Update #26

TL;DR

• New release - OIDVP v1, Digital Credentials API, enhanced mDoc support, new verification policies and much more.

• Docs redesign – faster navigation, global search and new roadmap + feature comparison pages.

• Concepts – explainer pieces on protocols, credential types and digital ID fundamentals.

• eIDAS2 – a practical implementers guide to turn regulation into a concrete roadmap.

Latest Release Highlights (Community Stack)

Below are all features available through v0.16.0 of the identity lib. Check out the full change log here. Want to learn more about the identity lib in general? Check out our intro video.

OID4VP v1 Support for the Verifier

The community stack now offers a new verifier API (verifier 2). It includes an improved verification interfaces, new policies and full compliance with the latest OID4VP v1 version. The verifier 2 will replace our current verifier implementation, which is scheduled to be deprecated by Q2 2026. To power the new API, we created various underlying libs to enable v1 support like the DCQL parser lib, openid4vp and openid4vp-verifier lib.

The Verifier 2 docs for the Community Stack aren’t published yet, but its interfaces closely follow the Enterprise Stack. To explore the updated structure, check out the Enterprise Stack documentation here.

Note: OID4VP v1.0 is not yet supported in the wallet or demo apps. Big updates are planned for the new year.

Enhanced mDoc & ISO 18013-5/7 support with JSON→CBOR data adaptation

Expanded mDoc support with consolidated tests and maintenance in the mDoc credentials library, plus fixes for ISO 18013-7 profile handling. A configurable JSON→CBOR mapping layer was added with namespace builders, typed namespace data, and recursive translators, giving issuers a robust way to model mDoc namespaces and keep payloads consistent across implementations and interop tests.

Digital Credentials API for OID4VP v1

Use the new Verifier 2 API to verify credentials via OID4VP v1 and the Digital Credentials API. We’ve also published a demo portal and JS components to make building verification flows with walt.id and the Digital Credentials API easier. You can check out the portal and JS components here and here.

Automated OpenID4VP conformance runners

Automated test running against the official OpenID Foundation OpenID4VP conformance suite ensure our verifier OID4VP v1 implementations stay aligned.

COSE and VICAL crypto libraries & trust tooling

Released waltid-cose, a multiplatform library for COSE signing and verification built on waltid-crypto and kotlinx-serialization, plus waltid-vical for issuing and verifying VICAL (Verified Issuer Certificate Authority Lists) as defined in ISO/IEC 18013-5.

READMEs

Rewrote the entire README set for every library/application to ensure up-to-date information, new examples and comparison tables.

Enhanced Verification Policies

Added a VP-level policy to require multiple credential types in one presentation, a VICAL policy, fixed SD-JWT VC x5c key parsing, and surfaced DCQL credential metadata so enterprise verifiers can render richer headers.

Enhanced the waltid-ktor-authnz

Updates to the lib include: a re-engineered OIDC auth method with dynamic discovery, multi-step session flows, front- and back-channel logout, safer token handling, and HTML-based redirects.

Wallet API and Web Wallet improvements

Users can assign aliases when generating or importing keys. DID import is now supported in the Wallet API. Parsing of VCTs in the web wallet was corrected to ensure credential metadata renders reliably.

Latest Release Highlights (Enterprise Stack)

Below are all features available through v0.16.0 of the Enterprise Stack. Checkout the full change log here. Want to learn more about the enterprise stack in general? Check out our intro video.

Notice: You might be wondering why this release is v0.16.0 when the last Enterprise version was v0.7.0. Since we now release Enterprise and Community together, we’ve aligned their versions—so with the latest Community Stack at v0.15.1, the Enterprise Stack has been bumped to v0.16.0 to match going forward.

OID4VP v1 Support for Wallet & Verifier

The enterprise stack now offers a new verifier service (verifier 2). It includes an improved verification interfaces, new policies and full compliance with the latest OID4VP v1 version. The verifier 2 will replace our current verifier implementation, which is scheduled to be deprecated by Q2 2026. Also we’ve updated the wallet service to now be fully compliant with OID4VP v1.

You can checkout the new verifier2 service interfaces here.

mDL/mdoc enhancements

Added full mDoc parsing, device authentication and presentation validation based on CBOR/COSE libraries, including selective disclosure handling for mDoc presentations.

Credential Status Service, and mDL/mDoc Status Integration

• Added configurable, signed-URL generation for status endpoints with expiry support and cloud-specific URL providers, and updated registry utilities to work with cloud-native clients.

• Linked stored issuance sessions to credential status indices and refreshed status update APIs so status changes can be automated from issuance flows and traced back to the original session.

• Extended issuer and verifier support for mDL/mDoc credentials using a unified status property backed by TokenStatusList/Credential Status List, including multiple status values per credential.

• Introduced a Credential Status List view in the Enterprise UI

SD-JWT VC Issuance and Verification

• Implemented SD-JWT VC schema validation in the Enterprise Issuer, ensuring issued SD-JWT VCs conform to expected structures before they are returned to clients.

• Fixed missing _sd_alg parameters in SD-JWT payloads and updated x5c handling to support certificate chains (with dedicated X509 parsing utilities).

• Updated issuer responses to include cNonce plus expiry and to transcode uploaded PEM certificate chains into base64 DER for SD-JWT and W3C x5c headers, improving interoperability with external wallets/verifiers.

• Tightened handling of client_id and response_mode for SD-JWT and related flows using stricter enums and validation rules to match current standards.

Enterprise UI Improvements

• Added a logout button

• Implemented session-expiry detection with a modal and client-side handling so token expiry is surfaced clearly and users are guided to re-authenticate in the admin UI

• Improved login page with clearer error messages and loading states

• Introduced policy settings on the wallet “receive VC” screen, enabling per-wallet policy configuration when receiving credentials

• Added tenant deletion with confirmation flows, improved configuration views and clarified “Danger Zone” messaging for sensitive operations such as credential deletion.

• Provided UI for Verifier2 and holder policies so operators can configure and review holder-related policy behavior directly from the Enterprise console

• Added tenant registry options, dynamic page titles and safer default selection for DID stores, improving overall admin guidance and reducing misconfiguration risk

Idempotent Issuer, Verifier and Resource APIs

Made resource creation, credential issuance and verification-session endpoints idempotent, so repeated client calls (e.g. retries) do not result in duplicate resources or sessions.

Open Telemetry Support

OpenTelemetry configuration via telemetry.conf, including exporter wiring, instrumentation toggles and feature flags for Enterprise services. Learn more here.

Session PII data retention & auto-purge

Configurable issuer/verifier session retention via data-retention.conf and the data-retention feature flag, including scheduled auto-purge, dry-run mode, and logging to limit stored PII. Lear more here.

Docs Redesign & New Features

We’ve refreshed docs.walt.id to make it faster to find what you need and understand how our products fit together.

What’s new on docs.walt.id

• Navigation – Cleaner structure, no more edition switcher. Community & Enterprise Stack are always visible, wherever you are.

• Search – New global search (⌘K) to jump straight to APIs, guides and concepts.

• Roadmap – A roadmap page that shows what’s live, what we’re working on and what’s coming next.

• Feature lists – Side-by-side comparison of issuer, verifier and wallet across Community vs. Enterprise Stack.

• Product pages – Dedicated pages for issuer, verifier and wallet with capabilities, use cases and FAQs.

• TL;DR blocks – Many pages now start with an expandable TL;DR so you can quickly see what you’ll learn and which digital ID concepts are involved.

• Docs home – A new landing page that helps newcomers get oriented and pick the right starting point.

• Content updates – Clearer structure, shorter paragraphs and more lists so docs are easier to scan and read.

What’s new in our Swagger docs

• Descriptions – Updated endpoint descriptions with clearer context and common use cases.

• References – Links from endpoints to the relevant docs.walt.id sections so you can dive deeper.

• Response codes – Added missing response codes for more predictable integrations.

Curious? Check out our new docs here.

Concepts – Learn the Digital ID Fundamentals

We’ve expanded our Concepts section on docs.walt.id to help you (and your team) get up to speed on the core building blocks of decentralized ID — without having to dig through specs first.

Today, you’ll find short, focused explainers on things like:

• Decentralized identity & ID ecosystems – how issuers, wallets and verifiers fit together.

• DIDs (Decentralized Identifiers) – what they are, how they’re structured and where they’re used.

• Digital credential types – W3C Verifiable Credentials, mDL/mdoc, SD-JWT VC and mono-claim credentials.

• Credential exchange protocols – OpenID4VCI (issuance) and OpenID4VP (presentation).

• Lifecycle & exchange basics – revocation, status, and how credentials move between parties.

In the next months, we’ll roll out deeper dives on:

• Selective Disclosure - what it is, which credentials enable it and common use-cases.

• ID Wallets – how identity wallets work and how they integrate with issuers and verifiers.

If you’re new to digital ID, this is a great starting point. If you’re already building, it’s a handy reference you can share with colleagues who are just joining the project.

eIDAS2 Compliance eBook

We’ve published a new eIDAS2 Implementers Guide – a practical eBook that explains what eIDAS2, the ARF and the Large-Scale Pilots actually mean in practice and how to become compliant.

Inside, you’ll get:

• An overview of eIDAS2, the ARF, LSPs, implementing acts and the different attestation types like the PID – plus a clear timeline so you know exactly when different obligations kick in.

• Role-based guidance for Issuers, Verifiers and Wallet Providers, including responsibilities, requirements and go-to-market options depending on your role.

• Technical checklists that map each role to concrete standards (OID4VCI/OID4VP, ISO/IEC 18013-5/-7, SD-JWT VC, W3C VC, etc.) and help you design compliant wallet, issuance and verification flows.

If you’re working on digital ID strategy, product or compliance, this gives you a shared reference you can circulate across teams and use to kick off your eIDAS2 roadmap.

Check out the eBook here.

PS: If you enjoy working with our tools, make sure to leave us a ⭐ on GitHub

Share an idea, ask a question, or chat?