Skip to main content

Q3 2026 (July - September)

July 2026 (2026.07.x)

Organisation Wallet Suite

  • ISO 18013-7 Annex C device request over the DC API - securely define and share credentials on the same device or across devices, with signed and unsigned requests supported in iOS and Android browsers
  • Passwordless login extension with optional callback URI - tenants running an Identity Provider such as Keycloak can map an EUDI Wallet presentation to an existing user account using native identity matching, without a bespoke resolution endpoint
  • Claim validation at issuance - credential claims are validated against the credential definition when an offer is created, with a small set of standard claims such as jti permitted as issuer overrides
  • Age Verification extension - a template covering the claims and structure set out in the Blueprint, so relying parties can issue and verify age-verification credentials
  • Inspect SD-JWT, JWT, and CBOR in the dashboard - click any record to decode the raw token or mdoc bytes in place, with header, payload, and disclosures laid out side by side with the wire form
  • Developer API keys - organisation administrators can generate an API key and distribute it via email to multiple developers in the same workflow

Data Wallet

  • ISO 18013-7 Annex C device request over the DC API - the wallet can be selected directly from the browser's wallet picker on iOS or Android to present mobile documents (mdoc), covering same-device and cross-device verification flows
  • Legacy Hyperledger Indy database removed - a leaner app on iOS and Android with faster load times across common flows, and credentials encrypted at rest under a single, well-maintained storage layer
  • Per-credential key binding for OpenID4VCI compliance - the wallet can independently prove possession of each credential
  • Demonstrating Proof of Possession (DPoP) for token and credential requests - when the issuer's metadata advertises DPoP, the wallet binds both the access token and the credential request to its private key, protecting against token replay by another party
  • Multi-credential and credential-set verification over the DC API - more reliable cross-device verification against verifiers that exercise the full breadth of the W3C Digital Credentials API specification
  • Issuer JWKS with multiple signing keys - issuers that rotate signing keys or run more than one active key are now handled end-to-end
  • Backup reliability on Android - backups to Google Drive and DataPod are confirmed only after the file has uploaded successfully
  • Stability and polish - small visual consistency improvements on the home, connection, and credential card screens, with issuer-supplied background_image artwork honoured in connection metadata on both platforms