OpenID Foundation conformance roadmap

Public evidence trail for CodeB Sovereign Communications’ OpenID Foundation self-certification programme. Each milestone links to the artefacts produced. Dates are targets, not promises — the roadmap moves when standards do.

Reading this like a lawyer. None of the items below claim the OpenID Certified™ mark. Passing the OIDF conformance suite is a technical prerequisite; the mark is granted separately after paid submission to the OpenID Foundation. Items marked done mean the conformance suite finished green on our infrastructure. Formal listings on openid.net/certification follow when we submit each profile.

Milestones

1 OpenID Connect Core — Basic OP Done 2026-07-18
Suite conformance suite 5.2.0 Tests 35 / 35 pass Failures 0 Warnings 0

Baseline identity-provider role. Every wallet-facing flow layers on top of a clean OP. Covers discovery, JWKS, /authorize, /token, /userinfo, PKCE, refresh rotation, code-reuse invalidation, prompt=none / max_age / id_token_hint, and OIDC Core 6.1 Request Object handling.

Full test results, evidence bundle, private OIDF plan link →
2 OpenID for Verifiable Presentations 1.0 + HAIP 1.0 — Wallet-Facing Verifier (alpha) Done 2026-07-19
Suite OID4VP-1.0-FINAL + HAIP-1.0-FINAL Verifier (alpha) Tests 9 / 9 pass Failures 0 Warnings 0

Both the OID4VP core protocol and the HAIP profile land in one alpha plan (Wa46KCPHMZ5EV, sd_jwt_vc + direct_post.jwt + x509_hash + request_uri_signed). Covers signed JAR, DCQL, JWE-encrypted responses (ECDH-ES + A128GCM), SD-JWT VC + KB-JWT holder binding, session-nonce + audience binding, freshness bounds, and the negative-path integrity tests (tampered issuer sig, tampered KB-JWT sig, tampered sd_hash).

Full test results, evidence bundle, private OIDF plan link →
3 OpenID for Verifiable Credential Issuance 1.0 — Issuer Target Q3 2026 (waiting on OIDF Issuer suite)
Suite oid4vci-* tests Effort medium Unlocks “issue + verify from one platform”

The complementary spec — instead of accepting credentials from a wallet, this one issues them. Turns a CodeB tenant into an operational credential issuer for staff badges, tenant onboarding tokens, age attestations, or any domain-specific SD-JWT VC. The issuer substrate is already live at vci.ashx and produces SD-JWT VCs with holder binding today; the OIDF Issuer conformance profile is expected to open later in 2026, and we self-test as soon as it does.

4 FAPI 2.0 Message Signing — Financial-Grade OP Optional · 2027
Suite fapi2-* tests Effort large Only if a banking / open-finance deal materialises

Not on the near-term path. FAPI is the profile banks and PSD2 open-banking clients require; picking it up means signed request objects everywhere, mandatory PAR, mTLS or private_key_jwt client auth, and richer replay defences. We’ll do it if a deal justifies the engineering; otherwise it stays parked.

Why this order

HAIP is a profile that layers strict constraints on top of OID4VP. Basic OP had to land before either verifier profile because both re-use OIDC discovery, JWKS handling, and token-endpoint semantics — that plan closed clean on 2026-07-18. The combined OID4VP + HAIP Verifier alpha plan followed the very next day (2026-07-19) with the same zero-fail / zero-warn result. OpenID4VCI is next as soon as the OIDF Issuer conformance profile opens; the issuer substrate is already live and producing SD-JWT VCs with holder binding.

How to verify progress independently

Every finished milestone links to:

Nothing here needs to be taken on trust. If a claim on this page ever loses its evidence link, that’s a bug — write to the CodeB team and we’ll fix it.

The bigger picture

Under eIDAS 2.0 (Regulation (EU) 2024/1183, Article 5f), every regulated EU private-sector business is legally required to accept the EU Digital Identity Wallet as a customer login from December 2027 onward. HAIP is the interop profile that makes that acceptance work with real wallets. The roadmap above is what “ready” looks like on the vendor side, dated and evidenced.

Last updated 2026-07-18. Related pages: Basic OP results · HAIP implementation notes · OIDC OP features · EU Wallet verifier · API reference