Public Review Period for Proposed OpenID4VC High Assurance Interoperability Profile (HAIP) 1.0 Final Specification

Published October 9, 2025
The OpenID Digital Credentials Protocols (DCP) Working Group recommends the following OpenID Final Specification:
A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This note starts the 60-day public review period for the specification draft in accordance with the OpenID Foundation IPR policies and procedures. Unless issues are identified during the review that the working group believes must be addressed by revising the draft, this review period will be followed by a 14-day voting period during which OpenID Foundation members will vote on whether to approve these drafts as OpenID Final Specifications.
The relevant dates are:
  • Final Specification public review period: Thursday, October 9, 2025, to Monday, December 8, 2025 (60 days)
  • Final Specification vote announcement: Monday, November 24, 2025 (14 days)
  • Final Specification official voting period: Tuesday, December 9, 2025, to Tuesday, December 23, 2025 (14 days) 


The Digital Credentials Protocols (DCP) working group page:  https://openid.net/wg/digital-credentials-protocols/.

Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration. If you’re not a current OpenID Foundation member, please consider joining to participate in the approval vote.

You can send feedback on the specifications in a way that enables the working group to act upon it by (1) signing the contribution agreement at https://openid.net/intellectual-property/ to join the working group (please specify that you are joining the “Digital Credentials Protocols (DCP)” working group on your contribution agreement), (2) joining the working group mailing list at openid-specs-digital-credentials-protocols@lists.openid.net, and (3) sending your feedback to the list. 

 
Marie Jordan – OpenID Foundation Board Secretary

 

On November 20, 2025 OpenID4VC High Assurance Interoperability Profile 1.0 - draft 06 was published. It incorporates feedback received during the review period including:

  • updates to assumptions
  • add the multi-signed option to the DC API variants
  • add cose alg identifer -9 (fully specified)
  • clarify that DCQL applies in HAIP as defined in OpenID4VP and all REQUIRED and OPTIONAL requirements remain the same
  • add reference to ECCG Agreed Cryptographic Mechanisms 2.0
  • require x5c header in the OID4VCI Appendix D key attestation
  • require A256GCM and A128GCM for verifiers
  • add "Non-normative Examples of Ecosystem-specific Extensions of this Specification" section
  • remove EU ARF bullet from scenario section as that's already better explained in scope section
  • add additional acknowledgements
  • add reference to VP & VCI privacy considerations
  • improve wording about ephemeral encryption keys
  • clarify how combined issuance of SD-JWT and mdoc is supported
  • rename 'Cryto Suites' section to 'Requirements for Digital Signatures'
  • consistently use 'this specification' rather than 'document' or 'profile'
  • include links to the relevant sections in the ecosystems considerations section
  • clarify which requirements apply to wallet or verifier in W3C Digital Credentials API section
  • make 'Ecosystem' a defined term
  • clarify requirements for issuer-initiated / wallet-initiated issuance support
  • clarify that digital sig section applies to jwt proof type too
  • replace 'Annex' with 'Appendix' when referring to VCI/VP

As agreed during the DCP WG meetings on November 20, 2025, the WG needs to agree that the -06 revision of HAIP will become the version that is voted upon in the Foundation wide vote, to become a Final Specification, (rather than the -05 that’s currently in public review) and that the WG won’t reset the 60 day public review period.

This will be a consensus decision made at the normal December 4, 2025 DCP WG EU call, at 16:00 London time. This is a formal 14 day notice that the DCP WG will make that decision at that meeting. As allowed by the Process Document, this notice period will run in parallel with the public review period for OpenID for Verifiable Presentations draft 29 . The Foundation wide vote will not start until after this working group decision.

 


About The OpenID Foundation (OIDF)

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.



Tagged