MATTR VII Changelog
Enhanced certificate capabilities in MATTR VII
9 Dec 2024
This release of the MATTR VII platform (v5.0.0) introduces the following key enhancements to X.509 certificates capabilities in MATTR VII:
- To support IACA rotation, tenants can now have multiple IACAs. This allows issuers to create new IACAs and distribute them to relying parties in advance to ensure continuous operation of issuance and verification workflows.
- Generation of Document Signer Certificates (DSCs) is now handled automatically by MATTR VII, ensuring issuance workflows don’t break due to DSC expiry.
- DSCs now include a Subject Alternative Name field to improve their alignment with the ISO/IEC 18013-5:2021 standard.
Additional features included in this release:
-
The online presentation cross-device modal now closes when the user clicks outside of it.
-
Deprecation of the following Ecosystem endpoints:
- Retrieve Issuer’s Policy.
- Retrieve Verifier’s Policy.
- Retrieve Policy.
These endpoints were replaced by a single endpoint to retrieve a consolidated ecosystem policy.
MATTR VII Management maintenance release
9 Dec 2024
This release of the MATTR VII management APIs (v1.6.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.
Improved user experience in the Self Service Portal
3 Dec 2024
The new version of the Self Service Portal (v1.52.0) introduces an enhanced navigation sidebar for improved user experience. Features are now organized by user roles, enabling faster and more intuitive access to portal functionalities.
The Self Service Portal is available to selected cloud environments. Contact us if you’re interested in accessing these features or learning more.
mDocs revocation now available in MATTR VII
25 Nov 2024
This release of the MATTR VII platform (v4.4.0) introduces support for mDocs revocation. Issuers can
now issue mDoc in a way that enables them to later change their status between valid
, suspended
and invalid
. Relying parties can retrieve this status and use it in their verification workflows.
Refer to mDocs revocation for more information.
Additional features included in this release:
- Document Signer Certificates (DSCs) can now be created with validity of up to 10 years.
- When attempting to sign an mDoc which has
DocType
set toorg.iso.18013.5.*.mDL
(where*
is a positive integer), MATTR VII recognizes that this is attempt to sign an mDL and will validate that the DSC used to sign it isn’t valid for more than 457 days to comply with ISO/IEC 18013-5:2021.
MATTR VII Management maintenance release
25 Nov 2024
This release of the MATTR VII management APIs (v1.5.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.
Self Service Portal Maintenance release
14 Nov 2024
The new version of the Self Service Portal (v1.51.0) is a maintenance release. It includes backend changes required for exciting new features that are coming up.
The Self Service Portal is available to selected cloud environments. Contact us if you’re interested in accessing these features or learning more.
CRL distribution points now optional in MATTR VII
11 Nov 2024
This release of the MATTR VII platform (v4.3.0) introduces relaxed validation rules when adding external IACAs. The following IACAs were previously rejected by MATTR VII but can now be accepted:
- IACAs without a Certificate Revocation List (CRL) distribution endpoint.
- IACAs without a
pathLenConstraint
basic constrain.
These IACAs can now be added as the root certificates of:
- Trusted mDoc issuers.
- Ecosystem participants.
MATTR VII Management maintenance release
11 Nov 2024
This release of the MATTR VII management APIs (v1.4.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.
MATTR VII Platform maintenance release
29 Oct 2024
This release of the MATTR VII platform (v4.2.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.
MATTR VII Management API maintenance release
29 Oct 2024
This release of the MATTR VII management APIs (v1.3.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.
Removal of DSC functionalities from the Self Service Portal
23 Oct 2024
This release of the Self Service Portal (v1.50.0) removes Document Signer Certificate (DSC) functionalities from the website, as these are going to be handled automatically by the MATTR VII tenant.
Additionally, this release includes miscellaneous maintenance changes and bug fixes.
The Self Service Portal is available to selected cloud environments. Contact us if you’re interested in accessing these features or learning more.
Terminology updates across MATTR platforms
15 Oct 2024
To make it easier to consume our capabilities, we have made some changes to our terminology to describe credentials supported by MATTR platforms by their underlying technology and standards. The following credential formats are supported:
- mDocs: Previously referred to as Mobile credentials.
- CBOR Web Tokens (CWT) credentials: Previously referred to as Compact credentials.
- JSON credentials: Previously referred to as Web credentials.
Ecosystem and certificate enhancements in MATTR VII
14 Oct 2024
This release of the MATTR VII platform (v4.1.0) introduces improvements to our certificates and Ecosystem capabilities:
- When retrieving Ecosystem integrations, you can now view the time when the integration was last synced at.
- Improved validation logic now prevents different IACA certificates that only differ by whitespaces and/or line breaks.
Management API maintenance release
14 Oct 2024
This release of the MATTR VII management APIs (v1.2.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.
VICAL Capabilities in the Self Service Portal
10 Oct 2024
The new version of the Self Service Portal (v1.49.0) introduces new certificate and VICAL management capabilities. You can now use the portal to:
- Create IACA certificates.
- Create and manage VICAL configurations.
- View more details when inspecting VICAL previews.
Additionally, this release includes miscellaneous maintenance changes.
The Self Service Portal is available to selected cloud environments. Contact us if you’re interested in accessing these features or learning more.
Mobile Credentials online verification now available in MATTR VII
30 Sep 2024
This release of the MATTR VII platform (v4.0.0) introduces new capabilities to support online verification of Mobile Credentials, as per ISO/IEC 18013-7.
You can now use a MATTR VII tenant together with the Verifier Web SDK to verify Mobile Credentials presented online via both same-device and cross-device flows.
Learn more about the online verification flow and its implementation on MATTR Learn.
Enhanced certificate parsing
25 Sep 2024
This release of the MATTR VII platform (v3.9.1) introduces an improvement to the parsing of X.509
certificates, so that the certificate’s issuingAuthority
can now be displayed in a human readable
format.
Expanded Ecosystem capabilities in the Self Service Portal
17 Sep 2024
The new version of the Self Service Portal (v1.48.0) introduces new Ecosystem and certificates management capabilities. You can now use the Self Service Portal to:
- Create, update and delete an Ecosystem.
- View and download previously generated VICALs.
- View the
stateOrProvinceName
andcountry
fields for IACAs and DSCs.
The Self Service Portal is available to selected cloud environments. Contact us if you’re interested in accessing these features or learning more.
New ecosystem capabilities and online presentation tech preview
16 Sep 2024
This release of the MATTR VII platform (v3.9.0) introduces the following new capabilities:
- Ecosystem operators can now integrate external trusted sources into their own ecosystem policy. These can be either a different Ecosystem or a VICAL. These external sources are then integrated into the ecosystem policy when it is published and consumed by relying parties.
- Various enhancements required for the tech preview of Mobile Credentials online presentation. Contact us if you are interested in this capability.
New Ecosystem capabilities in the Self Service Portal
29 Aug 2024
The new version of the Self Service Portal (v1.47.0) introduces new Ecosystems management capabilities. Ecosystem operators can now use the Self Service Portal to:
- Manage Ecosystem participants.
- Preview and generate a VICAL based on their Ecosystem policy.
The Self Service Portal is available to selected cloud environments. Contact us if you’re interested in accessing these features or learning more.
MATTR VII Maintenance release
29 Aug 2024
This release of the MATTR VII platform (v3.8.0) is a maintenance release. It introduces backend changes required to support exciting new features that are coming up.
Enhanced Ecosystem participant validation
19 Aug 2024
This release of the MATTR VII platform (v3.7.0) introduces enhanced Ecosystem participants validation.
With this update, when a participant is
created
with a country
and/or stateOrProvince
fields, these must match the corresponding fields in the
IACA certificate used as the mobile
identifier for this participant.
Self Service Portal Maintenance release
13 Aug 2024
The new version of the Self Service Portal (v1.46.0) is a maintenance release. It tidies up various UI elements, hint texts and external links, while introducing some backend changes required for exciting new features that are coming up.
The Self Service Portal is available to selected cloud environments. Contact us if you’re interested in accessing these features or learning more.
Updates to Mobile Credential configurations claim types
12 Aug 2024
This release of the MATTR VII platform (v3.6.0) introduces the following changes to the Mobile
Credential org.iso.18013.5.1.driving_privileges
claim type:
- Mapping data into either the
issue_date
orexpiry_date
items in theorg.iso.18013.5.1.driving_privileges
claim is now optional. - You can now map data into a
codes
array within theorg.iso.18013.5.1.driving_privileges
claim. This enables including specific driving privileges code information in the Mobile Credential.
Enhancements and improvements across different MATTR VII capabilities
5 Aug 2024
This release of the MATTR VII platform (v3.5.0) includes several enhancements and features, which now enable you to:
- Issue Compact Credentials in a revoked state, so that they only become valid once you manually change their revocation status. Refer to the Compact Credentials direct issuance guide for more information.
- Populate new fields when creating Ecosystem participants. These optional fields include the participant’s status (active/inactive), country, state/province and contact details. Refer to the participant creation guide for more information.
- Define an issuer’s state/province when creating their IACA, as per ISO 18013-5. Refer to the IACA creation guide for more information.
In addition to these new features, in this release we have introduced alternative paths to some of our existing endpoints, where we added hyphens for better readability. This is not a breaking change as the non-hyphenated paths are still supported. However, in accordance with the terms of our Service Level Agreement (SLA), the non-hyphenated paths are now marked as “Retired”, and will reach their EOL on February 5th 2025, when they will be removed from the MATTR VII platform. You are advised to adjust your implementation to use the following new paths prior to the EOL date:
- Use
/v2/credentials/compact/digital-pass/apple
to replace/v2/credentials/compact/digitalpass/apple
. - Use
/v2/credentials/compact/digital-pass/apple/templates
to replace/v2/credentials/compact/digitalpass/apple/templates
. - Use
/v2/credentials/compact/digital-pass/google
to replace/v2/credentials/compact/digitalpass/google
. - Use
/v2/credentials/compact/digital-pass/google/templates
to replace/v2/credentials/compact/digitalpass/google/templates
. - Use
/v2/credentials/compact-semantic/digital-pass/apple
to replace/v2/credentials/compact-semantic/digitalpass/apple
. - Use
/v2/credentials/compact-semantic/digital-pass/apple/templates
to replace/v2/credentials/compact-semantic/digitalpass/apple/templates
. - Use
/v2/credentials/compact-semantic/digital-pass/google
to replace/v2/credentials/compact-semantic/digitalpass/google
. - Use
/v2/credentials/compact-semantic/digital-pass/google/templates
to replace/v2/credentials/compact-semantic/digitalpass/google/templates
. - Use
/v1/users/authentication-providers
to replace/v1/users/authenticationproviders
. - Use
/v1/claim-sources
to replace/v1/claim-sources
. - Use
/v2/credentials/mobile/document-signers
to replace/v2/credentials/mobile/document-signers
. - Use
/v2/credentials/web-semantic/linked-data/convert
to replace/v2/credentials/web-semantic/linkeddata/convert
.
MATTR VII Management API release
1 Aug 2024
The new version of the MATTR VII Management API (v1.1.0) introduces new internal capabilities to facilitate tenant off-boarding.
Please contact us if you are interested in these capabilities.
Self Service Portal Maintenance release
25 July 2024
The new version (v1.45.0) of the Self Service Portal is a maintenance release.
The Self Service Portal is available to selected cloud environments. Contact us if you’re interested in accessing these features or learning more.
Enhanced validation and certificate management in MATTR VII
22 July 2024
This release of the MATTR VII platform (v3.4.0) includes the following enhancements:
- Binary claim types in
Mobile Credential configurations are now
validated to be in a
base64
format. This creates a more robust solution, as binary claim types that are formatted differently would cause credential issuance to fail. - Deleting IACA certificates now returns an error if any of the DSC child certificate keys were not removed.
MATTR VII Management API security enhancements
17 July 2024
The Management API offers a set of actions beyond the scope of a single tenant or environment. This release includes an upgrade of several dependencies to mitigate potential security vulnerabilities.
Improved x509 certificate validations and usability in MATTR VII
8 July 2024
X.509 certificates are a standardized format for digital certificates. IACAs and DSCs, used to sign and verify Mobile Credentials, are both X.509 certificates. This release of the MATTR VII platform (v.3.3.0) improves validation and usability of X.509 certificates:
- Uploaded PEM certificates are now validated. New IACAs and DSCs cannot be created with invalid PEMs.
- DSC expiry dates (
notBefore
andnotAfter
) are now parsed to ensure they match the requiredDate
type. - By default DSCs can be created with a maximal validity of 457 days. You can now request to adjust this limit on a per-tenant basis.
Certificates now available in the Self Service Portal
4 July 2024
You can now use the Self Service Portal to view certificates available on your tenant. This includes DSCs and IACAs which are used to issue and verify Mobile Credentials.
The Self Service Portal is available to selected cloud environments. Contact us if you’re interested in accessing these features or learning more.
Improved did:web interoperability
27 June 2024
This release of the MATTR VII platform (v3.2.0) improves did:web
interoperability by supporting
usage of a single did:web
by multiple issuance systems, all issuing credentials on behalf of a
single credential issuer.
Security enhancements and bug fixes
24 June 2024
This release of the MATTR VII platform (v3.1.0) enhances security of integrating Claims sources by extending the current URL validation to also cover any redirects that are included in a configured Claims source URL.
This release also includes miscellaneous bug fixes and usability enhancements, as well as required modifications to support future functionalities.
Introducing Webhook enhancements, the Events registry and Semantic versioning
10 June 2024
Webhook enhancements
The following enhancements to the Webhook capabilities are now available:
The event payload now includes a userClaims
object, which contains all the claims persisted on
your tenant as part of the issuance workflow. Refer to
Webhooks payload for more information.
You can now subscribe to a new OpenIdCredentialIssuedSummary
event type. This event is triggered
upon the completion of an OpenID4VCI issuance flow but only provides a
summary of the issuance event, leaving out the credential
object. Refer to
Webhooks for more information.
The endpoint that is used to retrieve public keys MATTR VII uses to sign the Webhook HTTP requests is now publicly available. This makes it easier for relying parties to verify incoming Webhook requests. Refer to Verify a Webhook for more information.
Events registry
The Events registry is a publicly available comprehensive collection of analytic events generated by the MATTR VII platform. Events are grouped by the service that generates them, which corresponds to the event category. The registry details the structure of different event payloads based on the configured logging level. Refer to Events structure for more information.
Semantic versioning
To increase transparency and simplify support and maintenance workflows, this release introduces
versioning to MATTR VII, following the Semantic Versioning specification.
This current release is tagged as version 3.0.0
.
Configure a Webhook in the Self Service Portal
6 Jun 2024
You can now use the MATTR VII Self Service Portal to configure a Webhook for a tenant in your environment.
You can subscribe to specific events that are triggered on set MATTR VII operations to retrieve the required information whenever it is generated.
The Self Service Portal is available to selected cloud environments. Contact us if you’re interested in accessing these features or learning more.
Configure a Custom domain in the Self Service Portal
21 May 2024
You can now use the MATTR VII Self Service Portal to configure a Custom domain for a tenant in your environment.
Custom domains represent your known and trusted brand, and can assist in instilling trust with your end-users when they interact with your MATTR VII tenant.
Custom domains don’t change how you interact with your tenant for administration functions and don’t prevent the existing tenant domain from being accessed.
The Self Service Portal is available to selected cloud environments. Contact us if you’re interested in accessing these features or learning more.
End to end OID4VCI support in the Self Service Portal
6 May 2024
The MATTR Self Service Portal now supports configuring your OpenID for Verifiable Credentials Issuance (OID4VCI) workflow:
- Creating an Authentication Provider configuration.
- Configuring an Interaction hook.
- Configuring Claims sources.
- Creating Compact, Compact Semantic, Web and Mobile Credential configurations.
- Creating and sharing Credential offers.
The Self Service Portal is available to selected cloud environments. Contact us if you’re interested in accessing these features or learning more.
Credential issuance enhancements
15 April 2024
We have introduced new capabilities to support more issuance use cases, as well as improve integration capabilities.
Key Features
- You can now add an
issuanceDate
parameter to a signed Web Credential. This means the issued credential will only become valid onceissuanceDate
is in the past. This is only available for direct issuance of Web Credentials, and not via the (OID4VCI)](/docs/issuance/oid4vci) workflow. - You can now pass objects and arrays as request parameters when configuring a Claims source for your (OID4VCI)](/docs/issuance/oid4vci) workflow. This means you can simplify integration with your existing data sources.
Introducing Enhanced Ecosystems
24 January 2024
Ecosystems are part of the MATTR VII platform. They enable service providers to define policies regarding valid issuers, credential types and verifiers.
This release introduces the following MATTR VII ecosystem capabilities:
- Create an ecosystem: Create an ecosystem to act as the overarching entity that would include all the other components.
- Create valid participants: Once an ecosystem is in place, you can create valid participants that can be trusted within it. Participants can be issuers and/or verifiers.
- Configure valid credential types: Configure what credential types are valid in the ecosystem.
- Create a policy: Create policies that define what participants are allowed to issue/verify what credentials in the ecosystem.
- Retrieve a policy: Retrieve the ecosystem policies and use the information within them to apply your own business logic.
Refer to our Docs to learn more about Ecosystems.
Introducing Mobile Credentials
8 November 2023
We are thrilled to expand our credential profile suite by introducing support for Mobile Credentials. These are digital identity documents that are designed to be stored on the holder’s mobile devices. They offer a range of unique capabilities, making them an ideal choice for use cases which require higher assurance identity credentials, such as driving licenses or national IDs.
Mobile Credentials are a MATTR VII implementation of the ISO 18013-5:2021 specification, created to standardize Mobile Driver Licenses (mDLs). When added to the digital trust ecosystem, Mobile Credentials can be applied to a wider variety of use cases and business problems.
Our APIs offer the following features to support Mobile Credentials:
- Signing Mobile Credentials and issuing them to holders.
- Verifying Mobile Credentials using our Verifier SDKs.
- Managing Issuing Authority Certificate Authorities (IACAs) and Document Signer Certificates (DSCs).
Refer to our Docs to learn more about Mobile Credentials and how they can be embedded into your digital trust ecosystem.
Automatic Revocation when deleting credential data
26 October 2023
We’ve made a change to our credential deletion process so that any revocable credential will be automatically revoked when it is deleted from the MATTR VII Credential Registry. This creates an easier way to revoke and delete credentials by merging the two API requests into one, and also prevents deleting the credential data and losing Credential ID needed to revoke it later.
Note that this change only applies to issued credentials that were configured to be revocable, and you can still update the revocation status for credentials without deleting them using the existing Revocation endpoints:
Removed support for DID:ION
25 October 2023
From 25 October onwards, the did:ion
method is no longer supported by the MATTR VII platform. This
is the result of 3rd party providers no longer reliably supporting the required blockchain utilized
by this method. This method was a trial capability.
We apologize for any inconvenience and we welcome you to reach out
to us and discuss alternative supported DID methods such as did:web
and did:key
.
Enhancements to Claims Sources Configuration
5 September 2023
We are excited to announce a suite of enhancements to Claims sources configuration in MATTR VII. These enhancements enable customers to better fine tune how MATTR VII interacts with their claims source:
- Choose your preferred query method: You can now use both
POST
andGET
when querying the claims source. = Choose your preferred authentication method: You can now authenticate with your claims source using either an API Key or your OAuth client credentials. - Query what you need: You can now query the claims source using a credential configuration as a query parameter.
Refer to the Docs to learn more about Claims sources.
New Features and Enhancements across MATTR platforms
3 August 2023
We are happy to announce several key improvements across our MATTR platforms, highlighted by new self-service capabilities, enhanced APIs, and several MATTR Wallet features:
Self-service Tenant Management
Our new suite of API endpoints support the ability to manage tenants (create, view and delete) and analytics events in your environment. Please contact us for more information and/or access to this new capability.
Preventing Issuance of Expired Credentials
Our MATTR VII credential issuance API endpoints now prevent issuing any expired credentials where the current date has passed the specified expiry date.
MATTR Wallet and MATTR GO Release
Our recent MATTR Wallet release (V2.6.1) introduces support for claiming and storing Compact Credentials issued through the OpenID4VCI protocol. In addition, it includes several UI enhancements to further improve the wallet user experience.
MATTR GO Wallet customers will receive a new release which includes all new features and enhancements from our latest MATTR Wallet version.
Ready to get going with MATTR GO Hold but not sure where to start? Get in touch with us today to discuss the best option for your business.
You can download the MATTR GO Hold example app on your iPhone using the App Store or Android using Google Play. Refer to our documentation for device requirements.
Enhancements and new features across MATTR platforms
7 July 2023
We’re excited to announce the following updates and new features across our MATTR platforms:
- You can now issue Compact Credentials using the OpenID Credential Provisioning flow. This includes using all the features that this flow enables, such as integration hooks, claims source integration and multi-credential issuance for Compact Credentials.
- We’ve enabled the MATTR Pi Wallet Toolkit with the capability to retrieve and hold Compact Credentials.
- We now support multiple key types within a single DID, which means you can issue credentials in multiple Credential Profiles using the same DID.
Enrichment of verification responses
10 May 2023
We’ve released an enhancement to the way our verification capabilities return the verified credential information. Until now, MATTR VII has applied a layer of convenience for integrations by returning only the claims from the verified credential.
You can now also get the raw credential presentation shared by the holder in the verification response. This brings more information and options to verifiers that enable subsequent flows like:
- Re-verifying a credential using the MATTR VII verify capabilities, to re-check things like the revocation status.
- Obtaining more information about which credential data attributes are coming from which credential when the verifier requested more than one credential.
Check out our Docs for more details on how to enable and use this enhanced capability in your credential verification flows.
Enhancements and new features in the MATTR universe: April 2023
The MATTR team has been busy the last few months! We have a raft of exciting new features and updates coming to the MATTR platforms in April 2023.
- Next-generation credential issuance with our new OpenID Credential Provisioning flow, using the OpenID4VCI standard.
- More flexibility for credential issuance with interaction hooks and claims source integration.
- DID Web hosting on the MATTR VII platform to simplify onboarding.
- Major changes to our MATTR VII API with a version 2 release.
- An update to the MATTR Wallet and Pi Wallet Toolkit to support an improved approach of matching credentials to presentation requests from verifiers.
Enhanced issuance journeys with OpenID Credential Provisioning
We’re thrilled to unveil the evolution of our credential issuance capabilities with the all-new OpenID Credential Provisioning flow, based on the OpenID for Verifiable Credential Issuance (OpenID4VCI) protocol.
This protocol is a key draft standard for interoperability among digital wallets and has been included in the eIDAS expert group’s draft European Digital Identity Architecture and Reference Framework (EUDI ARF) for digital wallets.
The new flow has evolved from our original OIDC Bridge credential issuance capabilities based on market and community movements and feedback from customers. It simplifies the experience of generating and configuring a credential for the issuer and it enhances the user experience of collecting a credential.
Tools for extra flexibility in credential issuance
Our [OpenID Credential Provisioning flow](OpenID Credential Provisioning flow) makes issuance easier than ever before and we have built extra features that enable customers to have more flexibility to enact their unique business logic into the flow. These include:
- Interaction hooks: integrate additional steps to the credential claiming journey such as additional biometric checks, identity assurance flows, or informational screens.
- Multi-credential issuance: Issue multiple credentials to a wallet holder within a single user journey.
- Claims source integration: Configure credentials using data from an existing source and supplement with additional data from tenant-managed user claims as well as claims sourced from an authentication provider or IDP.
More tools on the way soon!
For current customers, we will continue to support the OIDC Bridge for issuance through the end of 2023 to allow you to transition to the new protocol and feature set.
DID Web hosting now on MATTR VII
To help customers get started with using verifiable credentials quickly and easily, we now support DID Web hosting on the MATTR VII platform.
New major changes to MATTR VII API
Continuing our theme of simplicity and ease of use, we will be releasing a new major version of our API, which includes a new set of endpoints that simplifies the ability to utilize MATTR’s Credential Profiles.
Credential Profiles combine data about people, organizations or things with unique digital signatures. We use different types of Credential Profiles depending on the type of information a customer wants to convey and how they want to convey it.
See the [API reference] for more information on these changes.
Terms
10 November 2022
We have an updated Privacy Policy now in place.
Introducing webhooks
25 October 2022
We have added support for Webhooks to MATTR VII.
This new capability allows users to obtain information that is generated during an API operation that isn’t otherwise available as part of the request or response payloads.
Users are able to subscribe to specific events that are triggered on set MATTR VII operations.
When an event is triggered, the information relating to that event is published via the webhook through to the URL(s) set up on the configured subscription(s).
Users can now:
- Create a webhook that is triggered on supported event types.
- Verify a webhook to check the integrity and authorship of webhooks generated by the MATTR VII platform.
- See an example implementation of how to Verify a Webhook that was generated by MATTR VII.
Interested in learning more about how you might use the MATTR VII Platform? Get in touch with us today.
MATTR VII - Event logs
15 August 2022
MATTR introduces enhanced platform ops logging levels on MATTR VII.
As of today, we support configuration of logging at the platform environment level along with manual consumption of platform events in specific customer environments.
In future customers will be able to customize these levels more freely and ‘fan-out’ events to other operational systems via APIs and webhooks.
New logging levels supported:
- Level 1 - Basic fields
- Level 2 - Metadata + basic fields
- Level 3 - Data (full request and response payloads) + metadata + basic fields
All MATTR VII public cloud environments (and associated tenants) are set to Level 1 - Basic Fields. No personal identifiable information (PII) is being captured in event logs at this level.
Interested in learning more about how you might use the MATTR VII Platform? Get in touch with us today.
OIDC Bridge - Additional configurations
10 August 2022
In this release, we added support for including the following configurations when setting up an OIDC Credential Issuer.
- federatedProvider.claimSource is either
idToken
(default)or
userInfo - federatedProvider.tokenEndpointAuthMethod is either
client_secret_post
(default), orclient_secret_basic
- staticRequestParameters: parameters that should be included in the request to the IDP. i.e.
display
,prompt
,max_age
,ui_locales
etc. - forwardedRequestParameters: parameters that can be provided by the client to be forwarded to
the IDP. These are optional and can override the staticRequestParameters i.e.
login_hint
.
We’ve also updated our MATTR Wallet SDK and
MATTR Wallet App to include login_hint
as a request parameter when issuing a
credential using the OIDC bridge. This will allow pre-population of the username in the Federated
Provider’s login screen when using MATTR Wallet to claim a credential. Any other request parameters
are not supported by MATTR Wallet and SDK at the moment.
Interested in learning more about how you might use the MATTR VII Platform? Get in touch with us today.
New MATTR VII Regions
1 August 2022
MATTR VII is now available in two additional AWS regions:
- Frankfurt, Germany
- Montréal, Canada.
Introducing compact credentials
30 June 2022
Claims of data can be represented as Compact Credentials, which are both cryptographically proven as authentic and dense enough to fit inside a QR code. This credential format is ideal where high information assurance is required but not high identity assurance about the entity presenting the credential.
You can choose to use either a W3C Verifiable Credential data model to provide more descriptive semantic meaning or a more concise, non-semantic data model. The choices between the data model to use comes down to how compact you need the credential to be versus how openly you intend to share and exchange the created credentials across different domains and jurisdictions.
The following capabilities of Compact Credentials are provided in this MATTR VII platform release:
- Sign and issue a Compact Credential in the semantic model or compact model
- Verify a Compact Credential
- Revoke a Compact Credential
- Format the Compact Credential in a way that allows it to be presented in either a digital or paper-based manner.
With this product release, our Customer Agreement and Terms have changed. Please refer to the version dated 30 June 2022 for details.
Compressed credential support (technical preview)
24 Mar 2022
Compressing semantically verifiable credentials into smaller payload sizes is a useful technique. For example, it allows credentials and presentations to be embedded into QR codes so they can be used when one party is offline.
Try out our latest technical preview on compressed credentials to see how using CBOR-LD can unlock use cases where offline is important.
Convert JSON-LD to CBOR-LD to compress the payload size
Use the latest version of the MATTR Wallet (v1.9.1) to present applicable credentials in a CBOR-LD format
Convert CBOR-LD payloads to JSON-LD to use with existing MATTR VII API
Digital Covid Certificate (DCC) Extension
5 Nov 2021
We have introduced a new DCC extension to MATTR VII that is built on top of our core libraries to provide the capability to issue and verify Digital Covid Certificates (DCC).
The standards outlined for the European Union DCC (EUDCC) format, which covers 3 certificate types (vaccination, recovery, and testing) are all covered by the extension which allows your MATTR VII tenant the ability to:
- Maintain the required document signer certificates that facilitate trusted issuance and verification of the EUDCC format.
- Sign and issue a health certificate payload into a EUDCC format
- Verify a EUDCC
- Format the EUDCC in a way that allows it to be presented in either a digital or paper-based manner.
The use of the DCC extension during a trial of the MATTR VII platform may be subject to change. As you move into production workloads please get in touch to discuss your needs.
Introducing the New Zealand COVID Pass (NZCP) Verify Extension
5 Nov 2021
The New Zealand government will start issuing a type of digital health certificate known as a ‘My Vaccine Pass’ using the New Zealand COVID Pass (NZCP) specification , this credential contains a limited set of personal information and provides a way for the holder to prove they meet certain health policy requirements in regards to COVID-19 such as being vaccinated against the virus.
From today you can now read about the NZCP Verifier API to help you determine how to integrate and verify NZ COVID Passes that have been presented to you, this also accompanies the NZCP Verifier SDK and Verifier white label app offerings.
Get in touch to start onboarding to use the service today, the API will also be available on a trial basis starting soon.
ZKP-enabled credentials using Web DIDs & support for custom paths
22 Oct 2021
This release adds the ability to use bls12381g2
key types with a Web DID
so that ZKP-enabled credentials can be issued. We have also enabled Web DIDs to be created on custom
paths that don’t rely on a /.well-known location.
- Create DID with the web method and
bls12381g2
key type. - A new
url
parameter inoptions
to specify a domain for the Web DID as well as allowing the use of paths in the form oforganization.com/path
.
The domain
options parameter has now been functionally superseded by the url
option
parameter and will be deprecated in an upcoming release.
Introducing ION DIDs & an update on Sovrin DIDs
8 Sep 2021
Decentralized Identifiers (DIDs) using the Identity Overlay Network (ION) method can now be created on the platform and used for issuing credentials and other purposes. ION DIDs use the Sidetree protocol to anchor the DID document to a ledger, which provides a high-throughput and efficient method for writing to a blockchain like Bitcoin. ION DIDs can be easily configured on the MATTR VII platform using our API interface, allowing you to leverage the benefits without having to deal with any of the underlying complexities:
- Create & manage ION DIDs on your tenant
- ION DIDs can be used to create credentials, sign and encrypt messages as well as being fully configurable on the OIDC Bridge for issuance and verify
- Supports
ed25519
andbls12381g2
key types - Fully resolve ION DID Documents from the public nodes
The creation of ION DIDs during a trial of the MATTR VII platform may be subject to change. As you move into production workloads please get in touch to discuss your needs.
Sovrin DID method
Since launching the platform our implementation of did:sov
has relied on private Indy nodes whilst
the community around DID Sovrin continued to develop new kinds of interoperability in their
infrastructure. Recently activity is showing that rather than converging around the Sovrin-specific
method that’s been used to date new approaches are being looked at. Until this direction from the
community has more clarity around implementation we have decided to deprecate our current private
node support.
From this release, we will begin phasing out support for DIDs based on Sovrin by removing references
from the documentation and in the next release, we will stop the current did:sov
support and
remove any Sovrin DIDs from the sandbox platform.
Custom domains & complex credentials
2 July 2021
Tenants can now be configured to represent as a verified custom domain:
- Custom domains are a paid feature, setting up a custom domain whilst using a sandbox is possible, however, note this may be disabled and reverted back at MATTR’s discretion.
- New endpoints added to create, view, delete and verify a custom domain on your tenant
- Create a custom domain by providing details like your organization name, domain and a logo which will be displayed to end-users interacting with your tenant using a wallet app that supports a web manifest payload.
- The MATTR mobile wallet app has been updated to support the display of custom domains as well as a number of improvements to the UI of MATTR Wallet to be more human-friendly, including support for more complex data types like nested data and embedded images.
Create & Verify Presentations Directly
20 May 2021
New endpoints provided to help you work with verifiable presentations directly on MATTR VII:
- Verify a presentation obtained from any source adhering to the W3C Verifiable Credential Data Model.
- Create verifiable presentations using Credentials where the subject(s) are controlled by the tenant
This is a useful operation for exploring how verifiable presentations are created and can be submitted to the Verify a presentation endpoint.
An optional description
parameter has been added when creating credentials:
- The optional
description
field is enabled on the Create Credential endpoint. - The field can be configured in the OIDC Bridge Issuer so that any credentials issued will contain the description.
The description field is part of the W3C Verifiable Credential Model v2 specification and will be supported in the MATTR mobile wallet as the standard begins to stabilize.
MATTR VII launch with push notification messaging
25 Mar 2021 (v1.0)
MATTR VII is now live!
Pricing
Pay-as-you-go pricing is now published
- Get a detailed look at how MATTR VII is charged once you elect to upgrade to a paid plan.
- To discuss high-volume discounts, please contact us.
API references
The platform is now known as MATTR VII; URLs and paths updated to reflect this:
- MATTR VII Core is
https://tenant.vii.mattr.global/core/v1
. - OIDC Bridge is a MATTR VII extension found at
https://tenant.vii.mattr.global/ext/oidc/v1
.
Old domains and paths will be discontinued from service within 30 days.
Notification messaging
Customers can use their tenant to construct and send messages to holders based on their subject DID, which will be delivered to the MATTR Wallet app and notified via a push notification.
- Construct action-based messages in a DIDComm2 JWM format:
- Start a credential issuance using the OIDC Bridge.
- Notify of a credential revocation status change.
- Start a verification flow using a callback.
- Encrypt messages intended for the recipient.
- MATTR VII enforces end-2-end encryption (E2EE), so message contents are never visible to MATTR when held in messaging inboxes.
- Route messages to a dedicated inbox for the wallet user.
The MATTR Wallet app is being updated to support receiving push notification and managing messaging inboxes. Make sure you update to the latest version available on the App Store or Google Play.
Further messaging capabilities are scheduled on the roadmap.
Terms
New customers signing up to MATTR VII will have a new customer agreement, SLA and privacy policy in place.
Verify ZKP-enabled Credentials
18 Feb 2021 (v0.13)
Further functionality to support the use of privacy-preserving credentials using BBS+ signatures.
Create a JSON-LD Frame Presentation Request
- Use a query extension to the Verifiable Presentation Request Specification format, Query by Frame, to specify required credential claims.
- Trusted Issuers and Credential Types are used to match credentials in the mobile wallet.
Mobile Wallet updates
- The latest version (v0.50.0) of the Mobile Wallet is required to process Query by Frame presentation requests.
- ZKP-enabled credentials using BBS+ signatures can be used to derive selectively disclosed presentations.
- New UI screens to actively show the disclosure of claims.
Maintenance
11 Feb 2021 (v0.12)
Maintenance Release
- Update to the Callback URL for all Issuers on the OIDC Bridge to align with future changes.
Ensure that the allowed callback URL for your federated provided is updated with the new path. From
../oidc/v1/issuers/..
To: ../ext/oidc/v1/issuers/..
.
OIDC Bridge and OIDC Credential Provider
16 Dec 2020 (v0.11)
When we first launched the Platform we pioneered the bridging of existing identity solutions using Open ID Connect (OIDC) to a new world of decentralized identity and verifiable credentials. During this time we listened to customers as well as working within the Community as standards evolve. This latest version of the OIDC Bridge is now easier to set up, more flexible to integrate and conforms with OIDC Credential Provider for issuing credentials to the mobile wallet.
OIDC Bridge
- Multiple OIDC Credential Issuers can be enabled to offer credentials using the OIDC Configuration metadata endpoints
- Custom
scopes
can be added to Federated Providers to enable more flexibility in obtaining ID token claims - OIDC Credential Verifier are easier to set up and associated OIDC Clients can be listed and updated
- Authenticate a DID using OIDC Bridge introduces a new way for OIDC Clients to obtain a Subject identifier that has been verified to come from the holder.
- Claim mappings; OIDC claims > JSON-LD terms and JSON-LD terms > OIDC claims have been revamped to simplify their use and make it clearer on how they are used by the OIDC Bridge
Verify Credentials without using OIDC Bridge
- Unlocks Verifying a Credential using a Callback method to allow non-OIDC verification
- Introduction of a new endpoint to Verify a Credential directly using the API
Maintenance
17 Nov 2020 (v0.10)
Maintenance release
In line with the W3C VC Data Model; Subject identifiers are now not required on Create Credential, usually a Subject DID makes up a core part of a Verifiable Credential but in some cases it makes sense without one, such as issuing a ‘bearer’ style credential e.g. a concert ticket or when the credential is to be stored on behalf of a subject and reissued later with subject binding.
Maintenance
4 Nov 2020 (v0.9)
Maintenance release
- The format of the response from
/.well-known/did-configuration
is now in a JSON-LD format. Learn more about the Well Known DID Configuration from the Decentralized Identity Foundation working group. - This changes means all holders will need to being using the MATTR Mobile Wallet with a minimum version of v0.37.1 to continue to receive and present credentials, earlier versions of the app will present a generic error message.
Revocable Credentials
21 Oct 2020 (v0.8)
Credentials issued on the platform are now revocable and searches can be performed on the Credential Registry.
Revocable Credentials
- Create Credential has new optional revocable property to create a Credential as revocable using a revocation list method.
- All Credentials issued using the OIDC Bridge are now revocable by default.
- Management API endpoints for an Issuer to toggle the revoke status of a Credential.
- Provisioned hosting of revocation lists for Credential Issuers.
- Automatic verification of a presented Credential against its revocation list will result in revoked credentials being returned with an error message in the OIDC/OAuth2 callback response back to Verifiers/relying parties.
Search on Credentials
- Credentials optionally held in the Credential Registry
can now be retrieved by
tag
andtype
parameters. - The meta-data of non-persisted Credentials can also be found using these tags.
- All Credentials issued using the OIDC Bridge will only store meta-data.
Updates
Pagination on Retrieve List of DIDs and Retrieve List of Presentation Templates now has pagination using the cursor-based method.
DID Web Method
7 Oct 2020 (v0.7)
New DID method did:web
is available to be created on
the Platform.
- Check out the new DID Web tutorial on how to implement this style of DID.
- Further content on the various DID methods available on the platform is available.
Updates
Enhanced pagination on the List Credentials endpoint, moved from using a page-offset pagination to a much more performant cursor-based pagination.
ZKP-Enabled Credentials
16 Sep 2020 (v0.6)
Support added for issuing privacy-preserving credentials using BBS+ signatures.
ZKP-enabled credential functionality during Preview are considered experimental and may change over time as well as any ZKP-enabled credentials issued during this period may need to be reissued.
Create a DID with BLS Key Type
- Create DID now has options to set a key
type (only for
did:key
method at this time). - Use the BLS key type
bls12381G2
to create Issuer DIDs for issuing ZKP-enabled credentials. - Response for Resolve a DID has been
altered to include a
localMetadata
parameter which will be used for future DID methods.
Create a ZKP-enabled Credential
Create Credential will automatically issue ZKP-enabled credentials if an issuerDid
referencing a
bls12381G2
key type is provided.
Updates
New optional parameters are available on Create Credential:
- Providing a value in
tag
will set this value as metadata so it can be referenced on the platform later. - Setting the
persist
boolean totrue
will store the created credential on your tenant for future retrieval. The default value is not to store credentials.
Maintenance
9 Sep 2020 (v0.5)
Maintenance release.
- Mobile Wallet App bug fixes and improvements.
- Improved support for OIDC query parameters on mobile app authorization requests.
Sovrin DID Method
25 Aug 2020 (v0.4)
Creation of Sov DIDs on the platform is now possible.
- Create DID can be used to create DIDs using the Sovrin DID method. Note during Preview these will not be anchored on the Sovrin MainNet.
- Resolve a DID will resolve Sov DIDs including MATTR issued ones.
Maintenance
10 Aug 2020 (v0.3)
Maintenance release
Tidy up of error response messages on Create Presentation Templates and messaging endpoints.
Maintenance
29 Jul 2020 (v0.2)
New endpoints available.
- Update operations now possible using Update a Claim Mapping and Update a Provider.
Launch of the MATTR Preview Platform
3 Jun 2020 (v0.1)
SaaS Platform
- A cloud-hosted, multi-tenanted environment that can be spun-up on-demand using managed containers
- Authentication and access-control provisioning
- Auditing and privacy-preserving logging
Issue Verifiable Credentials using OpenID Connect
- Cryptographically secure issuance of Verifiable Credentials (VC) to authenticated identity holders
- Configuration options to;
- Bring-your-own OpenID Connect Provider (OP)
- Or, use our step-by-step tutorial for a reference OP
- Map personal information claims from source to VC terms, using linked-data standards
- Decode a JWT signed using a Decentralized Identifier
- Optionally; store issued credentials on-platform to be retrieved (for non-sensitive use-cases)
- Create a credential Offer as a QR code or deep-link to start the issuance flow with the mobile wallet app
- The static offer is ready to display on a website or physical media e.g. a bus shelter advertisement
Verify Verifiable Credentials using OpenID Connect
- Cryptographically secure verification of VCs from identity holders after their consent
- Uses the latest standards-based messaging protocols (JWM) to transmit information from the holder
- Configure an OpenID Connect Relying Party client to accept holder information via a standard ID token
- Map personal information from Credential claims to a standard ID token
- Create a VC Request and embed using a QR code or deep-link into a journey
- The dynamic request can be used in an information-gathering flow e.g. Customer onboarding
Mobile Wallet App
- Native iOS and Android apps, supporting a range of models and devices
- On-device biometric access enabled
- Familiar chat-like user-interface approach, designed with core pillars of privacy, accessibility and user-experience
- Puts the user in control during issuance and verification of their Credentials
- Keeps user in-context with in-app-browser technology
- Interoperable to published specifications within the Self-Sovereign Identity ecosystem
- Theming options available to prospective customers