[Identity] Support for the digital credentials API in Identity for user verification and account recovery

[javiercn]

Digital identity credentials – such as mobile driver’s licenses and other verified digital IDs – are rapidly gaining support across major tech platforms and governments. Apple and Google have rolled out digital ID wallets on iOS and Android, enabling users to add driver’s licenses or state IDs to their phones for secure identity verification.

Microsoft Entra supports open-standard Verifiable Credentials through its Entra Verified ID platform, allowing organizations to issue and accept digital credentials for identity proofing (e.g. account recovery) in a privacy-preserving way. Meanwhile, government initiatives in the European Union and United States are accelerating: the EU’s new eIDAS 2.0 regulation mandates that all member states deploy a European Digital Identity Wallet by 2026 for citizens to store and share official credentials, and over a dozen U.S. states now accept mobile IDs via Apple Wallet, Google Wallet, or state apps (with TSA checkpoints nationwide piloting digital ID acceptance).

This broad ecosystem momentum underscores the value of adding Digital Credentials API support in ASP.NET Core Identity – it would allow .NET applications to integrate with these emerging standards for verified identity, enhancing account recovery and user verification workflows.

Digital credentials dramatically improve security by reducing fraud vectors common in traditional verification and bring many other advantages:

• Harder to Forge or Steal: A scanned driver’s license or a PDF document can be photoshopped or tampered with. By contrast, digital credentials are cryptographically signed by a trusted issuer (like a government) and verified automatically. Any alteration breaks the signature, so a verifier can instantly detect a fake or modified credential. This tamper-proof quality means an imposter cannot simply “edit” a digital credential the way they might falsify a scan of a paper ID.
• Protection Against Identity Theft & Phishing: When using a digital credential, the user typically must authenticate (e.g., unlock their phone with Face ID or fingerprint) to release it, adding a layer of biometric security. The data that gets shared is read-only and securely transmitted via the API – unlike static info that could be phished.
• Reduced Attack Surface: Traditional verification often involves storing copies of IDs or personal data for future reference, creating a honeypot for hackers. If a database of uploaded ID documents is breached, thousands of identities are exposed. With a digital credentials approach, the application usually doesn’t need to store the actual credential data long-term – it just checks the digital signature and perhaps keeps a yes/no or reference token. This “verify but don’t retain” model (sometimes called zero-knowledge proofs when minimal data is revealed) means there’s less sensitive data sitting around to be stolen
• Selective disclosure & user control: Verifiable digital credentials enhance privacy by enabling selective disclosure, unlike traditional methods that often expose excessive personal data such as full names, birthdates, and addresses when only a simple check (like confirming age or residence) is needed. Instead of broad overexposure, credential systems allow users to share only the required attributes—such as a cryptographically certified “over 18” attestation—without revealing unnecessary details. These flows are user-driven, requiring explicit consent for each disclosure, and often support revocation or updates, giving individuals control over their information in line with GDPR and eIDAS 2.0’s “privacy by design” principles. For service providers, credentials reduce the need to store sensitive data, lowering breach risks and simplifying compliance, since they can record verification outcomes without retaining full personal records. Ultimately, digital credentials protect users by minimizing data collection, empowering consent, and reducing retention, ensuring that only the essential information is shared.
• Streamlined and User-Friendly: Digital credentials streamline identity verification by eliminating tedious document uploads, replacing slow manual reviews with instant phone-based approvals, and removing the cognitive burden of remembering security questions, which often frustrate users and cause lockouts. They leverage mobile-first convenience, integrating seamlessly with smartphone wallets and biometrics for secure, offline-capable verification, while also enabling faster issue resolution in account recovery by allowing real-time credential sharing with support. Moreover, they enhance accessibility for users with disabilities or limited technical skills, and provide globally recognized standards that simplify cross-border verification. Overall, digital IDs deliver a fast, secure, and user-friendly experience that reduces friction, increases completion rates, and aligns with modern expectations for instant, mobile-native interactions.

See https://developer.chrome.com/blog/digital-credentials-api-shipped