v3.2.0
Feature release: verification of W3C Data Integrity (Linked Data Proof) credentials — the second proof format Open Badges 3.0 allows, alongside the VC-JWT stack this library already ships. Verify-only by design (issuing stays JWT-VC), and fully opt-in via a new packaging extra:
pip install "openbadgeslib[ldp]"Added
feat(ob3):OB3LdpVerifierverifies OB 3.0 credentials secured with an embedded Data Integrity proof, cryptosuiteeddsa-rdfc-2022(W3C Recommendation vc-di-eddsa) — validated byte-for-byte against the official W3C test vectors, which ship as fixtures. The low-level crypto core is exposed asverify_data_integrity_prooffor non-OB3 VCs. Same API, trust model and exceptions as the JWT verifier: pinned key wins; otherwise the key resolves fromproof.verificationMethodwith fail-closed binding to the credential's DID issuer;expected_recipient/check_statusbehave identically.feat(ob3): JSON-LD@contextdocuments are never fetched from the network — the exact context files (VC 2.0, the published OB v3p0 revisions,data-integrity/v2,multikey/v1) ship pinned inside the wheel with recorded provenance, behind an exact-match allowlist (unknown context ⇒ fail closed). Documents are capped at 256 KiB before canonicalization (poison-graph guard).feat(ob3):resolve_verification_methodresolves the exact verificationMethod URL a proof names (did:key fragment validation; did:web entry selected byid, no silent[0]fallback).feat(baking): the OB 3.0 §5.3 text-content carrier for Data Integrity credentials —bake_svg(..., as_text=True)/extract_svg(..., text_fallback=True); PNG needed no change.feat(cli):openbadges-verifier -V 3autodetects the baked payload (compact JWT vs credential JSON) with the same trust flags — no new options — and reportsproof_format("vc-jwt"/"ldp") in--json. Without the extra, the failure reason carries the install hint.feat(api):OpenBadgeCredential.from_vc_documentreconstructs a credential from its JSON-LD document shape.
Not included (deferred): the ecdsa-sd-2023 selective-disclosure cryptosuite — it fails closed with a clear "unsupported cryptosuite" message; the cryptosuite registry makes it an additive future module.
Everything works without the extra: the base install is unchanged, LDP tests skip cleanly, and attempting an LDP verification reports pip install openbadgeslib[ldp].
Verified with flake8, mypy (strict), the full test suite (760 with the extra; 726 + 27 skipped without), a real-CLI end-to-end run (pinned key trusted / did:key untrusted / tampered rejected), and a clean-venv wheel install check, on Python 3.10–3.13.
Full history: Changelog.txt