At the Open Source Summit Europe 2025 in Amsterdam, the Cyber3Lab team had the privilege to present on a crucial topic: the potential of Verifiable Credentials as a building block for Zero Trust security, with a particular focus on validating external users.

Zero Trust security is now an established best practice, widely embraced for internal systems where organizations protect resources by assuming no implicit trust. The tools and systems to implement Zero Trust internally are mature and widely available. However, one key vulnerability remains: validating the identity of external users is still a significant challenge.

During the session, a revealing moment highlighted the state of awareness in the industry: when the speaker asked the audience how many had heard of Self-Sovereign Identity (SSI) , not a single hand was raised. This clearly illustrates the unexplored terrain ahead for adoption and education around SSI, a concept that promises to revolutionize how digital identities are owned and managed.

The talk shared insights from a demonstrator currently under development in collaboration with Sirris | Innovation forward as part of the Interreg France-Wallonie-Vlaanderen SecuWeb project. The goal is to explore applied research that transitions promising technologies like SSI into real-world, scalable solutions.

Key points emphasized included:

• Zero Trust is a best practice already established in protecting internal assets and systems.
• The internal systems have strong tooling and are ready to support this model effectively.
• External user identity validation remains a weak spot vulnerable to social engineering attacks.
• Direct integration with external identity systems is a risky approach because it does not scale well, and it introduces dependencies on external systems' uptime and security.
• Self-Sovereign Identity, leveraging Verifiable Credentials, Decentralized Identifiers (DIDs), and open protocols like OIDC4VP, offers a compelling answer to these challenges by enabling cryptographically verifiable identities that users control.

These capabilities bring privacy, security, and scalability benefits that traditional, centralized identity systems cannot match. By removing dependencies on external system uptime, risk is reduced, and the user experience can improve.

The Cyber3Lab is deeply invested in applied research to pioneer these technologies and bring them into new domains, applying rigorous testing and validation to demonstrate real-world potential. This approach is what drives the collaboration within the Interreg project and the continuous learning and sharing within the Linux Foundation Decentralized Trust (LFDT) community, of which Cyber3Lab is an associate member.