Interoperability in the context of identity wallets and credentials refers to the ability of different systems, platforms, and entities to work together seamlessly to manage, verify, and share digital identities. This ensures that identity wallets and distributed identity systems, which rely on decentralised technologies, can operate across various domains and jurisdictions. Interoperability is critical for widespread adoption and trust in digital identity ecosystems. It can be categorised into several key aspects: Organizational, Legal, Semantic, and Technical.

1. Organisational Interoperability

Organisational interoperability focuses on aligning the goals, workflows, and responsibilities of different entities involved in identity wallets and distributed identity systems. This includes:

• Collaboration between Stakeholders: Ensuring that organisations such as governments, R&E institutions, and private companies can coordinate their efforts. For example, a government-issued digital ID should be usable by an R&E service (verifier).
• Shared Processes: Establishing common processes for user binding, identity issuance, verification, and revocation across organisations. For instance, standardising how a university issues a digital diploma that can be verified by an employer’s identity system.

2. Legal Interoperability

Legal interoperability ensures that identity wallets and distributed identities comply with diverse legal frameworks across jurisdictions. Key considerations include:

• Regulatory Compliance: Adhering to laws like GDPR, or other data protection regulations (outside of EU). For example, ensuring that a distributed identity system allows users to control their data as per GDPR’s “right to be forgotten.”
• Cross-Border Recognition: Enabling legal recognition of digital identities across countries, such as mutual recognition agreements for eID credentials between nations.
• Liability Frameworks: Defining who is responsible in case of identity misuse or data breaches, especially in decentralised systems where accountability can be unclear.

3. Semantic Interoperability

Semantic interoperability ensures that different systems interpret and understand identity data consistently. This involves:

• Common Data Models: Using standardised attributes, such as those defined by the W3C Verifiable Credentials Data Model, OpenID4VC etc, to ensure a “date of birth” or a "person identifier" field is interpreted the same way across systems.
• Ontology Alignment: Agreeing on the meaning of terms, such as what constitutes a “verified identity” or a “trusted issuer,” to avoid miscommunication.
• Interoperable Formats: Supporting formats like JSON-LD for credentials to ensure data can be read and processed by different identity wallets.
• Schemas for understanding credentials: E.g. ELM, OpenBadge, EMREX, ELMO, but also different isolated schemas at the national level. Need to interoperate with existing schemata
• Profiles:
  • Need for (transport) protocol interop profile, e.g. see HAIP (High Assurance Interop Profile) or something more lightweight like DIIP (Decentralised Identity Interop Profile).
  • Need for trust profile (e.g. OpenID for Research and Education (OpenID4RE) Project or OpenID Federation for Wallets architecture)
  • National profiles (e.g. based on ELM)

4. End-to-end Interoperability

Technical interoperability ensures that the underlying technologies of identity wallets and distributed identity systems can work together. This can be broken down into several subcategories (see also Educational interoperability by SURF):

4.1. Users & Services

• Ensuring that identity wallets provide a consistent user experience across different platforms (e.g., mobile apps, web interfaces).
• Supporting seamless interaction between users and services, such as using a single identity wallet to log into both a government portal and an R&E service

4.2. Organisation & Processes

• Aligning technical workflows, such as how identity providers issue credentials and how relying parties verify them.
• Automating processes like credential revocation or updates across decentralised systems to ensure consistency.

4.3. Application & Information

• Enabling applications to share and process identity data securely, such as through APIs that support standards like OpenID Connect or DIDComm.
• Ensuring information integrity and security during data exchange, such as using cryptographic signatures to prevent tampering.

4.4. Standards & Technology

• Adopting common standards like OpenID4VC, W3C Decentralized Identifiers (DIDs), Verifiable Credentials, and protocols like DIDComm.

4.5. Governance & Legislation

• Implementing governance frameworks that define technical rules
• Ensuring technical systems align with legal requirements, such as incorporating privacy-by-design principles to comply with data protection laws.