eIDAS2: EU's digital identity regulation explained Learn more
All posts

Blog

Product Update #29

OID4VCI v1 in Enterprise Stack Issuer & Wallet, W3C VCDM 2.0, Trust Registry Lib and Service, VICALs, Certificate Stores and much more.May 12, 2026
On this page

TL;DR

  • New release - OID4VCI v1 in Enterprise Stack Issuer & Wallet, W3C VCDM 2.0, Trust Registry Lib and Service, VICALs, Certificate Stores and much more.
  • eIDAS2 – high-level overview of the EU’s digital identity regulation.
  • Concepts – explainer pieces on HAIP, Trust Systems, Wallets Attestations and more.

Community Stack (0.19.0 & 0.20.0)

Below are the highlights available through 0.19.0 and 0.20.0 of the identity lib. Check out the full change log for 0.19.0 here and for 0.20.0 here. Want to learn more about the identity lib in general? Check out our intro video.

0.19.0

Features

OID4VCI Issuer Lib

Shipped a substantial OpenID4VCI-oriented issuer library with multi-format credential issuance (SD-JWT VC, JWT VC, LDP, MSO mdoc), credential endpoint flows, authorization server metadata, txCode support, and pluggable issuance handlers.

Learn more here

ISO / mdoc example templates

Added ISO / mdoc example templates to accelerate mobile-document and interop testing.

Learn more here

Revocation / status-list verification policies

Hardened revocation / status-list verification policies with signature checks for status lists in verification-policies-2, coordinated with enterprise credential-status work.

Learn more here

Issuer metadata and serialization 

Continued issuer metadata and serialization refactors (credential configurations, OAuth/OIDC metadata, optional notification/deferred endpoints) to reduce integration friction for wallet and issuer clients 

Learn more here

Credential-status and OAuth ergonomics

Expanded credential-status and OAuth ergonomics with a status-list aggregation endpoint, improved default authorization-server metadata (including PKCE-oriented defaults), and OAuth expires_in handling, alongside clearer logging for the notification framework.

Fixes

Presentation Definition

Fixed Presentation Definition parsing so optional field constraints are honored when paths are missing, aligning behavior with DIF Presentation Exchange expectations

Learn more here

0.20.0

Features

W3C VCDM 2.0 support

Introduced W3C VCDM 2.0 support with automatic version detection, field mapping (validFrom/validUntil), and correct JWT/SD-JWT envelope handling for both V1.1 and V2.0 credentials.

Learn more here

Trust Registry library

Added a new Trust Registry library supporting EU Trusted Lists (TSL XML) and EUDI Lists of Trusted Entities (LoTE JSON/XML) with certificate-based trust resolution and XMLDSig signature validation.

Learn more here.

Credential Status Policies 

Enhanced credential status policies to support multiple allowed status values and improved CWT binary/hex encoding consistency.

Learn more here.

OpenID4VCI wallet library

Added OpenID4VCI wallet library for Kotlin Multiplatform with credential offer parsing, issuer metadata resolution, OAuth flows, token exchange, and JWT proof generation

Learn more here

Unified Web Data Fetching Abstraction

Shipped unified web data fetching abstraction with configurable HTTP engines (CIO default), centralized timeout/retry settings, and platform-specific implementations for improved load testing and cross-platform consistency.

Learn more here

Fixes

  • Fixed credential metadata display issues (#1667).
  • Pinned react-qr-code version to 2.0.14 to resolve dependency issues (#1681).
  • Updated clientId in verifier-service configuration for development and production environments (#1686).

Enterprise Stack (0.19.0 & 0.20.0)

Below are the new feature highlights available through 0.19.0 and 0.20.0 of the Enterprise Stack. Check out the full change log for 0.19.0 here and for 0.20.0 here. Want to learn more about the enterprise stack in general? Check out our intro video.

0.19.0

Features

Issuer2 and OpenID4VCI v1

Issue credentials aligned with the OID4VCI v1 version with our new issuer2 service in the Enterprise Stack. Next to core capabilities such as tx-code support for pre-auth flows and wallet-initiated issuance, the issuer2 also comes with an improved general interface, including a profile system to issue credentials.

Learn more here.

VICAL, X.509 store, and X.509 service

Replaced the legacy VICAL and certificate-store stack with new and improved versions. Additional capabilities include publication-time validation, signer chain rules, and registry retrieval for the latest and version-specific artifacts.

Learn more about the new services: VICAL, X.509 Store, X.509 Service

Credential status

Fixed CWT encoding (binary vs hex), added x5c-oriented token status list support, and corrected JWT/CWT kid generation for status-list credentials. Made content-type for status-list cloud storage configurable. Added delete endpoint for status lists.

Learn more here

Fixes an improvements

  • In-memory persistence adapter: nested JSON path sorting, EncodeDefault fixes, and calculation corrections.
  • Swagger and documentation improvements for CWT status list surfaces.
  • Various test harness cleanups and dependency-related test coverage for VICAL publication flows.

Breaking Changes

  • VICAL and X.509 certificate store: Legacy VICAL registry and certificate-store APIs and resources were removed in favor of the new service model, storage layout, and permission mappings. Deployments and clients using the old VICAL or certificate-store endpoints must migrate to the new publication/registry APIs and updated X.509 service configuration (#399).
  • Fixes to the Bitsting Status List: Due to the changes made to fix the Bitstring Status List, you may need to update your status list configuration or republish your status lists. Please review the accompanying breaking change guide and select the appropriate migration path based on your existing setup.

0.20.0

Features

OpenIDVCI 1.0 Support in the Wallet Service

OID4VCI V1 support in the wallet marks the completion of our 1.0 support across all enterprise stack services.

Learn more here.

New Trust Registry Service 

Added a new service for managing ETSI trust lists (TSL, LoTE) for credential verification against official trust frameworks.

Learn more here

New Client Attestation Service

Added new service for issuing and verifying wallet attestations for secure credential issuance flows.

Learn more here

Improved external IAM integration & External Role Mapping

Authentication using external IAM integrations has been improved, and the new capability to map external IAM roles onto Enterprise Stack API roles has been added.

Learn more here

Enterprise Service security refactoring 

For Issuer 1/2, Verifier 1/2, and Wallet services with interface-based implementations, automatic dependency detection, and granular permission control. Major architectural improvement enabling better testability and security isolation.

X.509 Store and VICAL services 

rebuilt with proper persistence, user-permission proxies, and service-level certificate storage with cross-store linking support. Certificate IDs are now derived from target paths with full delete support.

Learn more about the services: VICAL, X.509 Store, X.509 Service

Fixes and improvements

  • Fixed BSON issue in enterprise services.
  • Fixed credential metadata display.
  • Fixed assignRoleToApiKey double-stringify in demo app.
  • Fixed coroutine context conflict in tenant permissions listing.
  • Fixed old reference in credential status.
  • Added Swagger examples for creating plain KMS and generating keys.
  • Updated OpenAPI docs and examples for X.509 service and VICAL storage behavior.
  • Fixed integration tests workflows.

Breaking Changes

  • X.509 Store API: The X.509 store add/update flows now use service-level targets with certificate IDs derived from the target path. Clients using the old certificate store APIs must migrate to the new request models.

eIDAS2

Get a high-level overview of the EU’s digital identity regulation. Explore the regulation, upcoming deadlines, and the technical requirements for issuers, verifiers, and wallet providers.

Learn more

The EUDI Wallet Explained

A complete overview of the EU's new digital identity app. Discover its core capabilities—from storing IDs and professional credentials to qualified electronic signatures.

Learn more

Concepts – Learn the Digital ID Fundamentals

We’ve expanded our Concepts section on docs.walt.id to help you (and your team) get up to speed on the core building blocks of decentralized ID — without having to dig through specs first.

Latest additions include:

  • HAIP Profile – A Guide to High-Assurance Profile for OpenID4VC
  • Trust Systems – A Guide to the Architectural Foundations of Digital Trust
  • EU Trust Lists – A Guide on eIDAS-Compliant Governance for Digital Identity
  • ISO Trust VICals – A Guide to Global Interoperability for Mobile Driver's Licenses
  • Wallet Attestations – A Guide to Securing Integrity and Trust for Identity Wallets
  • DCQL - The Digital Credentials Query Language Used in OID4VP Explained

PS: If you enjoy working with our tools, make sure to leave us a ⭐ on GitHub