Happy 2025!

How’d I do on predictions past?

Two years ago I predicted 2023 would bring continued “meaningful changes around the protection of children’s identity through “regulations [that] broaden current requirements to encompass smarter consent”. I’ll take a passing grade on that one, since a proposed FTC rule that year proved to be a harbinger of many stronger moves around age verification and children’s data privacy more recently.

And last year I made predictions on three topics: passwordless, decentralized, and AI. Your mileage may vary, but I’d score these as 2 for 3: pass — fail — pass.

The missing prediction

Before getting into identity-related predictions about the year ahead of us, first I want to scrutinize the elephant in the room.

You won’t find any exciting predictions here about privacy or consent.

Why? Because we’ve seen a downward trajectory for many years, and it looks to hold steady.

But I do believe it’s possible — if difficult — to change this dynamic. If the “purpose of a system is what it does,” it’s time to re-examine our purpose. To that end, I’ve fashioned my Consent Is Dead blog series into a brand-new white paper with practical advice for identitarians. You’re welcome to download it here.

To be perfectly honest, the paper does contain a few predictions. But they are undated, so I am giving myself an out. 😀

Finally, predictions for 2025

Now, on to some actual predictions about the next 12 months!

Passkeys

Passkey deployments will deepen, expanding from consumer use cases to supply chain, B2B, and employee workflows.

What’s the evidence? Synced passkeys have become popular in retail and other consumer-facing scenarios, but device-bound passkey guidelines and standards refinement are still needed for the tougher enterprise use cases. Yuriy Ackermann has a great explainer.

Shared Signals Framework

SSF will gain traction, with more profiles created and deployed to suit new use cases.

What’s the evidence? An SSF interop was held at December’s Gartner IAM Summit, with 14 participants — specialty vendors and major players alike. Conversations keep arising in the identity community about new profiles.

AuthZEN

A handful of market-leading SaaS services and gateways will adopt and implement AuthZEN policy enforcement points, driving more adoption to come.

What’s the evidence? A major WG workstream involves reaching out to and enabling these “relying parties,” a smart move that has previously rewarded standards efforts such as OpenID Connect.

Verifiable credentials

Consumers will start using verifiable credentials more broadly, but where VCs are used, they will be invisible to the naked eye.

What’s the evidence? Decentralized identity player Trinsic recently sold its platform to top customer Dentity. Trinsic now focuses solely on its “Acceptance Network” — there’s that focus on relying parties again! — and Dentity has a unique specialty in removing friction for both credential verifiers and credential holders.

(Read my paper to see the evidence for why privacy will still face tough sledding with wallets, credentials, and selective disclosure in the mix.)

If you’re like me, you’ve probably seen 100 predictions go by in your feeds. What do you think will happen this year? What predictions did you expect but didn’t see? Do you agree or disagree with my self-assessments? Let me know in the comments.