Update #27
TL;DR
New release - OID4VCI v1, x.509 Lib, credential status in CWT format, tags for keys and much more.
eIDAS2 Implementers Series – A series exploring eIDAS2 technical terms, timelines, use-cases and requirements for governments and businesses.
Concepts – explainer pieces on selective disclosure and the digital credentials API.
Community Stack (0.17.1)
Below are the highlights available through 0.17.1 of the identity lib. Checkout the full change log for 0.17.0 here and for 0.17.1 here. Want to learn more about the identity lib in general? Check out our intro video.
Features
The X.509 Lib
The X.509 library is a tiny, pragmatic toolkit you can use to work with X.509 certificates with a KMP-first API. On JVM/Android, it supports PKIX certificate chain validation (order independent path building, pluggable trust anchors) plus ISO/IEC 18013-5 X.509 certificate tooling to generate, parse, and validate IACA and Document Signer certificates, with clear, context rich validation exceptions.
Learn more here
OpenID4VCI Lib
Introduced an initial OpenID4VCI baseline library as a starting point for issuer flows and follow-up interoperability work for OID4VCI v1.
Learn more here
Tags for Keys
Added support for tagging keys at creation time in AWS and Azure integrations
Learn more here
Extended Azure Key Vault Support
Added additional Azure Key Vault support as a new cryptographic backend, enabling key management and signing operations against Azure-managed keys using Managed Identity rather than explicit authentication
Learn more here
Deployment & Infrastructure
Added comprehensive Helm charts for deploying WaltID components in Kubernetes environments.
Learn more here
Fixes
Wallet / Runtime / Sessions
Fixed web wallet startup when ktor-auth is enabled and the Valkey session store is not reachable, improving failure-mode clarity and local dev ergonomics
Crypto
Corrected
hasPrivateKeysemantics for AWS, Azure, OCI, and TSE key implementations to avoid incorrect capability checks in higher-level flowsImproved external key serialization registration by dynamically tracking registered key types, reducing brittleness when integrating new key providers
Breaking Changes
Certificate Validation & X.509
Onboarding now requires explicit
notBefore/notAftertimestamps in certificate request payloadsAltered request/response shapes for certificate operations to support the new builder-based approach
Enterprise Stack (0.17.1)
Below are the new feature highlights available through 0.17.1 of the Enterprise Stack. Checkout the full change log here. Want to learn more about the enterprise stack in general? Check out our intro video.
Features
Issuer2 and OpenID4VCI 1.0
Added support for OpenID4VCI 1.0 through the Issuer2 API, including support for the Authorization Code Flow and Pre-Authorized Code Flow.
Learn more here
Tags for managed Keys
Attach metadata to keys for easier organization and retrieval.
Learn more here
Credential Status & CWT Support
Credential Status handling was extended from JWT-only to also support CWT (CBOR Web Token), improving interoperability with status list standards.
Learn more here
Verifier / Metadata
Added support for RFC7591-style client metadata in Verifier2 OpenID metadata, including language-tagged variants and extended OpenAPI examples.
Learn more here
Data Retention Service
Enhanced logging with run IDs for audit trails and debugging, using lambda-based evaluation to ensure log messages are only constructed when the log level is enabled.
Learn more here
Tenant Isolation & Security Framework
Tenant isolation and the security framework were strengthened by enforcing permission based filtering across resources and events, ensuring proper multi tenant data isolation and a more secure audit trail.
OpenAPI Specification Management
Added OpenAPI spec generation and comparison tooling to automatically detect breaking API contract changes and warn early about compatibility risks.
Certificate Validation Alignment
Aligned certificate validation system with the OSS implementation to ensure consistency across platforms, including minor wording and alignment improvements in OpenAPI documentation.
Managed Identity Authentication for Azure Key Vault
Added support for Managed Identity authentication for key management with Azure Key Vault, improving security and ease of use.
Learn more here
Crypto Onboarding Improvements
Improved crypto onboarding with Azure key-management examples and initialization to accelerate multi-cloud deployments.
Learn more here
In-Memory Storage for Status Credentials
Added an in-memory implementation for credential-status storage and reorganized storage strategy/configuration to make deployments easier to reason about, improving separation of concerns and configurability.
Fixes
AWS SDK Auth Parameter
Fixed AWS SDK auth parameter naming to match the expected initialization contract, ensuring reliable key management integration with AWS KMS.
Breaking Changes
Azure Key Management
Azure key management now distinguish between SDK-based and REST-based backends. Existing deployments using Azure Keys should review their key configuration and authentication methods. Also, migration scripts must be run to update keys to new formats.
Learn more here
AWS Key Management
To better align our request bodies, a new auth property has been added to the config object for the AWS key management service created with the SDK.
If you are using the AWS key management service created with the SDK only utilising the region property, you will need to update your configuration to include the auth property. If you were previously using the Access Keys or RoleNames you will not be affected by this change.
Learn more here
eIDAS2 Implementers Series
Explore our eIDAS2 implementers series below:
Concepts – Learn the Digital ID Fundamentals
We’ve expanded our Concepts section on docs.walt.id to help you (and your team) get up to speed on the core building blocks of decentralized ID — without having to dig through specs first.
Latest additions include:
Selective Disclosure & SD-JWTs - A Guide to Privacy-Preserving Digital Identity
DC API - A Guide on the Digital Credential API
PS: If you enjoy working with our tools, make sure to leave us a ⭐ on GitHub