-
Notifications
You must be signed in to change notification settings - Fork 1
Certification Cookbook
How to demonstrate that credentials issued by openbadgeslib pass the 1EdTech Open Badges 3.0 conformance tests — without paying for 1EdTech membership. Formal certification (a badge on the 1EdTech product directory) requires a paid membership and is deliberately out of the project's scope; this page captures the technical value — proving conformance — which is free.
The library is already built to be conformant: the technical bets match what the ecosystem standardised (VC 2.0 Recommendation 2025-05, the eddsa-rdfc-2022 and ecdsa-sd-2023 certification suites, EUDI SD-JWT), and every credential we issue is checked against 1EdTech's official JSON Schemas in CI (see below).
Two independent things, both covered:
-
Structural conformance — the credential validates against 1EdTech's official
AchievementCredential/ProfileJSON Schemas. This runs offline in every CI build (tests/test_ob3_conformance_schema.py, draft-2019-09, format assertions on). It validates the canonicalto_vc(), the on-the-wire JWT-VC payload, and the LDP signed document — so a regression in any issuance path fails the build. -
Cryptographic conformance — the proof verifies under an accepted suite. For OB 3.0 the accepted secured formats are the compact JWT-VC (
VC-JWT) and the Data Integrity proofeddsa-rdfc-2022(Ed25519); both are what this library issues.
The heavier, container-based official validators are wired up behind an opt-in suite (pytest -m conformance_docker, see tests/conformance/ and the conformance.yml workflow) — the Digital Credentials public validator for OB 3.0 and openbadges-validator-core for OB 2.0. They are deselected from the default run because they need Docker, but they are the same engines 1EdTech uses.
-
Issue a valid credential. Follow Library Integration Tutorial (or
openbadges-signer -V 3). Use an Ed25519 key if you want theeddsa-rdfc-2022Data Integrity form, or any supported key for JWT-VC. -
Publish the issuer artefacts so the credential is resolvable and revocable:
openbadges-publish -V 3 -o <webroot>writes thedid:webdocument (did.json), each badge'sverify.pem, and the signed status lists. Serve<webroot>over HTTPS at the origin your[issuer] publish_urlnames. (See CLI Reference.) -
Self-check offline first — run the schema gate locally so you never submit a structurally-invalid credential:
pip install "openbadgeslib[dev]" pytest tests/test_ob3_conformance_schema.py -q -
Run the official validator. Either point the opt-in Docker suite at your issuer, or upload the credential to the public Digital Credentials validator (
POST /api/validate?validatorId=OB30Inspectorwith the credential file) and confirmsummary.outcome == "VALID". -
Submit for the 1EdTech Issuer conformance (if pursuing it): issue a valid 3.0 badge to conformance@imsglobal.org and provide the retrieval/verification demonstration 1EdTech asks for.
eddsa-rdfc-2022is on their accepted list.
The same idea applies to strict OB 2.0: the opt-in suite exercises both the HostedBadge and the crypto-sensitive SignedBadge paths against openbadges-validator-core. Publish the hosted graph (issuer Profile, BadgeClass, CryptographicKey, RevocationList) with openbadges-publish -V 2 -o <webroot> and validate the assertion URL.
- Paid 1EdTech membership / the certification portal — a business decision, not a technical gap. Everything needed to pass the tests is above.
-
Building an OID4VCI/OID4VP issuance rail — that belongs in
openvc-core, per the project's delegation pattern; this library issues the credentials, not the wallet-exchange protocol.
openbadgeslib · LGPLv3 (library) / BSD (CLI) · Issues
Getting Started
Concepts
Reference
Guides
Project