Vidos | Changelog

Changelog

Find our latest updates and technical changes

Changelog Update: October 2025

2025-11-14

Enhanced authorization framework, modernized certificate handling, and added various improvements across the Vidos identity platform.

Authorization Framework

TypeScript Policy Engine: Replaced the Open Policy Agent (OPA) with a native TypeScript-based policy engine for authorization decisions

Implemented PolicyEngine class with comprehensive evaluateAllow and evaluateMustDeny methods
Added detailed resource and action matching using glob patterns for flexible policy rules
Removed OPA-related dependencies
Streamlined policy evaluation logic and test coverage

Authorizer Testing:

Enhanced the Authorizer Tester with improved request handling and visualization
Fixed date handling in authorization to properly handle the "now" parameter
Added comprehensive testing samples for various authorization scenarios, used throughout documentation and dashboard testers

Cryptography and Verification

X.509 Certificate Generation: Refactored X.509 certificate handling

Completed upgrade of legacy certificate generation
Updated validity period handling to use explicit notBefore and notAfter dates
Improved test coverage for certificate generation and validation

Mobile Document Support: Fixed date fetching for mDOC format when applying notBefore and notAfter policies

Wallet Integration: Enhanced support for Multipaz/Valera wallets

Additional OpenID4VP compatibility and conformance testing to ensure better interoperability with wallet providers
Added custom test credentials for more comprehensive end-to-end testing

Documentation and Developer Experience

W3C Verification Guides: Improved documentation and examples for W3C verification standards

Documentation Site: Migrated documentation site to a more modern and maintainable architecture

Verifier Configuration: Added comprehensive documentation for verifier configuration options

Database and Infrastructure

SSL Database Support: Enhanced database connection configurations and improved connection pooling

Security Enhancements:

Updated authorization logic in viewer-request.js
Enhanced helmet security configuration in application setup

Error Handling and Logging

Gateway Errors: Improved gateway error reporting for clearer troubleshooting
Instance Configuration: Enhanced instance configuration UI with improved validation
Error Handling: Fixed resource ID checking in applicableForTestingOptions function
Logging Framework: Implemented a logging wrapper for verifier and validator services

‍

UK DIATF Certification Achieved

2025-10-17

Vidos has achieved certification under the UK Digital Identity and Attributes Trust Framework (UK DIATF) as:

Orchestration Service Provider,
Component Service Provider, and
Attribute Service Provider.

The company is listed on the GOV.UK register of digital identity and attribute services.

What This Means

UK DIATF certification validates our verification infrastructure against government requirements for digital identity services. This independently certified framework ensures:

Compliance with UK government rules for identity verification
Support for GOV.UK Wallet credentials and existing certified providers
Standards-compliant verification across multiple credential formats
Regulatory alignment for UK digital identity verification

Our Compliance Portfolio

This certification joins our existing security and quality certifications:

ISO 27001 - Information Security Management
UK Cyber Essentials - Cyber Security Standards
ISO 9001:2015 - Quality Management Systems
UK DIATF - Digital Identity Verification Services

Technical Scope

Vidos verification services operate under UK DIATF-certified processes. The service supports mdoc (ISO 18013-5), W3C Verifiable Credentials Data Model 2.0, and OpenID protocols.

Visit our UK DIATF certification page for certification details.

Changelog Update: September 2025

2025-10-08

We've enhanced our authorization capabilities with DCQL support, improved developer experience with new testing infrastructure, and strengthened our security compliance framework.

Authorizer Service

Features

DCQL Query Support: Added support for Digital Credential Query Language (DCQL) in the Authorizer Service, enabling more flexible and structured credential requests alongside existing DIF Presentation Exchange support
Additional Configuration Options: Expanded Authorizer configuration capabilities with new parameters for authorization endpoints and client ID prefix support, providing greater flexibility in deployment scenarios

Improvements

X509 Certificate Handling: Fixed x509_san_dns prefix handling and clientId generation to properly support DNS name extraction from URLs, ensuring correct certificate-based authentication
Response Alignment: Aligned authorizer responses with OpenID4VP specifications for better standards compliance to 1.0.0
CORS Configuration: Fixed CORS handling for resolver paths, improving cross-origin request support

Infrastructure & Testing

Security & Compliance

Security Compliance Page: Added dedicated security and compliance documentation page with updated ISO9001 certification details
Terms of Service Updates: Incorporated equality and accessibility clauses into terms of service, demonstrating commitment to inclusive practices
Log Retention: Implemented automated log lifecycle policies for log storage, improving log management and compliance

Developer Experience

Dashboard Interface

Tester Components: Replaced diagnostic tabs with new tester components and restructured documentation for improved user experience

ISO 9001 certification achieved

2025-09-21

Vidos has successfully achieved ISO 9001:2015 certification under the scope "The facilitation of the provision of the Vidos product providing online verifiable identity services globally."

What This Means

ISO 9001:2015 certification validates our commitment to quality management systems and continuous improvement across all aspects of our identity verification services. This internationally recognised standard ensures:

Consistent delivery of high-quality verification services
Systematic approach to customer satisfaction
Continuous improvement of our processes and systems
Enhanced operational efficiency

Our Growing Compliance Portfolio

This certification joins our existing security and quality certifications:

ISO 27001 - Information Security Management
UK Cyber Essentials - Cyber Security Standards
ISO 9001:2015 - Quality Management Systems

Impact on Our Services

All Vidos services, including our Universal Resolver, Verifier, Validator, and Authorizer, operate under certified quality management processes. This ensures predictable, reliable service delivery for enterprise clients preparing for eIDAS 2.0 compliance and digital identity transformation.

‍

Visit our security and compliance page to find out more.

Changelog Update: August 2025

2025-09-11

We've enhanced our DID resolver capabilities, improved service specifications compliance, and strengthened our infrastructure with better error handling and testing.

Vidos Universal Resolver

Features

WebVH DID Method Support: Added support for the did:webvh resolver method, expanding our DID resolution capabilities to include Verifiable History specifications (learn more here: https://vidos.id/blog/vidos-now-supports-did-webvh-the-next-generation-of-verifiable-digital-identity)
‍W3C DID Specification Compliance: Add additional resolver service to W3C-compliant endpoints at /w3c/did/1.0/identifiers/, maintaining backward compatibility with deprecated paths

Vidos Verifier

Improvements

Enhanced Proof Policy Processing: More consistent and clearer error reporting when verification fails, allow you to diagnose the problem easier.

Vidos Validator

Improvements

Better Error Reporting: Enhanced credential format policy errors with detailed problem details following RFC 9457 standard.
‍Base64 and JWT Schema Validation: Improved validation accuracy with dedicated handling for base64 and JWT formats

Security & Compliance

Improvements

DID:DHT Removal: Removed support for did:dht method (learn more here: https://vidos.id/blog/understanding-the-deprecation-of-did-dht)

Changelog Update: July 2025

2025-08-07

We've enhanced regional compliance, improved documentation coverage, and strengthened security across our services.

Legal and Compliance

Regional Terms of Service

Clearer Legal Entity Selection: Users can now easily identify which legal entity (EU or UK) they contract with based on their location, ensuring compliance with regional regulations and providing clear recourse for service complaints.

Documentation and Site

API Documentation

API documentation: Added Authorizer and Gateway service OpenAPI specifications to documentation, ensuring all core services have comprehensive API documentation
Streamlined Documentation Structure: Standardized page titles across management and services documentation for improved navigation.
Authorizer policy documentation: Documented Authorizer policies meaning that all service policies are now documented.
Validator error documentation: Clear documentation for each error that the validator returns. Each error is described, including possible causes and suggested resolutions.

Services

Validator: created improved error handling to return clearer more consistent errors that link to documentation.
Validator: now supports combining trusted sources, e.g. a Vical and provided trust certificates.

Security and Infrastructure

ISO 27001

Surveillance Audit: Completed the scheduled ISO 27001 surveillance audit in July 2025 with no nonconformities raised.

Security Enhancements

Critical Vulnerability Patched: Updated @cef-ebsi/ebsi-did-resolver to address CVE-2025-7783, eliminating predictable boundary value generation in form-data requests.
API Documentation: explicitly indicated public endpoints on API documentation.

Changelog Update: June 2025

2025-07-08

Simplified verification workflows, enhanced credential validation, and improved developer experience with new logging capabilities.

API Improvements

Combined Verifier and Validator Endpoint: Created a unified endpoint that streamlines the verification and validation process for credentials, reducing integration complexity and improving response times.
Enhanced Error Messaging: Improved request validation with more descriptive error messages, making debugging and integration significantly easier for developers.

Credential Validation

Trusted Issuer Configuration: Improved AAMVA VICAL updates with a more intuitive policy configuration system:
- Renamed configuration parameters for better clarity (e.g., "VICAL TAG" is now "PREDEFINED TAG")
- Added support for direct CBOR VICAL provision, eliminating the need for URL-accessible hosting
- Implemented TTL-based caching to more efficiently keep VICAL’s up to date.

Changelog Update: May 2025

2025-06-03

We've made significant improvements to our validation infrastructure, enhanced configuration capabilities, and improved credential format support.

Validation and Policy Enhancements

Validator Service

Enhanced Multi-Credential Support: Refactored validator flow to support both DIF Presentation Exchange (PE) and Digital Credential Query Format (DCQL) credential queries.
Improved Policy Processing: Validator policies are now executed individually for each presentation in a submission, with results flattened for easier navigation.

Mobile Driving License (mDL) Support

Independent mDL Processing: Made it easier to use Mobile Driving Licenses independently with both validator and verifier services.

Configuration and User Experience

Dashboard Improvements

Enhanced Configuration Labels: Added comprehensive internationalization labels for all service configuration forms, making every configurable field more intuitive.
Service-Specific Labels: Added detailed labels for resolver DID methods, verifier status lists, validator policies, authorizer OpenID4VP settings, and gateway service configurations.

API and Data Format Improvements

JSON Schema Enhancements

Enhanced API Validation: Applied improved schemas to verifier and validator APIs for improved input validation and error handling.

Security and Authentication

Authorizer Service

X.509 Certificate Support: Added support for X.509 certificates in JWT headers.
Enhanced Key Handling: Improved support for EC (P-256, P-384, P-521, secp256k1), RSA, and OKP (Ed25519, Ed448) key types.

UK Cyber Essentials Renewal

2025-06-02

We have successfully renewed our UK Cyber Essentials certification, demonstrating our continued commitment to cybersecurity best practices.

‍What's New:

‍UK Cyber Essentials Certification Renewed

Our certification has been renewed and is valid through May 13, 2026 (Certificate ID: 5d412176-2bb4-47bf-9b9c-c001bd05dcbd)

All Vidos services and our organizational infrastructure are covered by this certification, reinforcing our dedication to maintaining robust security controls and protecting our customers' data.

For more information on our security certifications and compliance, please visit our Trust Centre (https://trust.vidos.id).

‍

Expanded Support for IETF OAuth Status List & ECDSA JCS 2019 Verification

2025-04-29

Credential Format Support

Added support for IETF OAuth Status List verification
Added support for IETF StatusList CWT format
Enhanced ECDSA JCS 2019 verification capabilities

Documentation and User Experience

Added presentation definition error displays for improved debugging capabilities
Enhanced authorizer tester policies with detailed results display
Added organisational identity presentation definition samples
Added comprehensive DIF Presentation Exchange documentation
Restructured our documentation site for improved clarity and usability

Support for IETF Digital Credential Proof Verification and Format

2025-03-31

Credential Standards

Added support for IETF Digital Credential proof verification
Improved support for IETF Digital Credential format
Added JWT-SD Key Binding verification

Authentication and Protocol Enhancements

Added client metadata support to OpenID4VP response
Improved authorization flows with structured errors and examples
Enhanced configuration capabilities with detailed error handling

Service Role Enhancements

2025-02-27

Service Management

Added Service Roles UI for simplified access management
Implemented service role management and policies

Now Supporting More Credential Formats

2025-01-07

Credential Format Enhancements

Added support for Selective Disclosure SD-JWT credentials
Added support for JWT-based Verifiable Presentations
Added ISO 18013-5:2021 Mobile Driving License (mDL) verification

API Improvements

New APIs supporting JSON-LD, JWTs, and M-DOCs formats
Improved credential validation and verification processes

Verification Enhancements

"Valid At" replaced with "Not Before" and "Not After" for clearer credential validity
New "Handle As" setting allows missing optional fields to be warnings or errors
Enhanced schema validation for JSON-LD credentials

Status List Expansion

JWT-signed status lists now supported alongside JSON-LD
Enhanced revocation and suspension interoperability with EBSI collaboration

Logging and Validator Improvements

Audit logs for tracking policy changes and configurations
Implemented usage logs for resolution, verification, and validation activities
Created fallback mechanism to correct invalid submissions and support wallet variations

Ping Connector and VLEI Implementation

2024-12-20

Ping Identity Connector

Official Vidos Ping Connector released for PingOne DaVinci.
Ping Identity users can now extend their capabilities to include decentralized identities.

Dashboard and UI Updates

Introduced service and account logs display within the dashboard.
Improved dashboard navigation to accommodate new logging features.

Identity Credential Enhancements

Added support for Selective Disclosure SD-JWT credentials.
Introduced core support for Mobile Driver’s License (mDL) verification.
Improved interoperability checks for Verifiable Credential (VC) and Verifiable Presentation (VP) standards.

VLEI (Verifiable Legal Entity Identifier) Implementation

Implemented API endpoint definitions for VLEI services.
Instantiated internal services to support future expansion.

Logging and Infrastructure

2024-11-10

Logging and Infrastructure Updates

The logging system reached an important milestone with several key developments:

Logging Alpha finalized and deployed to production.
Logging read services prepared for customer access.

Verifier and Credential Enhancements

Added support for JWT-based Verifiable Presentations.
Implemented Power of Attorney Proof-of-Concept in the Verifier, expanding use case coverage.

Decentralized Identity Standardization

Integrated EBSI conformance testing into the authorizer.
Deployed initial version of EBSI-compliant verification processes.

‍

Major Updates to Verifier and API

2024-10-17

Verifier Enhancements

The Verifier service received major updates to improve credential validation:

Implemented support for MDL (Mobile Driver’s License) verification.
Enhanced validity period handling by replacing "Valid At" with "Not Before" and "Not After."
Finalized status check policy, ensuring revoked and suspended credentials are properly processed.

Resolver and API Improvements

DHT resolver deployed to production.
Introduced support for JWT format credentials, expanding compatibility with different credential standards.

Security and Compliance

Initiated AWS Vendor Insights review for advanced listing.

Billing System Enhancements

2024-09-20

Billing System Enhancements

Significant progress was made in implementing a robust billing system, streamlining subscription management for users. Key updates include:

Stripe billing integration completion.
AWS Marketplace listing. You can now purchase Vidos services through AWS Marketplace!
UI elements introduced for billing and paymentsflow.

Decentralized Identity Improvements

Developed a dynamic credential status system, supporting revoked, suspended, and message states.
Implemented the initial version of presentation definition frameworks for better credential validation.
Completed the DHT resolver implementation, improving credential resolution reliability.

Configuration and Logging Enhancements

Added preliminary logging infrastructure, including audit and monitoring capabilities.