SD-JWT .NET Documentation
A .NET ecosystem for Selective Disclosure JSON Web Tokens, verifiable credentials, wallet interoperability, and delegated agent trust. 21 NuGet packages plus an ASP.NET Core issuer reference server. 2,500+ xUnit tests. RFC 9901, OpenID4VC, SIOPv2, W3C VCDM 2.0, ISO 18013-5, eIDAS 2.0, and preview Agent Trust extensions.
The Big Picture
Digital credential systems have five common jobs:
- Issue a credential into a wallet.
- Store it safely.
- Present only the required claims.
- Verify the credential and holder binding.
- Check trust, status, and policy.
SD-JWT .NET provides .NET packages for each part of that lifecycle.
flowchart LR
Issuer["Issuer<br/>Creates credential"]
Wallet["Wallet / Holder<br/>Stores credential"]
Verifier["Verifier<br/>Requests proof"]
Status["Status List<br/>Revocation / suspension"]
Trust["Trust Layer<br/>Federation / HAIP / EUDIW"]
Agent["Agent Runtime<br/>Preview Agent Trust"]
Tool["Tool / API<br/>Verifies capability"]
Issuer -->|"OID4VCI<br/>Issue"| Wallet
Wallet -->|"OID4VP / DC API<br/>Present"| Verifier
Verifier -->|"Check"| Status
Verifier -->|"Resolve"| Trust
Agent -->|"Capability SD-JWT"| Tool
Each concept page in this documentation focuses on one part of that lifecycle. If you are new to digital credentials, read the concept pages in order before diving into code.
Who this is for
| You Are |
Start Here |
Goal |
| Decision Maker evaluating adoption |
Capability Matrix |
Understand ecosystem coverage and roadmap |
| Architect designing a credential system |
Ecosystem Architecture |
Design issuer, verifier, wallet, and trust infrastructure |
| Developer building an integration |
15-Minute Quickstart |
Issue, present, and verify your first SD-JWT |
| Security Engineer reviewing the stack |
HAIP Profile Validation |
Validate cryptographic and policy controls |
| Operations preparing for production |
Deployment Patterns |
Plan infrastructure and key management |
Choose Your Path
I need core SD-JWT
I am building issuer, verifier, or wallet infrastructure
Why SD-JWT .NET?
| Pillar |
What It Means |
| Standards-Aligned Coverage |
RFC 9901, OpenID4VCI/VP 1.0, DIF PEX v2.1.1, OpenID Federation 1.0, HAIP 1.0, ISO 18013-5, plus tracked drafts |
| Enterprise Security |
HAIP Final flow/profile validation, algorithm enforcement, constant-time operations, replay prevention, zero-trust |
| Maturity-Labeled Packages |
Stable, Spec-Tracking, Profile, Reference, and Preview classifications in MATURITY.md |
| Full Credential Lifecycle |
Issuance, presentation, revocation, trust resolution, status checking, wallet storage |
Learning path
flowchart LR
QS[Quickstart<br/>15 min] --> Tutorials[Tutorials<br/>3 weeks]
Tutorials --> Concepts[Concepts<br/>Architecture]
Concepts --> Guides[How-To Guides<br/>Task-oriented]
Guides --> Reference[Reference<br/>Lookup]
Reference --> UseCases[Use Cases<br/>Industry]
Week 1: Fundamentals
- 15-Minute Quickstart - Build Issuer + Wallet + Verifier
- Running the Samples - Explore the interactive CLI
- SD-JWT - How selective disclosure works
Week 2: Standards & protocols
- Beginner → Advanced Tutorials - 19 hands-on tutorials
- Ecosystem Architecture - Package map and deployment patterns
- OpenID4VCI + OpenID4VP - Issuance and presentation protocols
Week 3: Production
- HAIP Profile Validation - HAIP Final flows, credential profiles, and policy enforcement
- How-To Guides - Task-oriented implementation guides
- Reference Patterns - Industry reference patterns and trust workflows
Documentation map
Ecosystem packages
Core
Protocols
Reference infrastructure
Agent trust
Enterprise planning
Source repository
This documentation is part of the SD-JWT .NET open source project, maintained under the OpenWallet Foundation Labs umbrella.