Enterprise IAM could provide needed critical mass for reusable digital identity

There are 2.6 billion people around the world who make up the addressable population for user-held digital identity, according to the number-crunchers at KuppingerCole.

A blog post from Anne Bailey on the eve of the European Identity and Cloud conference (EIC) 2025 notes that for user-held reusable digital identity to work, it must have critical masses of holders, issuers and verifiers.

The firm expects 400 million new credentials per year to be issued from 2026 on, which would give a linear adoption about 6.5 years to cover the whole addressable market. A spike in adoption in Europe will follow the introduction of EUDI Wallets, but elsewhere enthusiasm will be less. The post notes the “high potential” of the U.S. market, but also barriers including disparate rollouts of mobile driver’s licenses (mDLs).

A similar point in Trinsic’s “Digital ID Opportunity Zones in 2025” keeps the U.S. in the “yellow zone” for digital ID adoption for this year, at least.

Too many wallets could be a problem for interoperability, and between EU member states, US states and privately developed options, there will easily be a hundred to chose from, some likely sector-specific. KuppingerCole estimates that the average person will have five identity credentials, and the IDs they will last about three years each before needing to be renewed. That adds up to 13 billion “high-quality credentials in use,” 4.3 billion of which are renewed per year.

The relying parties could be drawn from more than 143 million companies globally.

And then there is the IAM side of the equation. Bailey notes the “ripe market” for a range of enterprise identity use cases.

On Day 2 of EIC 2025, that topic was taken up in a presentation from Dock Labs.

Delegating biometrics and VCs for trust and assurance

Richard Esplin of Dock Labs, where he is head of product for Truvera, and the Decentralized Identity Foundation (DIF), began by stating that of all the identity challenges his company’s customers face, “the biggest one is trying to get our information out of a trusted system of records.”

Acquisitions, different business goals, and even rogue teams can prevent a single, unified platform from serving the whole organization. And then there are partnerships, employees contracted to customers, customer onboarding and a host of other situations that force identity information to move from an internal system to another one.

“The result is we end up building difficult, complicated integrations that are hard to maintain,” Esplin says.

Further, people want services that providers can only deliver by receiving trusted information, but people are hesitant to share their information. And then there are the attendant regulatory concerns, particularly where biometrics are involved.

Intermediaries clearly have a big role to play.

Some of those intermediaries may be AI agents, which can ease data sharing, but does not address the central concern about how to limit information sharing while delivering trust.

Esplin argues for verifiable credentials as the answer, with the signature of the issuer providing the trust and the consent-based sharing model of VCs satisfying user’s desire to limit data sharing. Because VCs are standardized, the need for complicated integrations is removed.

Biometric templates are stored by the user, enabling strong binding without the data privacy concerns that come with legacy architectures.

Esplin presents the trade-offs that go along with the two options for capturing biometric reference data; sensors controlled by the issuer or verifier, or sensors connected to a digital wallet. The former requires that people trust the hardware provider and other parties, and is not very flexible if the issuer wants to change their biometrics provider, he says. The latter requires trust in the native sensors of the user’s device.

On-device comparisons to templates captured by the issuer or verifier have limited use cases, while cloud processing generally requires biometric data storage by a third party. Esplin advises matching templates from a device, whether on the device or in the cloud, as  a way to avoid remote biometric data storage. Each approach has its place, but “we favor keeping that biometric solution under the holder’s control.”

Dock Labs’ Truvera wallet stores three credentials: one for the biometric enrollment, one for the biometric check, and the one which is bound to the user’s biometric to complete the transaction.

Article Topics

biometrics  |  digital identity  |  digital wallets  |  Dock  |  EIC 2025  |  enterprise  |  identity access management (IAM)  |  KuppingerCole  |  reusable digital ID  |  Trinsic  |  verifiable credentials