, the verifier builds an Authorization Request carrying response_type of vp_token, a nonce, a state, and a dcql_query describing which credentials and claims it needs [14].

That dcql_query is the verifier's shopping list, written in the Digital Credentials Query Language (DCQL), OID4VP's own JSON query object for naming credentials and claims independent of their format; its full structure does real work in the practical guide. The request can be sent by value or fetched by reference through a request_uri, and it "can be displayed to the End-User either directly (as a link) or as a QR Code" [14].

The wallet authenticates the request, gets the user's consent, and assembles a vp_token. Using response mode direct_post, it sends that token back as an HTTP POST to the verifier's response_uri [14].

Ctrl + scroll to zoom
OID4VP online presentation: an OAuth-shaped Authorization Request and a vp_token returned by direct_post.

One exchange is device-centric and offline-rooted; the other is online and OAuth-rooted. Neither could simply swallow the other: the ISO model was never web-native, and the web model was never the ISO device-retrieval model. Yet look closely at how each one actually protects and discloses a claim, and something surprising appears: the two mechanisms are almost the same idea in two encodings.

Both worlds support selective disclosure, but they implement it differently.

Selective disclosure

Releasing only the specific claims a verifier asks for while leaving the rest of the credential undisclosed yet still bound to the issuer's signature. mdoc does it at the level of CBOR data elements; SD-JWT VC does it through salted, per-claim digests carried under an _sd key [11].

The SD-JWT mechanism is worth seeing in code, because it explains a design choice that trips up implementers. RFC 9901 uses source-string hardening: each disclosable claim becomes a Disclosure (a JSON array of salt, name, value) that is base64url-encoded, and the issuer embeds a digest of that encoded string under _sd. The wire form joins the issuer-signed JWT, the chosen Disclosures, and an optional Key Binding JWT with the ~ character. The verifier hashes each Disclosure exactly as received and matches it against the issuer's _sd list [11].

JavaScript SD-JWT selective disclosure: the verifier matches each Disclosure digest against the issuer's _sd list
// SD-JWT wire form (RFC 9901): issuer-signed JWT, then one Disclosure per claim,
// then an optional Key Binding JWT, all joined by "~".
const issuerJwt = "******"; // its payload carries the _sd digest list
const discAge  = "WyJzYWx0IiwgImFnZV9vdmVyXzE4IiwgdHJ1ZV0";    // ["salt","age_over_18",true]
const discName = "WyJzYWx0MiIsImdpdmVuX25hbWUiLCJBbGV4Il0";     // ["salt2","given_name","Alex"]

// The holder chooses to reveal only age_over_18; the name stays withheld.
const wire = [issuerJwt, discAge].join("~") + "~";
console.log("presented:", wire);

// Source-string hardening: hash the Disclosure string exactly as transmitted
// (a real verifier uses SHA-256 + base64url; this stand-in keeps the demo self-contained).
function digest(s){ let h = 0; for (const c of s) h = (h * 31 + c.charCodeAt(0)) >>> 0; return "sha256:" + h.toString(16); }

// The digests the issuer embedded under _sd inside the signed JWT payload:
const _sd = [digest(discAge), digest(discName)];

for (const d of wire.split("~").slice(1).filter(Boolean)) {
const matched = _sd.includes(digest(d));
console.log(matched ? "ACCEPT" : "REJECT", d.slice(0, 20) + "...");
}
// Rule (RFC 9901 section 7): a Disclosure with no matching _sd digest MUST be rejected;
// an _sd digest with no Disclosure is simply left undisclosed. The name digest above is
// present in _sd but never disclosed, which is exactly correct.

Press Run to execute.

Now do the same anatomy for the mdoc, because the parallel is the point. The Device Response is a CBOR DeviceResponse structure; each document inside it carries an IssuerSigned part whose data elements are grouped under namespaces such as org.iso.18013.5.1, and a claim is addressed by exactly two strings, [namespace, data element identifier], returned as a CBOR data item [14] [15].

Each released element is an IssuerSignedItem, which in the ISO/IEC 18013-5 data model is the tuple { digestID, random, elementIdentifier, elementValue }, where random is a per-element salt [7]. Integrity is anchored by issuerAuth, a COSE-signed Mobile Security Object (MSO) whose ValueDigests structure maps, per namespace, each digestID to a digest [16]. The MSO is the mdoc's integrity anchor: one COSE signature over the digests of every element, so the issuer signs the whole set once and the holder later reveals any subset without a new signature [7].

Verification then mirrors SD-JWT almost step for step. The holder returns only the chosen IssuerSignedItem values; the verifier recomputes each item's digest and matches it against the signed MSO ValueDigests entry, exactly as the SD-JWT verifier matched Disclosure digests against _sd. Finally it checks deviceAuth, the deviceSignature, to prove the phone holds the mdoc's device key, the mdoc analogue of the optional Key Binding JWT [16]. Lay the two mechanisms next to each other and they line up member for member.

Role in the exchangeSD-JWT VC (JSON/JWS)mdoc (CBOR/COSE)
Disclosable unitA Disclosure: salt, name, valueAn IssuerSignedItem: { digestID, random, elementIdentifier, elementValue }
Digest set the issuer signsThe _sd digest array in the issuer JWTThe MSO ValueDigests map (per namespace)
Per-claim saltThe Disclosure's saltThe item's random field
Disclosure checkRecompute each Disclosure digest, match _sdRecompute each item digest, match ValueDigests
Holder-binding proofOptional Key Binding JWT (KB-JWT)Device signature (deviceSignature)
EncodingJSON/JWS text plus base64urlCBOR/COSE binary

The two formats are the same disclosure idea -- salted-hash selective disclosure over one stable issuer signature -- in two encodings. In one line: mdoc is CBOR/COSE, a compact binary encoding with integer keys; SD-JWT VC is JSON/JWS text plus base64url-encoded Disclosures, and base64url inflates bytes by roughly a third [11]. The two are not trivially interconvertible, which is why "just merge them" is harder than it sounds. Note also the shared consequence, paid off in section 8: because both re-present one fixed issuer signature, both sit on the linkable side of the privacy line. That shared shape is a gift to the harmonizer, because it means a single request protocol can drive either one. So the pressure fell on making the two protocols reach toward each other, one waypoint at a time.

4. Five Generations Toward One Protocol

Nobody planned convergence. It happened because every partial fix left one stubborn gap that only the next step could close. Trace the chain and a pattern appears: each generation solved a real problem and, in doing so, exposed the next one. The two credential formats ride through the entire chain unchanged. What moves is the protocol.

Generation 1: proximity mdoc (2021). ISO/IEC 18013-5 delivered high-assurance identity for an officer at the roadside, offline, device to device [7]. The gap was named by its own scope: its only online mode was server retrieval, in which the verifier fetched the data from the issuer's own server, a limited and privacy-problematic path. If you wanted a holder to present an mDL directly to a website, the standard had no model for it.

Generation 2: OID4VP (2022 to 2025). In parallel, the web world built an online presentation protocol on OAuth's Authorization Request and Response, adding a native query language along the way. The OpenID Foundation approved OID4VP 1.0 as a Final Specification in July 2025 [17]. The Final vote was 79 approve, 2 object, 17 abstain: 98 ballots cast, which cleared the required quorum [17].

This is the step most people miscategorize. OID4VP is not a successor to the mdoc; it is a parallel origin in the other room. Its gap was symmetric to Generation 1's: it was never the ISO device-retrieval model, so the mDL world could not migrate onto it wholesale. Two base protocols now existed, and neither was going away. There is exactly one clean supersession inside this story: OID4VP originally expressed "what the verifier wants" with DIF Presentation Exchange, and OID4VP 1.0 replaced it with the native Digital Credentials Query Language (DCQL, the dcql_query parameter) [14]. Everything else here is a scope boundary, not a defeat.

Generation 3: online mdoc via TS 18013-7 (2024 to 2025). ISO's response to its own gap was telling. Rather than fork a rival web protocol from scratch, it reached into the web protocol. ISO/IEC TS 18013-7 -- a first edition in 2024, superseded by a second edition published 29 May 2025 -- augments the mDL "with presentation of a mobile driving licence to a reader over the internet" by profiling OpenID4VP for the online flow [18] [19].

One chronological subtlety matters, because it is easy to state wrong: the references to OID4VP 1.0 Final and HAIP 1.0 Final belong to the standard's draft appendices, the ones exercised at La Ciotat in May 2026, not to the published 29 May 2025 edition, which necessarily predates OID4VP reaching Final in July 2025 [2]. Either way, this was the first real convergence point: an mdoc carried through an OID4VP-profiled exchange. But it was a profile bolted onto one protocol, not a merger. The two base models still, in the DCHP announcement's own words, "take different approaches to credential presentation" [1].

Generation 4: La Ciotat (May 2026). Paper profiles are cheap; interoperability is earned in a room full of implementers. At the 13th ISO mDL interoperability test event in La Ciotat, France, on 28 to 29 May 2026, teams ran ISO/IEC 18013-5 and the TS 18013-7 draft appendices together with OID4VP 1.0 Final and HAIP 1.0 against the OpenID Foundation's conformance suite [2].

Generation 5: DCHP (June 2026). The diagnosis produced a treatment. In June 2026, ISO's WG10 and WG4 and the OpenID Foundation's DCP Working Group chartered the joint Digital Credentials Harmonized Presentation Working Group to develop one harmonized Digital Credentials Request Protocol that "supports the exchange of multiple credential formats (mdoc and SD-JWT VC)," with a first meeting on 29 June 2026 [1]. It is a chartered deliverable, not a shipped one; the spec workspace at the time of writing holds only a stub README [21].

Ctrl + scroll to zoom
The convergence chain: two parallel origins (Gen 1 and Gen 2) reach toward each other and merge into one harmonized protocol.

Laid out as a table, the through-line is the "gap that drove the next step" column: no generation was defeated, each was simply incomplete on its own.

ApproachYearKey ideaStrengthGap that drove the next stepStatus
ISO/IEC 18013-5 proximity mdoc2021High-assurance offline ID, device to deviceWorks with no network, mature mDL baseNo holder-driven remote presentation to a websiteActive proximity baseline [7]
OID4VP 1.0 Final2022 to 2025Web-native online presentation over OAuth, with DCQLFormat-agnostic, Final and IPR-protectedNot the ISO device model, so two base protocols persistFinal, July 2025 [17]
ISO/IEC TS 18013-72024 (1st ed.) / 2025 (2nd ed.)Give mdoc an online path by profiling OID4VPFirst real convergence pointStill a profile on one protocol, the models diverge2nd ed., 29 May 2025 [18]
La Ciotat interop event2026Test both stacks together for realProved deployment readinessInterop achieved by running two protocols, not oneCompleted, 28 to 29 May 2026 [2]
DCHP harmonized protocol2026One request protocol carrying both formatsJoint, dual-adoption charterDoes not yet exist as a published specChartered, meets 29 June 2026 [1]

Five generations, and the industry still ships two protocols. So what insight finally reframes the problem so that one protocol becomes possible, without anyone having to lose?

5. Decouple the Protocol from the Format

The reframe is almost embarrassingly simple, and it is why nobody had to "win": stop treating the credential format and the presentation protocol as one thing.

For years, the two rooms each shipped a bundle. If you wanted the mdoc, you took Device Request/Device Response with it. If you wanted SD-JWT VC, you took OID4VP with it. The bundle felt natural because each format was born inside its protocol. But the bundle was never necessary. A protocol is a way to ask for and return a credential; a format is what the credential is. Once you insist on that separation, the whole conflict changes shape. You no longer need one format to defeat the other. You need one protocol that can request and carry either one.

You do not unify by choosing a winner. You unify by decoupling: separate the presentation protocol from the credential format, and one harmonized request protocol can carry either mdoc or SD-JWT VC. The two formats never have to change.

The reason this is a breakthrough and not a fantasy is that most of it already exists. OID4VP's vp_token is deliberately format-agnostic, and DCQL queries credentials independently of their encoding [14]. ISO/IEC TS 18013-7 already carries an mdoc through an OID4VP-profiled online flow [18]. In other words, a single protocol that carries both formats is within reach of constructions that already ship today. The remaining work is reconciliation and joint ratification, not the invention of a new cryptographic primitive.

Ctrl + scroll to zoom
Decoupling: one harmonized request protocol carries both formats, which stay distinct.

Seeing the two layers on separate axes makes the scope of the fix precise. DCHP acts on exactly one of them.

LayerExamples todayWhat DCHP does to this layer
Presentation protocolISO Device Request/Response, OID4VP Authorization Request/ResponseUnifies into one harmonized request protocol [1]
Credential formatmdoc (CBOR/COSE), SD-JWT VC (JSON/JWS)Leaves plural by design, and carries both [3]

The technical insight, though, is only half the story. The other half is institutional, and it matters just as much. Standards bodies do not merge by good intentions; a shared spec that lives inside one organization's process tends to be treated as that organization's property. DCHP is engineered to avoid exactly that failure mode.

This is where the article's title stops being a play on words and becomes a precise claim. "One Credential Presentation" means one protocol, not one format. The formats persist on purpose. The EU Digital Identity Wallet Architecture and Reference Framework v2.9 mandates both mdoc and SD-JWT VC as baseline, because each serves a domain the other does not [3]. Harmonization at the protocol layer is the objective; harmonization at the format layer is neither the plan nor a desirable one.

"The DCHP WG will develop a technical specification for a harmonized Digital Credentials Request Protocol that brings these together, and supports the exchange of multiple credential formats (mdoc and SD-JWT VC)." [1]

If the protocol can be unified in principle, the obvious next question is empirical: how unified is the world today, in the window before the harmonized protocol ships?

6. Where Things Stand in Mid-2026

Right now there is no single leader, and that is by mandate, not accident. The EU Digital Identity Wallet Architecture and Reference Framework v2.9 states it in one breath: for remote presentation the wallet implements OID4VP "in combination with the W3C Digital Credentials API," while for proximity presentation the same wallet "adheres to the ISO/IEC 18013-5 standard" [3]. That sentence is the state of the art: two presentation protocols, required together, carrying two formats, with a browser API emerging beneath them.

Consider each piece in turn.

OID4VP

OpenID for Verifiable Presentations, the OpenID Foundation DCP Working Group's OAuth-family protocol for online presentation. A verifier sends an Authorization Request carrying a dcql_query; the wallet returns a vp_token, usually through response mode direct_post. It reached Final in July 2025 and is format-agnostic [14] [17].

On the web side, OID4VP 1.0 Final is the mature, IPR-protected, conformance-tested protocol. It carries SD-JWT VC natively and mdoc through the TS 18013-7 profile, and it asks for claims through DCQL.

DCQL (Digital Credentials Query Language)

OID4VP's native JSON query object (the dcql_query), which "allows the Verifier to request Presentations that match the query" [14]. It names credentials by a per-credential format selector plus format-specific metadata, and names claims by a path pointer, so one query can describe an mdoc claim and an SD-JWT VC claim side by side. It replaced DIF Presentation Exchange in OID4VP 1.0.

OID4VP does not run alone in the field; it runs pinned by a profile, because a base protocol with dozens of options is not yet an interoperable one.

HAIP

The OpenID4VC High Assurance Interoperability Profile 1.0 Final. Not a base protocol but an option-pinning profile: it fixes which cipher suites, response modes, request-signing rules, and format bindings implementations must use, so that independent OID4VP deployments actually interoperate. It is what La Ciotat tested [16] [2].

"Build on HAIP" is often said and rarely unpacked, so here is what the profile actually pins, drawn from HAIP 1.0 Final. This table is the difference between a slogan and a specification you can implement against.

HAIP 1.0 pinWhat it requires
Query languageDCQL is mandatory: the DCQL query and response MUST be used as defined in OID4VP section 6 [16]
Response typeThe response type MUST be vp_token [16]
Signed requests and verifier identitySigned Authorization Requests via JWT-Secured Authorization Request (JAR) with request_uri; Client Identifier Prefix x509_hash; the request-signing certificate MUST NOT be self-signed and the trust anchor MUST NOT sit in the x5c header [16]
Response encryption and modeMandatory: JWE alg ECDH-ES over P-256, enc A128GCM or A256GCM (prefer A256GCM), realized as direct_post.jwt (redirect) or dc_api.jwt (browser), with ephemeral encryption keys supplied per request [16]
Trust anchorsThe aki-based trusted_authorities DCQL query MUST be supported, so one request can carry ISO mDL VICAL and ETSI Trusted List roots together [16]
Format identifiersmdoc uses mso_mdoc; SD-JWT VC uses dc+sd-jwt [16]
Key bindingFor a key-bound SD-JWT VC, a Key Binding JWT MUST always be present when presenting [16]
Baseline cryptoECDSA P-256 with SHA-256 (ES256) MUST be supported for the presentation signature and digests [16]

On the proximity side, ISO/IEC 18013-5's Device Request/Device Response remains the offline baseline, and TS 18013-7:2025 extends the same model over the internet by profiling OID4VP [18]. Above both protocols, a common entry point is taking shape in the browser.

W3C Digital Credentials API

A browser-level API, a W3C Working Draft from the Federated Identity Working Group, that lets a web page invoke a wallet through navigator.credentials.get() and brokers wallet selection, consent, and cross-device routing. It is "designed to be agnostic to credential formats" and carries an inner protocol's request as opaque data [24].

The distinction to hold onto is that the Digital Credentials API is an invocation layer, not a third protocol. The API carries an inner protocol (such as OID4VP) inside a protocol field and an opaque data field. It brokers how the wallet is summoned; it does not define how the credential is requested and returned. That is still OID4VP's job, and tomorrow it could be DCHP's [24]. It is also still a Working Draft, not a W3C Recommendation, and the EUDI ARF treats it as optional today, with custom URL schemes allowed as a fallback [24] [3].

Behind all of this sits a legal clock. Regulation (EU) 2024/1183, eIDAS 2, entered into force on 20 May 2024, with EU Member States expected to provision wallets around the end of 2026 and private-sector acceptance following roughly a year later [25]. That is why "just pick one stack" is not on the table for a European verifier: acceptance of the baseline is heading toward a legal obligation.

DimensionISO/IEC 18013-5 proximityISO/IEC TS 18013-7:2025 onlineOID4VP 1.0 FinalDCHP harmonized
Request/response modelDevice Engagement + Device Request/ResponseDevice Request/Response over the internetAuthorization Request/Response (vp_token, direct_post)Intended: one protocol reconciling both
TransportQR, NFC, BLE, offlineOnline, profiles OID4VPOnline, HTTP redirect or direct_postTo be defined
Query mechanismCBOR data-element requestVia the OID4VP profileDCQL (dcql_query)To be defined
Format carriedmdocmdocSD-JWT VC or mdocmdoc and SD-JWT VC
MaturityPublished 2021, active [7]Published 29 May 2025, active [18]Final July 2025, IPR-protected [17]Chartered, not published [1]
Interop evidenceLa CiotatLa CiotatLa Ciotat, deployment-readyNone yet, pre-spec

The one clean piece of published evidence that the current world works is La Ciotat itself.

"...a strong signal that OpenID for Verifiable Presentations and HAIP are ready for real-world deployment." -- Joseph Heenan, OpenID Foundation [2]

One trap deserves a warning, because it is easy to propagate.

And DCHP itself? Chartered, in active formation, first meeting 29 June 2026, with a spec repository that so far holds only a README [1] [21]. It is the intended future single stack, and it does not yet exist.

That is the whole official world: two protocols, two formats, one invocation layer. But the field is bigger than the baseline. What else is out there, and does any of it ride the harmonized protocol?

7. Beyond the Two Baseline Formats

This is not a "which format wins" scoreboard. It is a map of a bigger country than the two-format headline suggests, and drawing it honestly is part of getting the thesis right. DCHP's chartered scope is the presentation of mdoc and SD-JWT VC [1]. Those are the two EUDI-baseline formats, not the only formats that exist.

Start with the data model that sits beside them. The W3C Verifiable Credentials Data Model 2.0, a Recommendation from May 2025, with JSON-LD Data Integrity proofs, is a securing family in its own right [26], descended from the 1.0 model that opened the web lineage in 2019 [8]. Then there is the format that looks like it should work and does not.

A plain JWT-VC is a JSON Web Signature over a fixed payload. It structurally cannot do selective disclosure, because JWS signs the exact bytes a verifier must reconstruct in full; you cannot drop a claim without breaking the signature. That limitation is precisely why SD-JWT (RFC 9901) was created, and why SD-JWT VC, not JWT-VC, became the web-side baseline [11]. It is a clean illustration that format choices are driven by what the cryptography can and cannot express.

The more interesting frontier is privacy. Both baseline formats are linkable: every showing re-presents the same issuer signature.

Unlinkability (multi-show)

The property that two or more presentations of the same credential cannot be correlated as coming from the same holder. The baseline formats lack it: each showing re-presents a stable issuer signature (mdoc's COSE-signed Mobile Security Object, SD-JWT's issuer-signed JWT), which acts as a persistent correlation handle. Achieving it needs a different format class, such as zero-knowledge proofs of a signature [11] [27].

Two families attack that gap. BBS signatures, an IRTF draft, sign multiple messages under one constant-size signature and let the holder produce zero-knowledge proofs that disclose a subset while revealing nothing about the undisclosed messages or the signature itself, which yields unlinkable presentations [27]. Longfellow-zk, an open-source project from Google, takes a different route: it proves statements in zero knowledge over an issuer's existing signature, for example an ECDSA-signed mdoc, so the issuer does not have to migrate to a new scheme [28]. Hyperledger AnonCreds, in the Aries family, is a mature anonymous-credential system built on CL signatures, with predicate proofs and unlinkable presentations [29]. It sits in a separate stack, outside the EUDI baseline and outside DCHP's chartered scope.

The sizes matter, because they show why the choice is a genuine trade rather than a free lunch. A BBS signature over BLS12-381 is a constant 80 octets (a group element plus a scalar, 48 + 32), no matter how many attributes it covers; a BBS proof is 272 + 32U octets, where U is the number of undisclosed messages, freshly randomized on every presentation [27]. The mdoc and SD-JWT VC byte counts, by contrast, have no reproducible primary and are left un-benchmarked here.

DimensionmdocSD-JWT VCJWT-VCBBS (draft)
EncodingCBOR/COSE binaryJSON/JWS + base64url disclosuresJSON/JWS fixed payloadMulti-message signature, ZK proof
Selective disclosureElement-level, MSO-anchoredHash-based, salted _sd digestsNone (structural)ZK subset disclosure
Multi-show unlinkableNo, stable signatureNo, stable signatureNoYes, ZK proofs
Holder bindingDevice key (mdoc auth)Optional Key Binding JWTApp-specificProof bound to a nonce
Signature or proof sizeNot separately benchmarkedNot separately benchmarkedNot separately benchmarked80-octet signature; 272 + 32U-octet proof [27]
Standard baseISO/IEC 18013-5:2021 [7]RFC 9901 + SD-JWT VC draft [11]JWS (RFC 7515)draft-irtf-cfrg-bbs-signatures-10 [27]
EUDI statusBaseline [3]Baseline [3]Not baselineOptional or future

There are also several invocation and retrieval paths, not just formats: OID4VP, ISO device retrieval, the W3C Digital Credentials API, and proprietary wallet SDKs. DCHP addresses one slice of this map: the request protocol for the two baseline formats. Whether W3C VC DM 2.0, AnonCreds, or BBS ever becomes requestable over the harmonized protocol is an open design and political choice, not a settled fact. The formats still compete on their merits; harmonization does not end that competition, and it was never meant to.

One of these alternatives hints at something the baseline formats simply cannot do. Follow that thread and it leads straight to the hard limits of what harmonization can ever achieve.

8. What Harmonization Can and Cannot Do

Harmonization is powerful and bounded. Three walls are worth knowing before you over-promise it, and telling them apart is the difference between a realistic roadmap and a pitch.

Wall one is not really a wall: one protocol carrying two formats is achievable. This is close to a constructive proof rather than a hope. OID4VP's vp_token is already format-agnostic, DCQL already queries across formats [14], and TS 18013-7 already carries an mdoc through an OID4VP-profiled flow [18]. So DCHP's deliverable is within reach of known constructions; the hard part is reconciliation and dual ratification, not discovering a missing primitive.

Wall two is permanent and, more surprisingly, desirable: you cannot merge the two formats. CBOR/COSE and JSON/JWS are not two skins on one object. They are different serialization and signature models, one binary and offline-rooted, the other text and web-rooted, and they were optimized for constituencies that do not fully overlap [11].

Wall three is the deep one: selective disclosure and multi-show unlinkability cannot both come free from the baseline. Both mdoc and SD-JWT VC re-present a stable issuer signature on every showing (the mdoc's COSE-signed Mobile Security Object, the SD-JWT's issuer-signed JWT plus salted digests), so colluding verifiers, or an issuer watching verifiers, can correlate presentations by that fixed cryptographic material [11]. Escaping the correlation is provably not a matter of a better presentation protocol. It requires a different format class:

selective disclosure  +  multi-show unlinkability    zero-knowledge (or one-time-use) format\text{selective disclosure} \;+\; \text{multi-show unlinkability} \;\Longrightarrow\; \text{zero-knowledge (or one-time-use) format}

One route is one-time-use or batch issuance: mint many single-use credentials and spend each once. That route pays in issuance and storage, not compute. The other route is zero-knowledge proofs of a signature, as in BBS, whose 272 + 32U-octet proof the draft describes as unlinkable: its value is "indistinguishable from random even if generated from the same signature" [27]. Because two such proofs cannot be linked back to one signature, the verifier is left holding no reusable correlation handle at all. The two routes trade the same quantity in opposite directions:

one-time-use issuance, storage, re-issuance=O(npresentations)vs.BBS holder storage=O(1)\text{one-time-use issuance, storage, re-issuance} = \mathcal{O}(n_{\text{presentations}}) \qquad\text{vs.}\qquad \text{BBS holder storage} = \mathcal{O}(1)

Batch issuance pays O(npresentations)\mathcal{O}(n_{\text{presentations}}) in logistics and near-zero in compute; BBS pays O(1)\mathcal{O}(1) in storage (one reusable signature) and instead spends fresh prover compute on every proof [27]. Either way, the escape lives in the format, never in the request protocol.

Ctrl + scroll to zoom
The privacy axis: whether a stable signature is re-shown determines linkable versus unlinkable, and no protocol can move a credential across this line.

Two smaller walls round out the picture. The leading unlinkable option, BBS, is pairing-based over BLS12-381, and its own draft flags post-quantum security as an open consideration, so it is not itself a post-quantum construction [27]. The ideal of unlinkable and post-quantum at once is not available in a deployed, standardized format today. And even a technically perfect harmonized specification must ratify through two bodies with different processes and IPR regimes, a bound on delivery speed rather than on mathematics [23].

Two coexisting formats is not an unfinished job; it is the correct end state. Merging CBOR/COSE and JSON/JWS would break one constituency, and no presentation protocol can move a credential from linkable to unlinkable. Harmonization unifies the wire and stops exactly there.

If some walls are permanent, the interesting frontier is the one that is merely unsettled. What is genuinely still open?

9. What Is Still Unsettled

The harmonized protocol is not a finished answer. It is a set of good, hard, unanswered questions with a first meeting on the calendar. Here are the ones worth watching.

Reconciling two request-and-response models into one. This is the core deliverable: produce a single protocol whose semantics subsume both ISO/IEC 18013-7's Device Request/Device Response and OID4VP's Authorization Request/Authorization Response, which today "take different approaches to credential presentation" [1]. A targeted search of the public record turns up no authoritative technical design yet, which is exactly what a pre-first-meeting working group should look like; everything else is downstream of getting this right.

Conformance for a protocol that does not exist yet. La Ciotat validated the old stacks against the OpenID Foundation's conformance suite [30]. A new protocol needs its own test suite before anyone can call it deployment-ready, and an open question is whether ISO and the OIDF share one suite or maintain two aligned ones across their certification regimes.

Fitting under the browser. The W3C Digital Credentials API carries an inner protocol inside a protocol and data envelope, and OID4VP already rides it. A harmonized protocol would need its own registered protocol identifier there, and the API is still a Working Draft, optional in the ARF today [24]. Misalignment at the invocation layer would quietly reintroduce fragmentation one level up.

Unlinkability for the baseline at scale, and why no protocol can supply it. This is the open problem most likely to be misunderstood, so it is worth doing mechanistically. RFC 9901 spells out the only baseline escape from linkability: batch issuance. The issuer mints a batch of credentials over the same claims, and the holder spends a different one with each verifier or even each session [11].

But it only works under strict hygiene: new Key Binding keys and new salts MUST be used for every credential in the batch, and the time claims (iat, exp, nbf) must be randomized or rounded. Otherwise the bound holder key, the salted digests, or the timestamps quietly re-link the very showings you tried to separate [11]. OID4VP says the same operationally: use multiple instances of a credential, each with unique issuer signatures and keys, and discard each after one use [14].

That hygiene is not free. The batch must be sized to the number of distinct verifiers and sessions a holder will encounter, so issuance, wallet storage, and periodic replenishment all scale as O(npresentations)\mathcal{O}(n_{\text{presentations}}), and replenishment re-introduces an online dependency on the issuer [11]. You buy unlinkability with logistics, not cryptography.

Here is the load-bearing part, the reason this belongs in an article about presentation protocols at all. No request protocol can substitute for batch issuance, because the linkable handle is the issuer's signature and the bound public key, presented directly to the verifier, who could forward it to the issuer. That material lives inside the credential, beneath the presentation layer. DCQL and OID4VP only choose which claims and which format populate the vp_token; they cannot alter the signature bytes [11] [14].

And even batch issuance only defeats verifier-to-verifier and presentation linkage; it "cannot work for Issuer/Verifier unlinkability," a limit RFC 9901 says "applies to all salted hash-based approaches, including mDL/mDoc" [11]. Two different linkabilities hide under one word. Batch issuance can break verifier-to-verifier correlation (two shops cannot tell it was the same holder). It cannot break issuer-to-verifier correlation (an issuer colluding with a verifier still recognizes its own signature). Only a zero-knowledge format closes the second gap [11]. Closing that gap needs a zero-knowledge format such as BBS, whose per-presentation proof leaves the verifier no reusable handle to forward [27]. The whole thesis lands here: harmonizing the request protocol moves no credential across the privacy axis, because the limit sits in the format, one layer below anything a protocol can touch.

Post-quantum presentation. Identity credentials can outlive classical-cryptography safety margins, yet the baseline rests on classical ECDSA and EdDSA signatures, and even BBS is pairing-based [27]. A selectively-disclosable, ideally unlinkable, post-quantum format is an acknowledged frontier with nothing deployed.

Which other formats, if any, ride along. OID4VP's format-agnostic design shows the protocol can be extensible, but DCHP's charter names only mdoc and SD-JWT VC [1]. Whether W3C VC DM 2.0, AnonCreds, or BBS ever become requestable over the harmonized protocol is a design and political choice that has not been made.

The governance question that could undo it. Can two bodies ratify and maintain one specification without it forking back into two? The dual-adoption Working Procedures are engineered to make that possible [23], but no charter can guarantee it. This is an inferred risk, not a documented event: no outcome exists yet for a working group that has not held its first meeting.

As of this writing, the spec workspace at github.com/openid/dchp holds only a short README, which is the most honest possible status indicator: chartered, not yet specified [21].

None of this blocks you from acting today. In fact, waiting is the one clear mistake.

10. What to Build Today

You do not get to wait for the harmonized protocol. A verifier shipping in 2026 needs a build that is correct now and forward-compatible later, and the good news is that the two goals point the same way.

The core decision is to build a format-agnostic verifier that accepts both mdoc and SD-JWT VC. The EUDI ARF mandates both as baseline, so "pick one" is not a compliant option for anyone serving the European market [3]. Concretely, that means dispatching on the presented credential rather than assuming a single format.

JavaScript Format-agnostic verifier dispatch: sniff the credential, then route to the right path
// A both-formats verifier detects the presented credential and routes it.
// mdoc is CBOR/COSE (binary); SD-JWT VC is the "~"-delimited JSON/JWS form.
function detectFormat(presented) {
if (typeof presented !== "string") return "mdoc";     // CBOR bytes, not text
if (presented.includes("~")) return "sd-jwt-vc";      // JWT ~ Disclosure ~ ... ~ KB-JWT
return "unknown";
}

function verify(presented) {
switch (detectFormat(presented)) {
  case "mdoc":
    return "route to CBOR/COSE path: check MSO issuer signature and device key";
  case "sd-jwt-vc":
    return "route to JSON/JWS path: verify issuer JWT, match _sd digests, check optional KB-JWT";
  default:
    return "reject: unrecognized credential format";
}
}

console.log(verify("eyJhbGci...~WyJzYWx0Iiwi...~"));   // SD-JWT VC
console.log(verify(new Uint8Array([0xa3, 0x01])));      // mdoc (CBOR bytes)

Press Run to execute.

Underneath that dispatch, implement against OID4VP 1.0 Final plus HAIP 1.0 for the web side [14] [16], and ISO/IEC 18013-5 and TS 18013-7 for proximity and online mdoc [18].

"Build on HAIP" has a concrete meaning, worth stating as a checklist rather than a slogan. Sign your Authorization Requests as JAR objects delivered by request_uri, identified by an x509_hash verifier certificate that is not self-signed. Require response encryption using JWE ECDH-ES over P-256 with A256GCM, realized as direct_post.jwt on redirects or dc_api.jwt in the browser, with a fresh ephemeral encryption key per request.

Drive the request with DCQL, and support the aki trusted_authorities query so ISO and web trust roots travel together. Advertise the mso_mdoc and dc+sd-jwt format identifiers, and always require a Key Binding JWT for a key-bound SD-JWT VC [16] [9]. Invoke through the W3C Digital Credentials API where it is available, and keep custom URL schemes as a fallback [24].

The query is where the thesis becomes one line of code. DCQL lets a verifier ask for a claim, not a format, and a Credential Set expresses "accept either" so one request covers both wallets.

JavaScript One DCQL query, either format: a credential set with an any-of option accepts mdoc OR SD-JWT VC
// DCQL (dcql_query): one mdoc query + one SD-JWT VC query, tied by an
// "any-of" credential set so the verifier accepts whichever the holder has.
const dcql_query = {
credentials: [
  { id: "age_mdoc",  format: "mso_mdoc",
    meta:   { doctype_value: "org.iso.18013.5.1.mDL" },
    claims: [{ path: ["org.iso.18013.5.1", "age_over_18"] }] },   // [namespace, element]
  { id: "age_sdjwt", format: "dc+sd-jwt",
    meta:   { vct_values: ["urn:eudi:pid:1"] },
    claims: [{ path: ["age_over_18"] }] }                          // JSON path pointer
],
// options is the any-of operator: satisfy age_mdoc OR age_sdjwt, not both.
credential_sets: [
  { options: [ ["age_mdoc"], ["age_sdjwt"] ], required: true }
]
};
console.log(JSON.stringify(dcql_query, null, 2));

Press Run to execute.

That single query is the response-side dispatcher's twin: one asks for either format, the other routes whichever comes back. Together they are the whole thesis, expressed twice in about forty lines.

A few implementation pitfalls carry real cost. Never re-canonicalize SD-JWT Disclosures: RFC 9901 deliberately uses source-string hardening, so you must hash the base64url string exactly as transmitted, and a verifier that re-serializes before hashing will get digest mismatches [11]. Decide Key Binding by policy, not by presence: whether a Key Binding JWT is required must not be inferred from whether one was supplied [11].

Ignore any _sd digest with no matching Disclosure, and reject any Disclosure that matches no digest [11]. Prefer delivering large OID4VP requests by reference through request_uri rather than stuffing a full request object into a QR code [14]. And budget for two toolchains: a both-formats verifier needs CBOR/COSE libraries for mdoc and JWT/JSON/base64 libraries for SD-JWT VC.

How to reproduce the La Ciotat test setup yourself

Run the OpenID Foundation's open-source conformance suite against your OID4VP 1.0 Final and HAIP 1.0 build, the same suite used at La Ciotat, then exercise your mdoc path against ISO/IEC 18013-5 and TS 18013-7 [30]. To follow the harmonized protocol as it forms, join the mailing list at openid-specs-dchp@lists.openid.net and watch the openid/dchp repository [21].

What not to do is just as short: do not bet on one format winning, do not conflate the acronyms, and do not block production waiting for the harmonized protocol to ship. Build for both today, and the harmonized protocol becomes an upgrade, not a rewrite.

One Protocol, Two Formats, by Design

Go back to the bar in Marseille. Two phones, two credentials, one over-18 check, and a verifier forced to speak two languages. The mistake almost everyone makes is to see that scene as a format war and wait for a winner. It never was a format war. The tax the verifier pays lives one layer down, in the presentation protocol, in the fact that mdoc arrived fused to Device Request/Device Response and SD-JWT VC arrived fused to OID4VP.

Separate those layers and the whole problem dissolves in the right place. A single harmonized Digital Credentials Request Protocol, built jointly by ISO and the OpenID Foundation and adoptable by both, can carry either credential without either standards body surrendering [1]. That is what DCHP is for, and its first meeting is 29 June 2026.

"One Credential Presentation" means one protocol, not one format. The wire can converge; the credentials do not have to.

The limits are as important as the promise. Harmonization can unify the wire, but it cannot merge CBOR/COSE and JSON/JWS into one format, and it cannot move a credential from linkable to unlinkable, because both baseline formats re-present a stable issuer signature by construction [11]. The EUDI framework mandates both formats precisely because each owns a domain the other does not [3]. So two formats surviving is not a loose end for a future working group to tidy up. It is the correct design, and recognizing that is exactly what let the protocol converge without a war.

Someday the bar's verifier will speak one protocol. It will still, happily, accept both credentials.

Frequently asked questions

Does DCHP end the mdoc versus SD-JWT VC war?

It ends the protocol split, not the formats. The two formats coexist by design, and the EU Digital Identity Wallet framework mandates both mdoc and SD-JWT VC as baseline [3]. What DCHP unifies is the request protocol that carries them [1].

Is DCHP the same thing as DCP, or a typo for DHCP?

Neither. DCHP is the Digital Credentials Harmonized Presentation Working Group. DCP is the Digital Credentials Protocols Working Group that produced OID4VP and is one of DCHP's two parents [5]. DHCP is an unrelated network-addressing protocol. DCHP should never be "corrected" to DCP.

Is SD-JWT VC an OpenID format?

No. SD-JWT VC is an IETF OAuth Working Group specification (draft-ietf-oauth-sd-jwt-vc, authored by Terbu, Fett, and Campbell) built on SD-JWT, which is RFC 9901 [9] [11]. OpenID's OID4VP merely carries it; the format belongs to the IETF.

Does the harmonized protocol exist yet?

No. It is in development, with a first meeting on 29 June 2026, and the spec repository currently holds only a stub README [21]. Every claim about the harmonized Digital Credentials Request Protocol is forward-looking.

Will one format eventually win?

There is no evidence for that outcome, and the design pushes the other way. mdoc and SD-JWT VC serve different constituencies, and the EUDI framework mandates both as baseline [3]. Betting on a single winner is exactly the category error this article warns against.

Is ISO adopting OID4VP, or is OpenID adopting ISO's protocol?

Neither absorbs the other. DCHP produces a joint specification intended for adoption by both ISO WG10 and the OIDF DCP Working Group, under agreed dual-adoption Working Procedures [1] [23]. Symmetry is the point.

What about W3C VC Data Model, AnonCreds, or BBS?

They are part of a wider set of formats. DCHP's chartered scope is the presentation of mdoc and SD-JWT VC [1], while W3C VC DM 2.0 [26], AnonCreds [29], and BBS [27] sit outside that baseline. Whether any of them ever rides the harmonized protocol is an open choice.

Study guide

Key terms

Credential format
How a credential is encoded and signed, for example mdoc in CBOR/COSE or SD-JWT VC in JSON/JWS.
Presentation protocol
The wire exchange that requests and returns a credential, such as ISO Device Request/Response or OID4VP.
mdoc
The ISO/IEC 18013-5 mobile-document credential, CBOR/COSE encoded, with element-level selective disclosure.
SD-JWT VC
An IETF OAuth WG credential format built on SD-JWT (RFC 9901), JSON/JWS with salted per-claim digests.
OID4VP
OpenID for Verifiable Presentations, the OAuth-family Authorization Request/Response protocol, Final in July 2025.
DCQL
OID4VP's format-agnostic JSON query object that names credentials and claims and can accept either format via credential-set options.
DCHP
The joint ISO/OpenID Digital Credentials Harmonized Presentation Working Group building one request protocol for both formats.
Selective disclosure
Releasing only the claims a verifier asks for while the rest stay bound to the issuer signature.
Multi-show unlinkability
The property that repeat presentations cannot be correlated, which the baseline formats lack because they re-show a stable signature.

Comprehension questions

  1. Why is the mdoc versus SD-JWT VC split a protocol problem rather than a format problem?

    Each format arrived fused to its own request/response protocol, so accepting both means implementing two presentation stacks; the pain is at the protocol layer.

  2. What does DCHP unify, and what does it deliberately leave plural?

    It unifies the presentation protocol into one harmonized Digital Credentials Request Protocol while leaving the two credential formats plural by design.

  3. Why can harmonization not deliver multi-show unlinkability?

    Both baseline formats re-present a stable issuer signature, so unlinkability needs a different format class (zero-knowledge or one-time-use), which no request protocol can supply.

References

  1. (2026). Announcing the New Digital Credentials Harmonized Presentation Working Group. OpenID Foundation. https://openid.net/announcing-the-new-digital-credentials-harmonized-presentation-working-group/ - Charter, joint ISO WG10/WG4 + OIDF DCP WG, one protocol carrying mdoc and SD-JWT VC, first meeting 29 June 2026.
  2. (2026). OIDF Conformance Tests Deliver Results in La Ciotat. OpenID Foundation. https://openid.net/oidf-conformance-tests-deliver-results-in-la-ciotat/ - 13th ISO mDL interop event, 28-29 May 2026; Joseph Heenan quote; TS 18013-7 draft appendices.
  3. (2026). EU Digital Identity Wallet Architecture and Reference Framework v2.9. European Commission. https://eudi.dev/2.9.0/architecture-and-reference-framework-main/
  4. (2026). Digital Credentials Harmonized Presentation (DCHP) Working Group. OpenID Foundation. https://openid.net/wg/digital-credentials-harmonized-presentation-working-group/
  5. OpenID Digital Credentials Protocols (DCP) Working Group. OpenID Foundation. https://openid.net/wg/digital-credentials-protocols/
  6. ISO/IEC JTC 1/SC 17 -- Cards and security devices for personal identification. ISO. https://www.iso.org/committee/45144.html
  7. (2021). ISO/IEC 18013-5:2021 -- Personal identification: mobile driving licence (mDL) application. ISO. https://www.iso.org/standard/69084.html
  8. (2019). Verifiable Credentials Data Model 1.0. W3C. https://www.w3.org/TR/vc-data-model/
  9. Oliver Terbu, Daniel Fett, & Brian Campbell (2026). SD-JWT-based Verifiable Credentials (SD-JWT VC), draft-ietf-oauth-sd-jwt-vc-16. IETF OAuth Working Group. https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc/
  10. (2025). draft-ietf-oauth-selective-disclosure-jwt (redirects to RFC 9901). IETF OAuth Working Group. https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/
  11. Daniel Fett, Kristina Yasuda, & Brian Campbell (2025). RFC 9901: Selective Disclosure for JSON Web Tokens (SD-JWT). IETF. https://www.rfc-editor.org/rfc/rfc9901.html
  12. Kristina Yasuda & Torsten Lodderstedt (2022). OpenID for Verifiable Credentials (whitepaper). OpenID Foundation. https://openid.net/wordpress-content/uploads/2022/05/OIDF-Whitepaper_OpenID-for-Verifiable-Credentials_FINAL_2022-05-12.pdf
  13. (2026). oauth-wg/oauth-sd-jwt-vc: IETF OAuth WG working area for SD-JWT VC. IETF OAuth Working Group. https://github.com/oauth-wg/oauth-sd-jwt-vc
  14. (2025). OpenID for Verifiable Presentations 1.0 (Final Specification). OpenID Foundation. https://openid.net/specs/openid-4-verifiable-presentations-1_0-final.html
  15. (2023). AAMVA Mobile Driver's License Implementation Guidelines, Version 1.6. AAMVA. https://www.aamva.org/getmedia/a9535063-be06-446a-bc7f-4df3b6b68cbc/MobileDLGuidelines-1-6.pdf - Co-developer document; DeviceResponse and namespace framing, cited for framing only.
  16. (2025). OpenID4VC High Assurance Interoperability Profile (HAIP) 1.0 (Final Specification). OpenID Foundation. https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-1_0-final.html
  17. (2025). OpenID for Verifiable Presentations 1.0 Final Specification Approved. OpenID Foundation. https://openid.net/openid-for-verifiable-presentations-1-0-final-specification-approved/
  18. (2025). ISO/IEC TS 18013-7:2025 -- Personal identification: mDL add-on functions (IEC Webstore). IEC. https://webstore.iec.ch/en/publication/107660
  19. (2025). ISO/IEC TS 18013-7:2025 (ISO catalogue). ISO. https://www.iso.org/standard/91154.html
  20. OpenID Foundation Leadership. OpenID Foundation. https://openid.net/foundation/leadership/
  21. (2026). openid/dchp: Digital Credentials Harmonized Presentation Working Group Repository. OpenID Foundation. https://github.com/openid/dchp
  22. (2026). Digital Credentials Harmonized Presentation Working Group Charter. OpenID Foundation. https://openid.net/digital-credentials-harmonized-presentation-working-group-charter/
  23. (2026). DCHP Working Group Exhibit: dual-adoption Working Procedures. OpenID Foundation. https://openid.net/wp-content/uploads/2026/06/DCHP-WG-Exhibit.pdf
  24. (2025). Digital Credentials (W3C Working Draft). W3C Federated Identity Working Group. https://www.w3.org/TR/digital-credentials/
  25. (2024). Regulation (EU) 2024/1183 (eIDAS 2). European Union. https://eur-lex.europa.eu/eli/reg/2024/1183/oj
  26. (2025). Verifiable Credentials Data Model 2.0. W3C. https://www.w3.org/TR/vc-data-model-2.0/
  27. Tobias Looker, Vasilis Kalos, Andrew Whitehead, & Mike Lodder (2026). The BBS Signature Scheme (draft-irtf-cfrg-bbs-signatures-10). IRTF CFRG. https://datatracker.ietf.org/doc/draft-irtf-cfrg-bbs-signatures/
  28. google/longfellow-zk: zero-knowledge proofs over existing identity signatures. Google. https://github.com/google/longfellow-zk
  29. AnonCreds Specification. Hyperledger. https://hyperledger.github.io/anoncreds-spec/ - CL-signature anonymous credentials with predicates and unlinkability.
  30. About the OpenID Foundation Conformance Suite. OpenID Foundation. https://openid.net/certification/about-conformance-suite/