Authlete introduces Authlete 3.0 update

Japan-based Authlete, known for its implementations of OAuth 2.0 and OpenID Connect, has introduced the Authlete 3.0 update.

This update is designed to streamline the process of issuing and managing digital credentials, a feature applicable for entities such as governments, financial institutions, and educational organisations. 

Authlete 3.0 enables organisations to issue interoperable verifiable credentials (VCs) through a straightforward API, aligning with OID4VCI standards. Based on OAuth and OIDC protocols, widely adopted for authorization and authentication, OID4VCI supports various credential formats, including SD-JWT VC and mdoc/mDL, making it versatile across different digital credentialing needs.

Digital security and verifiable credentials

Verifiable credentials (VCs) offer cryptographically secure, tamper-evident digital proofs, ensuring the authorship and integrity of the information they hold. This form of credential allows users to selectively disclose information, eliminating the need for physical documents and enhancing both flexibility and privacy in digital interactions. 

Authlete’s integration of OID4VCI for SD-JWT VC and mdoc/mDL formats has already undergone testing in global projects, including initiatives such as the EU Digital Identity (EUDI) Wallet, Japan’s Trusted Web programem, and the Global Assured Identity Network (GAIN) Proof of Concept. 

In Japan’s Trusted Web initiative, which aims to establish a reliable framework for data verification, Authlete supported a pilot project led by DENTSU SOKEN focused on simplifying Know Your Business (KYB) and Know Your Customer (KYC) procedures. In this project, Authlete issued SD-JWT VCs for a digital wallet developed by DENTSU SOKEN, aimed at improving bank account onboarding processes through reusable digital credentials. 

In the GAIN Proof of Concept, which targets a global framework for reliable digital identity verification, Authlete issued OID4VCI-compatible SD-JWT VCs to digital wallets provided by companies such as Talao, Meeco, and Datev. Talao officials noted that the project demonstrated practical interoperability and readiness for a secure, cohesive digital identity environment. 

Authlete 3.0 also brings additional features, including: 

• Enhanced FAPI Compliance: Provides configurable compliance with FAPI (Financial-grade API) 2.0 standards, supporting message signing for non-repudiation. 
• Multi-Tenant Management: Allows multiple organizational setups within a unified dashboard. 
• Multi-Region Server Options: Offers server location choices across the US, Japan, Brazil, and the EU. 
• Social Logins and MFA: Supports logins through Google and GitHub with multi-factor authentication (MFA). 
• Granular Access Control: Enables specific access permissions to match team member roles. 

Authlete’s services, which simplify OAuth 2.0 and OIDC server implementation, are designed to meet the security requirements of global frameworks such as the UK’s Open Banking, Australia’s Consumer Data Right, and Open Finance in Brazil.