Compatibility issue: VCDM 2.0 support in Identity Hub for Gaia-X VCs

[SlowCooky]

Hi team,

I am currently working on integrating the new Gaia-X Compliance credentials into our EDC environment, and we are running into a compatibility issue.

The new credentials issued by Gaia-X are generated using the W3C VCDM 2.0 standard (which introduces fields like validFrom and uses BitString status lists for revocations). However, our current Identity Hub is optimized for the v1.0 standard and cannot parse them natively.

To avoid altering or downgrading the Gaia-X credentials to fit the old parser, we need the Identity Hub to support VCDM 2.0. I checked the Identity Hub repository and saw that "Support for VC Data Model 2.0" is currently listed in the Future work section.

Could you let me know if this is already on your active roadmap or if there is a rough ETA for its implementation?

I would also love to have a quick chat with the developer who might be taking the lead on this topic, so we can align our integration plans.

Thanks in advance!

Best regards,

[paullatzelsperger]

while not all features of VCDM 2.0 might be supported ATM (for example no COSE or SD-JWT proofs), basic ones like the expirationDate --> validFrom should indeed be supported. BitStringStatusList is supported as well, at least in its minimum viable form.

can you pinpoint exactly what is not working, preferably with a Gist or a repeatable test?

edit: the fact that VCDM2.0 is not implemented 100% is the reason why it is still listed under "future work". We currently have no concrete plans to implement the missing bits.

[SlowCooky]

Hi @paullatzelsperger,

Thanks for the quick clarification!

To explain why I posted the initial message: when I cloned the mvd repository, I noticed all the test credentials were in V1. Combined with the identity-hub repository listing VCDM 2.0 support under "future work", I assumed it wasn't supported at all yet.

To give you some context on our side: we are aligning with Gaia-X Danube 3.0, which exclusively requires VCDM 2.0. We strongly desire to use the EDC components for our architecture, so supporting this version is a major priority for us.

It's great to hear that basic features like validFrom and BitStringStatusList are already working. I will test our Danube 3.0 credentials with the current implementation. If I run into any specific blockers, I will definitely provide a Gist and a reproducible test as you suggested.

Regarding your edit—since there are currently no concrete plans to implement the missing VCDM 2.0 features (like COSE or SD-JWT proofs), how could we go about getting this added to the roadmap? We would be very open to scheduling a quick meeting/call with you and the team to discuss our use case, see how our needs align, and explore potential collaboration.

Let me know what you think!

[paullatzelsperger]

you don't get it added to the roadmap. this is an open source project, which means if you want a specific thing in it, you either contribute it yourself, or you find enough traction for the feature to motivate us (committers) to implement it.

If I'm brutally honest, you're the first and - so far - only one who has expressed an interest in this, so the chances of us adopting this into the core code base are slim, to say the least. The reason for this is that for us, every feature creates cost (maintenance, documentation, etc.) and we have to weigh that against the benefits. And from where we stand today, that does not compute.

That being said, if you really want those features, you could create extension(s) in your own repository, and include them in your runtime of IdentityHub. You'll probably want implementations for a CredentialGenerator, a PresentationGenerator, a AbstractJwtTransformer and a CredentialVerifier.

You'll find more information in EDC's documentation

Regarding meetings: I don't know who you are, who you're with, and your GH info is non-existent, so I'm sure you understand that I don't take meetings with random internet people.

[paullatzelsperger]

@SlowCooky little update: in addition to the already existing support for VCDM2.0 credentials in IdentityHub, we figured, that for the sake of feature completeness we should also add support for issuance and verification, so we've implemented VCDM2.0 in the IssuerService (eclipse-edc/IdentityHub#947) and in the connector, for verification (#5581). With this, we should have a solid foundation for VCDM2.0/JOSE credentials.

Since this is a new feature, and we don't have much real-world experience with it, I would not consider it production-ready yet. Try it out, let us know if there are bugs/problems.