Changelog

Introducing MATTR Pi: Our flexible tools for creating apps your users will love.

22 February 2023

We are excited to announce the official launch of MATTR Pi – our SDK-centric platform encompassing toolkits with the flexibility to build solutions that work for you.

Whilst pi (π) is a mathematical constant, its decimals are infinite. All MATTR Pi toolkits have our rigorous commitment to international standards and leading security practices baked in, but they equip you with the limitless potential to create value in this new world of digital trust.

The foundations of MATTR Pi, available now, are the MATTR Pi Wallet Toolkit and the MATTR Pi Compact Credentials Verifier Toolkit.

The Wallet Toolkit includes all you need to get started creating your own digital wallet experiences quickly. Find out more and read our tutorial for using the Wallet SDK.

The Compact Credentials Verifer Toolkit lets you easily integrate verification capabilities into any existing or new application. Find out more and read our tutorial for using the Compact Credentials Verifier SDK.

Interested in creating a verifier or wallet solution and not sure where to start? Get in touch with us today to discuss the best option for your business.

MATTR Wallet - Additional Language Support

16 December 2022

Our MATTR Wallet now supports Swiss German and French Canadian languages.
To experience the MATTR Wallet in these languages, you will need to set the correct language on your iPhone or Android device.

Refer to the Apple and Google support pages if you need to change your language settings.

You can download the MATTR Wallet app on your iPhone using the App Store or Android using Google Play.

Terms

10 November 2022

We have an updated Privacy Policy now in place.

Introducing webhooks

25 October 2022

We have added support for webhooks to MATTR VII.
This new capability allows users to obtain information that is generated during an API operation that isn't otherwise available as part of the request or response payloads.

Users are able to subscribe to specific events that are triggered on set MATTR VII operations.

When an event is triggered, the information relating to that event is published via the webhook through to the URL(s) set up on the configured subscription(s).

Users can now:

• Create a webhook that is triggered on supported event types

• Verify a webhook to check the integrity and authorship of webhooks generated by the MATTR VII platform

• See an example implementation of how to Verify a Webhook that was generated by MATTR VII

Interested in learning more about how you might use the MATTR VII Platform? Get in touch with us today.

MATTR Wallet - New look and feel

30 September 2022

Our new MATTR Wallet is up! Experience a brand new look and feel!

Improved journeys and flow

A revised navigation and structure allows you to access all the features you need in a fast and efficient way.

New and improved onboarding

New experience to guide and inform you on how to get the most out of your wallet.

Credentials look more life-like to build trust with your users. Your credentials are our top priority!

Your credentials have been redesigned to look and feel like physical cards users are already familiar with.

Create credentials that match your organisations branding

Credentials mimic real-world cards more than ever before. You can now customise colours, logos and include watermarks to suit your brand needs.

Log of all your information and sharing events plus activities

A log of all credential interactions you have performed with the MATTR Wallet, along with different ways to view the events, such as grouping by connection.

You can download the MATTR Wallet app on your iPhone using the App Store or Android using Google Play.

MATTR VII - Event logs

15 August 2022

MATTR introduces enhanced platform ops logging levels on MATTR VII.

As of today, we support configuration of logging at the platform environment level along with manual consumption of platform events in specific customer environments.

In future customers will be able to customise these levels more freely and 'fan-out' events to other operational systems via APIs and webhooks.

New logging levels supported:

• Level 1 - Basic fields

• Level 2 - Metadata + basic fields

• Level 3 - Data (full request and response payloads) + metadata + basic fields

All MATTR VII public cloud environments (and associated tenants) are set to Level 1 - Basic Fields. No personal identifiable information (PII) is being captured in event logs at this level.

Interested in learning more about how you might use the MATTR VII Platform? Get in touch with us today.

OIDC Bridge - Additional configurations

10 August 2022

In this release, we added support for including the following configurations when setting up an OIDC Credential Issuer.

• federatedProvider.claimSource is either idToken (default) or userInfo

• federatedProvider.tokenEndpointAuthMethod is either client_secret_post (default), or client_secret_basic

• staticRequestParameters: parameters that should be included in the request to the IDP. i.e. display, prompt, max_age, ui_locales etc.

• forwardedRequestParameters: parameters that can be provided by the client to be forwarded to the IDP. These are optional and can override the staticRequestParameters i.e. login_hint.

We've also updated our MATTR Wallet SDK and MATTR Wallet App to include login_hint as a request parameter when issuing a credential using the OIDC bridge. This will allow pre-population of the username in the Federated Provider's login screen when using MATTR Wallet to claim a credential. Any other request parameters are not supported by MATTR Wallet and SDK at the moment.

Interested in learning more about how you might use the MATTR VII Platform? Get in touch with us today.

New MATTR VII Regions

1 August 2022

MATTR VII is now available in two additional AWS regions:

• Frankfurt, Germany

• Montréal, Canada.

Compact Credential Verifier SDK

07 July 2022

We’ve transformed our Credential Verification capabilities to support the wider platform by making it work on your own mobile experience or integrating them into other types of your applications. Utilizing SDK will significantly reduce your development time while ensuring you are leveraging safe and reliable code libraries.

The following capabilities & benefits are provided in the Verifer SDK:

• Build your own Compact Credential verification solution into existing applications using the same tools as the MATTR Verifier App

• Validate Compact and Semantic Compact Credentials' authenticity 

• Offline verification of your trusted credentials

• Refresh cached revocation lists and trusted issuers

• Privacy-preserving features

• Ongoing support for fast-evolving standards of digital trust and verifiable data

• Create both iOS and Android apps using the same codebase

Interested in learning more about how you might use the MATTR Verifier SDK? Get in touch with us today.

Introducing compact credentials

30 June 2022

Claims of data can be represented as Compact Credentials, which are both cryptographically proven as authentic and dense enough to fit inside a QR code. This credential format is ideal where high information assurance is required but not high identity assurance about the entity presenting the credential.

You can choose to use either a W3C Verifiable Credential data model to provide more descriptive semantic meaning or a more concise, non-semantic data model. The choices between the data model to use comes down to how compact you need the credential to be versus how openly you intend to share and exchange the created credentials across different domains and jurisdictions.

The following capabilities of Compact Credentials are provided in this MATTR VII platform release:

• Sign and issue a Compact Credential in the semantic model or compact model

• Verify a Compact Credential

• Revoke a Compact Credential

• Format the Compact Credential in a way that allows it to be presented in either a digital or paper-based manner.

With this product release, our Customer Agreement and Terms have changed. Please refer to the version dated 30 June 2022 for details.

Compressed credential support (technical preview)

24 Mar 2022

Compressing semantically verifiable credentials into smaller payload sizes is a useful technique. For example, it allows credentials and presentations to be embedded into QR codes so they can be used when one party is offline.

Try out our latest technical preview on compressed credentials to see how using CBOR-LD can unlock use cases where offline is important.

• Convert JSON-LD to CBOR-LD to compress the payload size

• Use the latest version of the MATTR Wallet (v1.9.1) to present applicable credentials in a CBOR-LD format

• Convert CBOR-LD payloads to JSON-LD to use with existing MATTR VII API

Digital Covid Certificate (DCC) Extension

5 Nov 2021

We have introduced a new DCC extension to MATTR VII that is built on top of our core libraries to provide the capability to issue and verify Digital Covid Certificates (DCC).

The standards outlined for the European Union DCC (EUDCC) format, which covers 3 certificate types ( vaccination, recovery, and testing) are all covered by the extension which allows your MATTR VII tenant the ability to:

• Maintain the required document signer certificates that facilitate trusted issuance and verification of the EUDCC format.

• Sign and issue a health certificate payload into a EUDCC format

• Verify a EUDCC

• Format the EUDCC in a way that allows it to be presented in either a digital or paper-based manner.

Note: The use of the DCC extension during a trial of the MATTR VII platform may be subject to change. As you move into production workloads please get in touch to discuss your needs.

Introducing the New Zealand COVID Pass (NZCP) Verify Extension

5 Nov 2021

The New Zealand government will start issuing a type of digital health certificate known as a 'My Vaccine Pass' using the New Zealand COVID Pass (NZCP) specification , this credential contains a limited set of personal information and provides a way for the holder to prove they meet certain health policy requirements in regards to COVID-19 such as being vaccinated against the virus.

From today you can now read about the NZCP Verifier API to help you determine how to integrate and verify NZ COVID Passes that have been presented to you, this also accompanies the NZCP Verifer SDK and Verifier white label app offerings.

Get in touch to start onboarding to use the service today, the API will also be available on a trial basis starting soon.

ZKP-enabled credentials using Web DIDs & support for custom paths

22 Oct 2021

This release adds the ability to use bls12381g2 key types with a Web DID so that ZKP-enabled credentials can be issued. We have also enabled Web DIDs to be created on custom paths that don't rely on a /.well-known location.

• Create DID with the web method and bls12381g2 key type.

• A new url parameter in options to specify a domain for the Web DID as well as allowing the use of paths in the form of organization.com/path.

The domain options parameter has now been functionally superseded by the url option parameter and will be deprecated in an upcoming release.

Introducing ION DIDs & an update on Sovrin DIDs

8 Sep 2021

Decentralized Identifiers (DIDs) using the Identity Overlay Network (ION) method can now be created on the platform and used for issuing credentials and other purposes. ION DIDs use the Sidetree protocol to anchor the DID document to a ledger, which provides a high-throughput and efficient method for writing to a blockchain like Bitcoin. ION DIDs can be easily configured on the MATTR VII platform using our API interface, allowing you to leverage the benefits without having to deal with any of the underlying complexities:

• Create & manage ION DIDs on your tenant

• ION DIDs can be used to create credentials, sign and encrypt messages as well as being fully configurable on the OIDC Bridge for issuance and verify

• Supports ed25519 and bls12381g2 key types

• Fully resolve ION DID Documents from the public nodes

Note: The creation of ION DIDs during a trial of the MATTR VII platform may be subject to change. As you move into production workloads please get in touch to discuss your needs.

Sovrin DID method

Since launching the platform our implementation of did:sov has relied on private Indy nodes whilst the community around DID Sovrin continued to develop new kinds of interoperability in their infrastructure. Recently activity is showing that rather than converging around the Sovrin-specific method that’s been used to date new approaches are being looked at. Until this direction from the community has more clarity around implementation we have decided to deprecate our current private node support.

From this release, we will begin phasing out support for DIDs based on Sovrin by removing references from the documentation and in the next release, we will stop the current did:sov support and remove any Sovrin DIDs from the sandbox platform.

Custom domains & complex credentials

2 July 2021

Tenants can now be configured to represent as a verified custom domain:

Custom domains are a paid feature, setting up a custom domain whilst using a sandbox is possible, however, note this may be disabled and reverted back at MATTR's discretion.

• New endpoints added to create, view, delete and verify a custom domain on your tenant

• Create a custom domain by providing details like your organisation name, domain and a logo which will be displayed to end-users interacting with your tenant using a wallet app that supports a web manifest payload.

• The MATTR mobile wallet app has been updated to support the display of custom domains as well as a number of improvements to the UI of MATTR Wallet to be more human-friendly, including support for more complex data types like nested data and embedded images.

Create & Verify Presentations Directly

20 May 2021

New endpoints provided to help you work with verifiable presentations directly on MATTR VII:

• Verify a presentation obtained from any source adhering to the W3C Verifiable Credential Data Model.

• Create verifiable presentations using Credentials where the subject(s) are controlled by the tenant 

  This is a useful operation for exploring how verifiable presentations are created and can be submitted to the Verify a presentation endpoint.

An optional description parameter has been added when creating credentials:

• The optional description field is enabled on the Create Credential endpoint.

• The field can be configured in the OIDC Bridge Issuer so that any credentials issued will contain the description.

Note the description field is part of the W3C Verifiable Credential Model v2 specification and will be supported in the MATTR mobile wallet as the standard begins to stabilize.

MATTR VII launch with push notification messaging

(v1.0) 25 Mar 2021

MATTR VII is now live!

Pricing

Pay-as-you-go pricing is now published

• Get a detailed look at how MATTR VII is charged once you elect to upgrade to a paid plan.

• To discuss high-volume discounts, please contact us.

API references

The platform is now known as MATTR VII; URLs and paths updated to reflect this:

• MATTR VII Core is https://tenant.vii.mattr.global/core/v1.

• OIDC Bridge is a MATTR VII extension found at https://tenant.vii.mattr.global/ext/oidc/v1.

  Old domains and paths will be discontinued from service within 30 days

Notification messaging

Customers can use their tenant to construct and send messages to holders based on their subject DID, which will be delivered to the MATTR Wallet app and notified via a push notification.

• Construct action-based messages in a DIDComm2 JWM format:

  • Start a credential issuance using the OIDC Bridge.

  • Notify of a credential revocation status change.

  • Start a verification flow using a callback.

• Encrypt messages intended for the recipient.

  • MATTR VII enforces end-2-end encryption (E2EE), so message contents are never visible to MATTR when held in messaging inboxes.

• Route messages to a dedicated inbox for the wallet user.

  The MATTR Wallet app is being updated to support receiving push notification and managing messaging inboxes. Make sure you update to the latest version available on the App Store or Google Play.

Further messaging capabilities are scheduled on the roadmap.

Terms

New customers signing up to MATTR VII will have a new customer agreement, SLA and privacy policy in place.

Verify ZKP-enabled Credentials

(v0.13) 18 Feb 2021

Further functionality to support the use of privacy-preserving credentials using BBS+ signatures.

Create a JSON-LD Frame Presentation Request

• Use a query extension to the Verifiable Presentation Request Specification format, Query by Frame, to specify required credential claims.

• Trusted Issuers and Credential Types are used to match credentials in the mobile wallet.

Mobile Wallet updates

• The latest version (v0.50.0) of the Mobile Wallet is required to process Query by Frame presentation requests.

• ZKP-enabled credentials using BBS+ signatures can be used to derive selectively disclosed presentations.

• New UI screens to actively show the disclosure of claims.

Maintenance

(v0.12) 11 Feb 2021

Maintenance Release

• Update to the Callback URL for all Issuers on the OIDC Bridge to align with future changes.

  Ensure that the allowed callback URL for your federated provided is updated with the new path. From ../oidc/v1/issuers/.. To: ../ext/oidc/v1/issuers/..

OIDC Bridge and OIDC Credential Provider

(v0.11) 16 Dec 2020

When we first launched the Platform we pioneered the bridging of existing identity solutions using Open ID Connect (OIDC) to a new world of decentralized identity and verifiable credentials. During this time we listened to customers as well as working within the Community as standards evolve. This latest version of the OIDC Bridge is now easier to set up, more flexible to integrate and conforms with OIDC Credential Provider for issuing credentials to the mobile wallet.

OIDC Bridge

• Multiple OIDC Credential Issuers can be enabled to offer credentials using the OIDC Configuration metadata endpoints

• Custom scopes can be added to Federated Providers to enable more flexibility in obtaining ID token claims

• OIDC Credential Verifier are easier to set up and associated OIDC Clients can be listed and updated

• Authenticate a DID using OIDC Bridge introduces a new way for OIDC Clients to obtain a Subject identifier that has been verified to come from the holder.

• Claim mappings; OIDC claims > JSON-LD terms and JSON-LD terms > OIDC claims have been revamped to simplify their use and make it clearer on how they are used by the OIDC Bridge

Verify Credentials without using OIDC Bridge

• Unlocks Verifying a Credential using a Callback method to allow non-OIDC verification

• Introduction of a new endpoint to Verify a Credential directly using the API

Maintenance

(v0.10) 17 Nov 2020

Maintenance release

• In line with the W3C VC Data Model; Subject identifiers are now not required on Create Credential, usually a Subject DID makes up a core part of a Verifiable Credential but in some cases it makes sense without one, such as issuing a ‘bearer’ style credential e.g. a concert ticket or when the credential is to be stored on behalf of a subject and reissued later with subject binding.

Maintenance

(v0.9) 4 Nov 2020

Maintenance release

• The format of the response from /.well-known/did-configuration is now in a JSON-LD format. Learn more about the Well Known DID Configuration from the Decentralized Identity Foundation working group.

  This changes means all holders will need to being using the MATTR Mobile Wallet with a minimum version of v0.37.1 to continue to receive and present credentials, earlier versions of the app will present a generic error message.

Revocable Credentials

(v0.8) 21 Oct 2020

Credentials issued on the platform are now revocable and searches can be performed on the Credential Registry.

Revocable Credentials

• Create Credential has new optional revocable property to create a Credential as revocable using a revocation list method.

  All Credentials issued using the OIDC Bridge are now revocable by default.

• Management API endpoints for an Issuer to toggle the revoke status of a Credential.

• Provisioned hosting of revocation lists for Credential Issuers.

• Automatic verification of a presented Credential against its revocation list will result in revoked credentials being returned with an error message in the OIDC/OAuth2 callback response back to Verifiers/relying parties.

Search on Credentials

• Credentials optionally held in the Credential Registry can now be retrieved by tag and type parameters.

• The meta-data of non-persisted Credentials can also be found using these tags.

  All Credentials issued using the OIDC Bridge will only store meta-data.

Updates

• Pagination on Retrieve List of DIDs and Retrieve List of Presentation Templates now has pagination using the cursor-based method.

DID Web Method

(v0.7) 7 Oct 2020

New DID method did:web is available to be created on the Platform.

• Check out the new DID Web tutorial on how to implement this style of DID.

• Further content on the various DID methods available on the platform is available.

Updates

• Enhanced pagination on the List Credentials endpoint, moved from using a page-offset pagination to a much more performant cursor-based pagination.

ZKP-Enabled Credentials

(v0.6) 16 Sep 2020

Support added for issuing privacy-preserving credentials using BBS+ signatures.

ZKP-enabled credential functionality during Preview are considered experimental and may change over time as well as any ZKP-enabled credentials issued during this period may need to be reissued.

Create a DID with BLS Key Types

• Create DID now has options to set a key type (only for did:key method at this time).

• Use the BLS key type bls12381G2 to create Issuer DIDs for issuing ZKP-enabled credentials.

• Response for Resolve a DID has been altered to include a localMetadata parameter which will be used for future DID methods.

Create a ZKP-enabled Credential

• Create Credential will automatically issue ZKP-enabled credentials if an issuerDid referencing a bls12381G2 key type is provided.

Updates

• New optional parameters are available on Create Credential:

  • Providing a value in tag will set this value as metadata so it can be referenced on the platform later.

  • Setting the persist boolean to true will store the created credential on your tenant for future retrieval. The default value is not to store credentials.

Maintenance

(v0.5) 9 Sep 2020

Maintenance release.

• Mobile Wallet App bug fixes and improvements.

• Improved support for OIDC query parameters on mobile app authorization requests.

Sovrin DID Method

(v0.4) 25 Aug 2020

Creation of Sov DIDs on the platform is now possible.

• Create DID can be used to create DIDs using the Sovrin DID method. Note during Preview these will not be anchored on the Sovrin MainNet.

• Resolve a DID will resolve Sov DIDs including MATTR issued ones.

Maintenance

(v0.3) 10 Aug 2020

Maintenance release

• Tidy up of error response messages on Create Presentation Templates and messaging endpoints.

Maintenance

(v0.2) 29 Jul 2020

New endpoints available.

• Update operations now possible using Update a Claim Mapping and Update a Provider.

Launch of the MATTR Preview Platform

(v0.1) 3 Jun 2020

SaaS Platform

• A cloud-hosted, multi-tenanted environment that can be spun-up on-demand using managed containers

• Authentication and access-control provisioning

• Auditing and privacy-preserving logging

Issue Verifiable Credentials using OpenID Connect

• Cryptographically secure issuance of Verifiable Credentials (VC) to authenticated identity holders

• Configuration options to;

  • Bring-your-own OpenID Connect Provider (OP)

  • Or, use our step-by-step tutorial for a reference OP

• Map personal information claims from source to VC terms, using linked-data standards

• Decode a JWT signed using a Decentralized Identifier

• Optionally; store issued credentials on-platform to be retrieved (for non-sensitive use-cases)

• Create a credential Offer as a QR code or deep-link to start the issuance flow with the mobile wallet app

• The static offer is ready to display on a website or physical media e.g. a bus shelter advertisement

Verify Verifiable Credentials using OpenID Connect

• Cryptographically secure verification of VCs from identity holders after their consent

• Uses the latest standards-based messaging protocols (JWM) to transmit information from the holder

• Configure an OpenID Connect Relying Party client to accept holder information via a standard ID token

• Map personal information from Credential claims to a standard ID token

• Create a VC Request and embed using a QR code or deep-link into a journey

• The dynamic request can be used in an information-gathering flow e.g. Customer onboarding

Mobile Wallet App

• Native iOS and Android apps, supporting a range of models and devices

• On-device biometric access enabled

• Familiar chat-like user-interface approach, designed with core pillars of privacy, accessibility and user-experience

• Puts the user in control during issuance and verification of their Credentials

• Keeps user in-context with in-app-browser technology

• Interoperable to published specifications within the Self-Sovereign Identity ecosystem

• Theming options available to prospective customers