[{"data":1,"prerenderedAt":744},["ShallowReactive",2],{"/blog/product-update-29":3},{"id":4,"title":5,"archived":6,"author":7,"body":8,"category":733,"coverImage":705,"description":705,"extension":734,"meta":735,"navigation":736,"ogImage":737,"path":738,"publishedAt":739,"seo":740,"stem":741,"tags":742,"__hash__":743},"blog/blog/product-update-29.md","Product Update #29",false,"OID4VCI v1 in Enterprise Stack Issuer & Wallet, W3C VCDM 2.0, Trust Registry Lib and Service, VICALs, Certificate Stores and much more.",{"type":9,"value":10,"toc":704},"minimark",[11,19,41,45,48,71,75,80,85,97,104,109,115,121,126,133,139,145,152,158,163,174,178,183,189,195,199,202,207,221,227,232,238,244,249,252,258,263,266,272,277,284,290,293,320,322,326,342,345,348,353,356,362,367,370,389,394,409,415,419,436,440,462,465,468,473,476,482,487,490,496,501,504,510,515,518,524,529,532,537,540,552,556,582,585,593,595,600,603,610,616,619,625,629,641,644,694,696],[12,13,15],"h2",{"id":14},"tldr",[16,17,18],"strong",{},"TL;DR",[20,21,22,29,35],"ul",{},[23,24,25,28],"li",{},[16,26,27],{},"New release"," - OID4VCI v1 in Enterprise Stack Issuer & Wallet, W3C VCDM 2.0, Trust Registry Lib and Service, VICALs, Certificate Stores and much more.",[23,30,31,34],{},[16,32,33],{},"eIDAS2"," – high-level overview of the EU’s digital identity regulation.",[23,36,37,40],{},[16,38,39],{},"Concepts"," – explainer pieces on HAIP, Trust Systems, Wallets Attestations and more.",[12,42,44],{"id":43},"community-stack-0190-0200","Community Stack (0.19.0 & 0.20.0)",[46,47],"hr",{},[49,50,51,52,59,60,64,65,70],"p",{},"Below are the highlights available through 0.19.0 and 0.20.0 of the identity lib. Check out the full change log for 0.19.0 ",[53,54,58],"a",{"href":55,"rel":56},"https://github.com/walt-id/waltid-identity/releases/tag/v0.19.0",[57],"nofollow","here"," and for 0.20.0 ",[53,61,58],{"href":62,"rel":63},"https://github.com/walt-id/waltid-identity/releases/tag/v0.20.0",[57],". Want to learn more about the identity lib in general? Check out our ",[53,66,69],{"href":67,"rel":68},"https://youtu.be/5T7M63apfdg",[57],"intro video",".",[12,72,74],{"id":73},"_0190","0.19.0",[76,77,79],"h3",{"id":78},"features","Features",[49,81,82],{},[16,83,84],{},"OID4VCI Issuer Lib",[49,86,87,88,91,92,96],{},"Shipped a substantial ",[16,89,90],{},"OpenID4VCI-oriented issuer library"," with multi-format credential issuance (SD-JWT VC, JWT VC, LDP, MSO mdoc), credential endpoint flows, authorization server metadata, ",[93,94,95],"code",{},"txCode"," support, and pluggable issuance handlers.",[49,98,99,100],{},"Learn more ",[53,101,58],{"href":102,"rel":103},"https://github.com/walt-id/waltid-identity/tree/main/waltid-libraries/protocols/waltid-openid4vci",[57],[49,105,106],{},[16,107,108],{},"ISO / mdoc example templates",[49,110,111,112,114],{},"Added ",[16,113,108],{}," to accelerate mobile-document and interop testing.",[49,116,99,117],{},[53,118,58],{"href":119,"rel":120},"https://github.com/walt-id/waltid-identity/tree/main/waltid-applications/waltid-credentials/src/content/1.iso-mdoc-credentials",[57],[49,122,123],{},[16,124,125],{},"Revocation / status-list verification policies",[49,127,128,129,132],{},"Hardened ",[16,130,131],{},"revocation / status-list verification policies"," with signature checks for status lists in verification-policies-2, coordinated with enterprise credential-status work.",[49,134,99,135],{},[53,136,58],{"href":137,"rel":138},"https://github.com/walt-id/waltid-identity/pull/1633",[57],[49,140,141,144],{},[16,142,143],{},"Issuer metadata and serialization"," ",[49,146,147,148,151],{},"Continued ",[16,149,150],{},"issuer metadata and serialization"," refactors (credential configurations, OAuth/OIDC metadata, optional notification/deferred endpoints) to reduce integration friction for wallet and issuer clients ",[49,153,99,154],{},[53,155,58],{"href":156,"rel":157},"https://github.com/walt-id/waltid-identity/pull/1469",[57],[49,159,160],{},[16,161,162],{},"Credential-status and OAuth ergonomics",[49,164,165,166,169,170,173],{},"Expanded ",[16,167,168],{},"credential-status and OAuth ergonomics"," with a status-list aggregation endpoint, improved default authorization-server metadata (including PKCE-oriented defaults), and OAuth ",[93,171,172],{},"expires_in"," handling, alongside clearer logging for the notification framework.",[76,175,177],{"id":176},"fixes","Fixes",[49,179,180],{},[16,181,182],{},"Presentation Definition",[49,184,185,186,188],{},"Fixed ",[16,187,182],{}," parsing so optional field constraints are honored when paths are missing, aligning behavior with DIF Presentation Exchange expectations",[49,190,99,191],{},[53,192,58],{"href":193,"rel":194},"https://github.com/walt-id/waltid-identity/pull/1631",[57],[12,196,198],{"id":197},"_0200","0.20.0",[76,200,79],{"id":201},"features-1",[49,203,204],{},[16,205,206],{},"W3C VCDM 2.0 support",[49,208,209,210,212,213,216,217,220],{},"Introduced ",[16,211,206],{}," with automatic version detection, field mapping (",[93,214,215],{},"validFrom","/",[93,218,219],{},"validUntil","), and correct JWT/SD-JWT envelope handling for both V1.1 and V2.0 credentials.",[49,222,99,223],{},[53,224,58],{"href":225,"rel":226},"https://github.com/walt-id/waltid-identity/pull/1687",[57],[49,228,229],{},[16,230,231],{},"Trust Registry library",[49,233,234,235,237],{},"Added a new ",[16,236,231],{}," supporting EU Trusted Lists (TSL XML) and EUDI Lists of Trusted Entities (LoTE JSON/XML) with certificate-based trust resolution and XMLDSig signature validation.",[49,239,99,240,70],{},[53,241,58],{"href":242,"rel":243},"https://github.com/walt-id/waltid-identity/tree/main/waltid-libraries/credentials/waltid-trust-registry",[57],[49,245,246,144],{},[16,247,248],{},"Credential Status Policies",[49,250,251],{},"Enhanced credential status policies to support multiple allowed status values and improved CWT binary/hex encoding consistency.",[49,253,99,254,70],{},[53,255,58],{"href":256,"rel":257},"https://docs.walt.id/community-stack/verifier2/policies/available-policies#credential-status",[57],[49,259,260],{},[16,261,262],{},"OpenID4VCI wallet library",[49,264,265],{},"Added OpenID4VCI wallet library for Kotlin Multiplatform with credential offer parsing, issuer metadata resolution, OAuth flows, token exchange, and JWT proof generation",[49,267,99,268],{},[53,269,58],{"href":270,"rel":271},"https://github.com/walt-id/waltid-identity/tree/main/waltid-libraries/protocols/waltid-openid4vci-wallet",[57],[49,273,274],{},[16,275,276],{},"Unified Web Data Fetching Abstraction",[49,278,279,280,283],{},"Shipped ",[16,281,282],{},"unified web data fetching abstraction"," with configurable HTTP engines (CIO default), centralized timeout/retry settings, and platform-specific implementations for improved load testing and cross-platform consistency.",[49,285,99,286],{},[53,287,58],{"href":288,"rel":289},"https://github.com/walt-id/waltid-identity/pull/1675",[57],[76,291,177],{"id":292},"fixes-1",[20,294,295,304,312],{},[23,296,297,298,303],{},"Fixed credential metadata display issues (",[53,299,302],{"href":300,"rel":301},"https://github.com/walt-id/waltid-identity/pull/1667",[57],"#1667",").",[23,305,306,307,303],{},"Pinned react-qr-code version to 2.0.14 to resolve dependency issues (",[53,308,311],{"href":309,"rel":310},"https://github.com/walt-id/waltid-identity/pull/1681",[57],"#1681",[23,313,314,315,303],{},"Updated clientId in verifier-service configuration for development and production environments (",[53,316,319],{"href":317,"rel":318},"https://github.com/walt-id/waltid-identity/pull/1686",[57],"#1686",[46,321],{},[12,323,325],{"id":324},"enterprise-stack-0190-0200","Enterprise Stack (0.19.0 & 0.20.0)",[49,327,328,329,59,333,337,338,70],{},"Below are the new feature highlights available through 0.19.0 and 0.20.0 of the Enterprise Stack. Check out the full change log for 0.19.0 ",[53,330,58],{"href":331,"rel":332},"https://docs.walt.id/enterprise-stack/release-notes/releases/0.19.x",[57],[53,334,58],{"href":335,"rel":336},"https://docs.walt.id/enterprise-stack/release-notes/releases/0.20.x",[57],". Want to learn more about the enterprise stack in general? Check out our ",[53,339,69],{"href":340,"rel":341},"https://youtu.be/FKzoD9F23VE",[57],[12,343,74],{"id":344},"_0190-1",[76,346,79],{"id":347},"features-2",[49,349,350],{},[16,351,352],{},"Issuer2 and OpenID4VCI v1",[49,354,355],{},"Issue credentials aligned with the OID4VCI v1 version with our new issuer2 service in the Enterprise Stack. Next to core capabilities such as tx-code support for pre-auth flows and wallet-initiated issuance, the issuer2 also comes with an improved general interface, including a profile system to issue credentials.",[49,357,99,358,70],{},[53,359,58],{"href":360,"rel":361},"https://docs.walt.id/enterprise-stack/services/issuer2-service/overview",[57],[49,363,364],{},[16,365,366],{},"VICAL, X.509 store, and X.509 service",[49,368,369],{},"Replaced the legacy VICAL and certificate-store stack with new and improved versions. Additional capabilities include publication-time validation, signer chain rules, and registry retrieval for the latest and version-specific artifacts.",[49,371,372,373,378,379,378,384],{},"Learn more about the new services: ",[53,374,377],{"href":375,"rel":376},"https://docs.walt.id/enterprise-stack/services/vical-service/overview",[57],"VICAL",", ",[53,380,383],{"href":381,"rel":382},"https://docs.walt.id/enterprise-stack/services/x509-store-service/overview",[57],"X.509 Store",[53,385,388],{"href":386,"rel":387},"https://docs.walt.id/enterprise-stack/services/x509-service/overview",[57],"X.509 Service",[49,390,391],{},[16,392,393],{},"Credential status",[49,395,396,397,402,403,408],{},"Fixed CWT encoding (binary vs hex), added ",[16,398,399],{},[93,400,401],{},"x5c","-oriented token status list support, and corrected JWT/CWT ",[16,404,405],{},[93,406,407],{},"kid"," generation for status-list credentials. Made content-type for status-list cloud storage configurable. Added delete endpoint for status lists.",[49,410,99,411],{},[53,412,58],{"href":413,"rel":414},"https://docs.walt.id/enterprise-stack/services/credential-status-service/overview",[57],[76,416,418],{"id":417},"fixes-an-improvements","Fixes an improvements",[20,420,421,430,433],{},[23,422,423,424,429],{},"In-memory persistence adapter: nested JSON path sorting, ",[16,425,426],{},[93,427,428],{},"EncodeDefault"," fixes, and calculation corrections.",[23,431,432],{},"Swagger and documentation improvements for CWT status list surfaces.",[23,434,435],{},"Various test harness cleanups and dependency-related test coverage for VICAL publication flows.",[76,437,439],{"id":438},"breaking-changes","Breaking Changes",[20,441,442,448],{},[23,443,444,447],{},[16,445,446],{},"VICAL and X.509 certificate store",": Legacy VICAL registry and certificate-store APIs and resources were removed in favor of the new service model, storage layout, and permission mappings. Deployments and clients using the old VICAL or certificate-store endpoints must migrate to the new publication/registry APIs and updated X.509 service configuration (#399).",[23,449,450,453,454,461],{},[16,451,452],{},"Fixes to the Bitsting Status List",": Due to the changes made to fix the Bitstring Status List, you may need to update your status list configuration or republish your status lists. Please review ",[53,455,458],{"href":456,"rel":457},"https://github.com/walt-id/waltid-enterprise-quickstart/breaking-changes-helper/0.19.0/BITSTRING_STATUS_LIST_MIGRATION_GUIDE.md",[57],[16,459,460],{},"the accompanying breaking change guide"," and select the appropriate migration path based on your existing setup.",[12,463,198],{"id":464},"_0200-1",[76,466,79],{"id":467},"features-3",[49,469,470],{},[16,471,472],{},"OpenIDVCI 1.0 Support in the Wallet Service",[49,474,475],{},"OID4VCI V1 support in the wallet marks the completion of our 1.0 support across all enterprise stack services.",[49,477,99,478,70],{},[53,479,58],{"href":480,"rel":481},"https://docs.walt.id/enterprise-stack/services/wallet-service/credential-receiving/openid4vci-1.0/credential-receive",[57],[49,483,484,144],{},[16,485,486],{},"New Trust Registry Service",[49,488,489],{},"Added a new service for managing ETSI trust lists (TSL, LoTE) for credential verification against official trust frameworks.",[49,491,99,492],{},[53,493,58],{"href":494,"rel":495},"https://docs.walt.id/enterprise-stack/services/trust-registry-service/overview",[57],[49,497,498],{},[16,499,500],{},"New Client Attestation Service",[49,502,503],{},"Added new service for issuing and verifying wallet attestations for secure credential issuance flows.",[49,505,99,506],{},[53,507,58],{"href":508,"rel":509},"https://docs.walt.id/enterprise-stack/services/client-attestation-service/overview",[57],[49,511,512],{},[16,513,514],{},"Improved external IAM integration & External Role Mapping",[49,516,517],{},"Authentication using external IAM integrations has been improved, and the new capability to map external IAM roles onto Enterprise Stack API roles has been added.",[49,519,99,520],{},[53,521,58],{"href":522,"rel":523},"https://docs.walt.id/enterprise-stack/administration/access-and-permissions/external-role-mapping",[57],[49,525,526,144],{},[16,527,528],{},"Enterprise Service security refactoring",[49,530,531],{},"For Issuer 1/2, Verifier 1/2, and Wallet services with interface-based implementations, automatic dependency detection, and granular permission control. Major architectural improvement enabling better testability and security isolation.",[49,533,534,144],{},[16,535,536],{},"X.509 Store and VICAL services",[49,538,539],{},"rebuilt with proper persistence, user-permission proxies, and service-level certificate storage with cross-store linking support. Certificate IDs are now derived from target paths with full delete support.",[49,541,542,543,378,546,378,549],{},"Learn more about the services: ",[53,544,377],{"href":375,"rel":545},[57],[53,547,383],{"href":381,"rel":548},[57],[53,550,388],{"href":386,"rel":551},[57],[76,553,555],{"id":554},"fixes-and-improvements","Fixes and improvements",[20,557,558,561,564,567,570,573,576,579],{},[23,559,560],{},"Fixed BSON issue in enterprise services.",[23,562,563],{},"Fixed credential metadata display.",[23,565,566],{},"Fixed assignRoleToApiKey double-stringify in demo app.",[23,568,569],{},"Fixed coroutine context conflict in tenant permissions listing.",[23,571,572],{},"Fixed old reference in credential status.",[23,574,575],{},"Added Swagger examples for creating plain KMS and generating keys.",[23,577,578],{},"Updated OpenAPI docs and examples for X.509 service and VICAL storage behavior.",[23,580,581],{},"Fixed integration tests workflows.",[76,583,439],{"id":584},"breaking-changes-1",[20,586,587],{},[23,588,589,592],{},[16,590,591],{},"X.509 Store API",": The X.509 store add/update flows now use service-level targets with certificate IDs derived from the target path. Clients using the old certificate store APIs must migrate to the new request models.",[46,594],{},[12,596,598],{"id":597},"eidas2",[16,599,33],{},[49,601,602],{},"Get a high-level overview of the EU’s digital identity regulation. Explore the regulation, upcoming deadlines, and the technical requirements for issuers, verifiers, and wallet providers.",[49,604,605],{},[53,606,609],{"href":607,"rel":608},"https://walt.id/eidas2",[57],"Learn more",[12,611,613],{"id":612},"the-eudi-wallet-explained",[16,614,615],{},"The EUDI Wallet Explained",[49,617,618],{},"A complete overview of the EU's new digital identity app. Discover its core capabilities—from storing IDs and professional credentials to qualified electronic signatures.",[49,620,621],{},[53,622,609],{"href":623,"rel":624},"https://walt.id/eidas2/eudi-wallet",[57],[12,626,628],{"id":627},"concepts-learn-the-digital-id-fundamentals","Concepts – Learn the Digital ID Fundamentals",[49,630,631,632,634,635,640],{},"We’ve expanded our ",[16,633,39],{}," section on ",[53,636,639],{"href":637,"rel":638},"http://docs.walt.id/",[57],"docs.walt.id"," to help you (and your team) get up to speed on the core building blocks of decentralized ID — without having to dig through specs first.",[49,642,643],{},"Latest additions include:",[20,645,646,654,662,670,678,686],{},[23,647,648,653],{},[53,649,652],{"href":650,"rel":651},"https://docs.walt.id/concepts/data-exchange-protocols/haip",[57],"HAIP Profile"," – A Guide to High-Assurance Profile for OpenID4VC",[23,655,656,661],{},[53,657,660],{"href":658,"rel":659},"https://docs.walt.id/concepts/trust-systems",[57],"Trust Systems"," – A Guide to the Architectural Foundations of Digital Trust",[23,663,664,669],{},[53,665,668],{"href":666,"rel":667},"https://docs.walt.id/concepts/trust-systems/eu-trust-lists",[57],"EU Trust Lists"," – A Guide on eIDAS-Compliant Governance for Digital Identity",[23,671,672,677],{},[53,673,676],{"href":674,"rel":675},"https://docs.walt.id/concepts/trust-systems/iso-trust-vicals",[57],"ISO Trust VICals"," – A Guide to Global Interoperability for Mobile Driver's Licenses",[23,679,680,685],{},[53,681,684],{"href":682,"rel":683},"https://docs.walt.id/concepts/trust-systems/wallet-attestations",[57],"Wallet Attestations"," – A Guide to Securing Integrity and Trust for Identity Wallets",[23,687,688,693],{},[53,689,692],{"href":690,"rel":691},"https://docs.walt.id/concepts/data-exchange-protocols/dcql",[57],"DCQL"," - The Digital Credentials Query Language Used in OID4VP Explained",[46,695],{},[49,697,698,699],{},"PS: If you enjoy working with our tools, make sure to leave us a ⭐ ",[53,700,703],{"href":701,"rel":702},"https://github.com/walt-id/waltid-identity",[57],"on GitHub",{"title":705,"searchDepth":706,"depth":706,"links":707},"",2,[708,709,710,715,719,720,725,730,731,732],{"id":14,"depth":706,"text":18},{"id":43,"depth":706,"text":44},{"id":73,"depth":706,"text":74,"children":711},[712,714],{"id":78,"depth":713,"text":79},3,{"id":176,"depth":713,"text":177},{"id":197,"depth":706,"text":198,"children":716},[717,718],{"id":201,"depth":713,"text":79},{"id":292,"depth":713,"text":177},{"id":324,"depth":706,"text":325},{"id":344,"depth":706,"text":74,"children":721},[722,723,724],{"id":347,"depth":713,"text":79},{"id":417,"depth":713,"text":418},{"id":438,"depth":713,"text":439},{"id":464,"depth":706,"text":198,"children":726},[727,728,729],{"id":467,"depth":713,"text":79},{"id":554,"depth":713,"text":555},{"id":584,"depth":713,"text":439},{"id":597,"depth":706,"text":33},{"id":612,"depth":706,"text":615},{"id":627,"depth":706,"text":628},"Product Updates","md",{},true,null,"/blog/product-update-29","2026-05-12",{"title":5,"description":705},"blog/product-update-29",[],"RBOkDlbJkLNqOlUx4BNAKvGDqcXklOemvx9KwP-gCr4",1778579887860]