Advanced Digital Identity

Advanced Digital Identity is an effort to provide individuals with greater control over their identity on social media platforms. At the center of this project is the Keyring wallet, an open-source application that stores verifiable data about the user’s identity on their mobile phone. Using sophisticated cryptography, a user can choose to selectively disclose certain aspects of their identity and connections to different platforms, services, and communities — with strong, clear privacy controls — in a way that others can verify.

Vision

To develop ways for users to reclaim control of their data and privacy, and to verify important details about their contacts and sources of information online. 

Goals

The project aims to: 

• Provide an easy-to-use mobile app to store and manage sensitive identity information, and to enable users to selectively disclose it to certain services at their discretion
• Enable content creators and publishers to share trustworthy attestations about their social media accounts and content across platforms
• Allow users to verify their contacts and connections independently of any particular platform, in a way that is verifiable and portable.
• Establish open standards and infrastructure that other developers can build on to advance user-owned identity systems

Why This Matters

According to the Pew Research Center, 4 out of 5 of Americans polled stated that they “are concerned about how companies use the data they collect about them” and “feel they have very little or no control over the data collected by companies.” Today, a single person is frequently a member of dozens of online services. Most of those services will require users to authenticate (or “login”) to the service before the service will allow meaningful interactions. Unfortunately, traditional authentication systems place control in the hands of the authentication system, not the user. The user must authenticate by revealing sensitive information (e.g., an email address or a birthday) directly to a service; ideally, the service would allow the user to verifiably reveal just enough information to authenticate (e.g., “this user has a valid Gmail account” or “this user is at least 13 years old”) without revealing anything else (e.g., the user’s full Gmail account name or their full birthday).

The goal of the Advanced Digital Identity project is to provide authentication infrastructure that centers user agency. In particular, the infrastructure allows a user to verify a specific facet of the user’s identity (e.g., age or ownership of a specific social media account) to a specific online service, at a time decided by the user, and without revealing additional information. Via this selective, user-driven disclosure mechanism, users can build their online reputation (and verify the reputation of other people) without totally ceding control of the underlying personal data. 

Strong-but-privacy-preserving demonstration of personal identity is also critical for protecting online services from unchecked proliferation of AI bots and other undesirable programmatic actors.

When users have greater control over their identity and data across platforms, they can both protect their privacy and have more meaningful choices regarding when and how to share their information. We believe that increasing user choice will gradually reduce problems with the undesired“lock-in” users experience today, promote greater competition and accelerate the emergence of better, healthier social media products.

How It Works

Keyring gives users control over their identity and discretion about what data to share with whom. It is the user’s “control center.” The application is built around two complementary layers of trust:

1. Verifiable Relationship Credentials — Enable trusted social and professional connections without requiring a centralized intermediary
2. Institutional Credentials — The ability to hold official credentials from institutions

Users on social media applications — for example, the Bluesky platform in one current demonstration — can provide proof of particular information and display this as profile badges that other users can see and confirm. This includes:

• Proof of Linked Accounts – To confirm that a user controls a particular username on X, Instagram, etc. This allows users to unify their identity across platforms when desired.
• Proof of Age – To confirm that a user is an adult using data from a mobile driver’s license, without disclosing their actual birthday or age. This can control access to age-gated content.*
• Proof of Relationships (planned) – To confirm a verified relationship with someone a user follows or is followed by

These profile badges improve trust and safety on platforms, while allowing users control over what information they disclose and to whom.

Relationship Credential Exchange

Keyring now includes a Relationship Credential Exchange Protocol, which allows two individuals to issue cryptographically signed credentials directly to each other — without requiring a centralized authority. These “first-person” credentials are portable, verifiable, and entirely user-controlled.

On-Device Biometric Verification

To ensure that the person operating the wallet is its legitimate owner, Keyring supports using standard iOS and Android biometric verification (fingerprint or facial recognition). Biometric data is stored exclusively in the device’s secure hardware enclave and never leaves the device, protecting against unauthorized access or impersonation.

Witnessed Credential Exchange

Building on the Relationship Credential Exchange, Keyring introduces a Witnessed Credential Exchange capability. A trusted entity (such as an event host or institution) can act as a “witness” to validate that a credential exchange occurred in its presence. Critically, the witness confirms only that an exchange took place — it never sees any private information. The result is a Witnessed Verifiable Credential (VWC) that adds an additional layer of credibility and provenance to peer-to-peer connections, helping mitigate fake accounts and bad actors.

*At this point in time, the age verification demonstration relies on a mock mobile driver’s license. Future implementations may leverage other data sources.

Recent Milestones

In April 2026, we publicly launched Keyring at the Digital Identity Symposium, hosted by the Berkman Klein Center at Harvard Law School. The event featured a live demonstration of the witnessed credential exchange, a panel discussion on the future of user-owned identity, and the first real-world use of the witnessed exchange protocol among event participants.

Keyring is open-source (Apache 2.0) and available on GitHub:

• Keyring Wallet — The wallet interface and user experience
• Keyring Bifold — Core logic and reusable components

Our contributions to the broader decentralized identity ecosystem include:

• Drafting the initial Decentralized Trust Graph credential specification in collaboration with the Linux Foundation Decentralized Trust’s Decentralized Trust Graph Working Group
• Implementing peer-to-peer relationship credential exchange in an open-source wallet
• Developing and deploying the witnessed exchange protocol for the first time
• Creating a reusable biometric attestation module for iOS and Android

Who Can Benefit

We are creating identity solutions for:

• Everyday individuals who are looking for greater agency and privacy in how they are identified online
• Organizations and communities aiming to verify the affiliations and endorsements of their members
• Developers in the digital identity community working on novel digital identity solutions
• Journalists or whistleblowers who need to prove their identity or affiliation
• Content creators, influencers, and content publishers that want to confirm identity across online platforms.

Get Involved

We’re looking for collaborators, test partners, and ideas for new features. If you’re interested in experimenting with our identity solutions (or shaping their development), we’d love to hear from you at asml@cyber.harvard.edu.

Team