OpenID4VP and mobile driving licences

What is OpenID4VP?

OpenID4VP is a specification from the OpenID Foundation that defines how verifiable credentials (VCs) can be presented securely and selectively by end-users to trusted parties known as verifiers. Built on OAuth 2.0 and OpenID Connect, it supports multiple credential formats and flexible deployment scenarios — from same-device flows to cross-device QR-based handoffs.

• Digital Credential Query Language (DCQL) for querying specific claims
• Verifiable Presentation (VP) tokens for packaging and delivering credentials
• Direct post modes (direct_post.jwt) for structured responses
• Holder binding and selective disclosure for privacy and integrity

The final 1.0 specification was published on 9 July 2025, after public review and community feedback.

How it works

1. Credential request: the verifier sends a presentation request using DCQL.
2. Wallet interaction: the user's wallet receives the request, authenticates the user and obtains consent.
3. Presentation: the wallet issues a VP token with selected claims via redirect, QR code or direct_post.jwt.
4. Verification: the verifier checks digital signatures, nonce, issuer validity and holder binding.

Key features of OpenID4VP

• Credential format flexibility: supports W3C VC, ISO mDLs (mso_mdoc) and SD-JWT VCs
• Selective disclosure: users share only necessary claims (e.g. age, not full ID)
• Security: uses nonces, holder binding proofs and JWE encryption for integrity and privacy
• Interoperability: trust frameworks like OpenID Federation support ecosystem compatibility

mDLs in the digital identity ecosystem

Mobile Driving Licences (mDLs) are digital equivalents of physical driving licences, governed by ISO/IEC 18013-5. They are encoded in CBOR and signed using COSE_Sign1, supporting both in-person and online presentations.

• Data format: mso_mdoc
• Cryptographic security: COSE-based signatures and issuer certificates
• Presentation methods: Bluetooth, QR code or NFC

OpenID4VP and mDLs together

1. The verifier requests a credential of type org.iso.18013.5.1.mDL and format mso_mdoc.
2. A presentation URL is shared with the wallet (QR code or redirect).
3. The wallet presents a signed Verifiable Presentation.
4. The verifier validates the cryptographic proof, doc_type, issuer and claim contents.

This flow ensures compliance with both OpenID4VP and ISO/IEC 18013-5.

Real-world pilots and implementations

• US states: California, Arizona and Louisiana — early mDL deployments, some exploring OpenID4VP
• Europe: France Identité, eDoklady (CZ) and eID.li (Liechtenstein) align with W3C VC and mDL formats
• Technology providers: MATTR and walt.id support OpenID4VP APIs and integrations

Benefits at a glance

• Selective disclosure: only reveal necessary claims, such as proof of age
• Security: cryptographic signatures, holder binding and JWE encryption
• Interoperability: multi-format and cross-wallet compatibility
• Privacy compliance: aligns with GDPR, ISO and decentralised ID principles
• User experience: fast, contactless, mobile-first interactions

The road ahead

With continued development of interoperability profiles like the OpenID4VC High Assurance Interoperability Profile, OpenID4VP is poised to support not only mDLs but also digital passports, medical credentials and professional licences. Challenges such as verifier adoption and device compatibility remain, but the groundwork is laid for a trusted, decentralised identity ecosystem.

Conclusion

OpenID4VP is more than a protocol — it is a cornerstone of privacy-first digital interactions. Combined with mobile driving licences, it redefines how individuals share identity data: securely, selectively and seamlessly. Driver Codes plans to introduce OpenID4VP features to its app very soon. In the meantime, you can read about the UK's digital driving licence plans.