did:webvh News: New Rust Implementation, Linux Foundation Proof of Personhood, UNTP, and Government of Canada Standards from Stephen Curran on 2026-04-01 (public-credentials@w3.org from April 2026)

From: Stephen Curran <swcurran@cloudcompass.ca>
Date: Wed, 1 Apr 2026 08:46:23 -0700
To: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAFLTOV7mrs+CHikv0kmYZu=JBHGB4JGg0MNMpXwfDn=FC4fH8w@mail.gmail.com>
As a follow up to the did:webvh CCG session I did in February, I wanted to
share a round-up of recent news and adoption milestones for did:webvh. The
immediate trigger for this post is a new release of the Rust implementation
— but there's quite a bit more to share.  For those new to the topic the
spec is here: https://identity.foundation/didwebvh/ and other information
can be found here: https://didwebvh.info.

Sorry (not sorry) for the length of this email -- lots happening!

*New Rust Implementation Release*: didwebvh-rs v0.3.0 (DIF)

Affinidi has released v0.4.0 of the full Rust implementation of did:webvh,
hosted at the Decentralized Identity Foundation:
https://github.com/decentralized-identity/didwebvh-rs/releases

Major changes in recent releases:

   - External signer support — the code never sees secret key material,
   enabling clean integration with Key Management Services (KMS) and Hardware
   Security Modules (HSMs) to meet security policies and regulated environments
   - Developer convenience functions to assist with witness operations
   - Improved error messages that are more instructive on failures
   - Refactored code removing regex requirements; the reqwest HTTP client
   is now gated behind a feature flag
   - Expanded tests, including integration tests with a mock server to
   better emulate network scenarios and failure conditions
   - Resolver DoS protections

Many of these changes were driven directly by security reviews and audits,
as well as insights from production deployments.

*Linux Foundation*: Proof of Personhood for Open Source Projects

LF Decentralized Trust has published a progress report describing how
did:webvh is being used as part of an initiative to provide Proof of
Personhood for the Linux kernel project and other open source projects. The
effort — prompted by Linux Foundation CEO Jim Zemlin following the XZ Utils
supply chain attack — is centered on a decentralized trust graph model
using DIDs and verifiable relationship credentials. did:webvh is a key part
of the identity infrastructure being developed.

Full blog post from Drummond Reed (March 5, 2026):
https://www.lfdecentralizedtrust.org/blog/decentralized-trust-infrastructure-at-lf-a-progress-report

*United Nations Transparency Protocol* (UNTP)

The UN Transparency Protocol — which addresses supply chain verifiability
and anti-greenwashing — has included did:webvh as an acknowledged DID
method in its work-in-progress specification. The method is described as
Recommended (Advanced) for institutional and organizational identifiers
requiring verifiable history, key rotation, and auditability — particularly
for Digital Identity Anchors, credential issuers, and registry maintainers.

See the DID methods section of the UNTP specification:
https://untp.unece.org/docs/specification/VerifiableCredentials#did-methods

*Government of Canada*: DGSI/TS 115 includes did:webvh

The Digital Governance Standards Institute (DGSI) — an independent division
of Canada's Digital Governance Council — has published a revised edition of
DGSI/TS 115, Technical Specification for Digital Credentials and Digital
Trust Services. did:webvh (attributed as DIF DID:webvh) is explicitly
listed in section 8.1.2 alongside W3C DID:web, DID:key, and X.509
Certificates as a required supported identifier method. The specification
was announced on March 12, 2026.

Press release:
https://dgc-cgn.org/digital-governance-standards-institute-publishes-revised-technical-specification-dgsi-ts-115-for-digital-credentials-and-digital-trust-services/

Specification:
https://dgc-cgn.org/product/dgsi-ts-115/

*Implementation Ecosystem*: DIF and OpenWallet Foundation

Beyond the full Rust implementation, the full did:webvh component stack —
registrars, resolvers, witnesses, and watchers — has been built out and is
moving into production use cases across two major open source digital trust
frameworks:

ACA-Py (OpenWallet Foundation) includes a native did:webvh resolver built
directly into the core agent. A full-featured ACA-Py plugin and the DID
did:webvh Server extends the core capability with registrar, witness,
watcher and AnonCreds verifiable credentials support, enabling multi-tenant
deployments to create and manage did:webvh DIDs with witness-based
attestation. This is already in active use in production-grade deployments
such as BC Gov's Traction platform. https://plugins.aca-py.org/latest/webvh/

Credo-TS (OpenWallet Foundation), the TypeScript/JavaScript agent framework
supports did:webvh resolution, interoperable with the ACA-Py
implementation. With both a server-side and mobile wallet framework,
Credo-TS brings did:webvh into a broad range of wallet and agent deployment
contexts.

The combination of Python (ACA-Py), TypeScript (Credo-TS), and Rust
(didwebvh-rs) implementations — all interoperating against the same DIF
specification — represents a healthy, multi-language ecosystem for
did:webvh.

Exciting to see did:webvh gaining traction across such a wide range of
contexts — from open source infrastructure security to supply chain
transparency to government digital credential standards. Happy to answer
any questions.

-- 

Stephen Curran
Principal, Cloud Compass Computing, Inc.
Received on Wednesday, 1 April 2026 15:46:39 UTC