Services · Conformance & privacy audit

Pass the suite before you pay for the certificate.

We drive the official OpenID Foundation conformance suite against your issuer, verifier or wallet and hand you a prioritized gap report — and, if you want, we audit unlinkability on your actual proofs as well.

Book a free 30-minute gap scan See our own results

Why pre-certify

Certification is cheap. Failing it isn’t.

OIDF self-certification fees are public — $700–$3,500 (USD) per spec. The certificate itself is the small line item.

The expensive part is everything around it: engineer-weeks of fail, debug and resubmit cycles, and a procurement date that slips while they run. A fixed-bid pre-certification run converts that risk into a known gap list before any submission exists.

Engagements

Four engagements, fixed scope

Every figure below is indicative; pricing is finalized on the gap-scan call. Fixed bid — no retainer required to start.

Pre-certification conformance audit

We run the official OIDF conformance suite against your deployment — OID4VCI, OID4VP, HAIP, ISO mdoc and SD-JWT VC profiles — before you submit anything.

Full suite run against your issuer, verifier or wallet
Prioritized findings with fix guidance, mapped to the failing test modules
A re-run to confirm the fixes hold

Indicative: €20–40k · fixed bid

Unlinkability / privacy audit

Can two relying parties correlate the same user from the proofs your system emits? We measure that on your actual transcripts and review the formal model behind your design.

Cross-verifier linkage measured on real proof transcripts
Formal-model review of the privacy properties your design claims
A signed findings report you can put in a procurement file

Indicative: €30–60k · fixed bid

Managed certification run

We operate your actual OIDF submission run end to end, as an add-on to an audit or on its own. Certification is issued by the OpenID Foundation on your submission — not by us.

Test-plan configuration for the specs you are submitting
We drive the run and triage failures as they appear
Submission-ready logs and the suite’s result export, handed over at the end

Indicative: $2–5k (USD) per spec

Conformance Coach

A subscription for teams between certification events: we keep running the suite against your deployment and tell you what broke before your next submission does.

Recurring suite runs against your staging or production deployment
Failure triage and fix guidance per release
Regression tracking between releases

Indicative: $199 / $799 / $2,000 (USD) per month

Not sure which scope fits? Ask about scope →

Why us

We run the suite on our own stack

The harness, probes and runners we use on engagements are the same ones producing the numbers below — each one a local run, reproducible, and not a published certification.

319/332 OIDF test modules passed, 0 failed Official OpenID Foundation suite (local run, reproducible) — OID4VCI, OID4VP and OpenID Federation plans; 11 warnings, 2 skipped. Self-run evidence — not an OpenID Foundation certification. See evidence →

78/80 FAPI 2.0 Security Profile (Final) modules passed, 0 failed 2 warnings — the FAPI 2.0 test modules embedded in the OID4VCI issuer plans; local run of the official OIDF suite. See evidence →

Signed Every conformance result bundle is signed by the suite’s own key and archived Runs are reproducible. We are not listed on openid.net/certification. See evidence →

Unlinkability

The privacy property we machine-check

An unlinkability audit answers one question: can two relying parties correlate the same user from the proofs your system actually emits? We measure that on your transcripts and review the formal model behind your design.

It is the property we hold our own rail to. Designed and machine-checked for unlinkability properties: identifier-hiding (T10a), audit/verifier-split (T10d) and nullifier-unlinkability / private-presentation theorems are discharged; verifier-view unlinkability, issuer hiding and selective-disclosure privacy are modeled with machine-verified observational-equivalence lemmas but remain partial overall.

If privacy is a scored criterion in your procurement, this is the audit that answers it — with the same discipline we apply to ourselves: partial results are published as partial.

The honest count

33 protocol theorems tracked: 15 discharged (machine-checked), 18 partial. We publish the split — partial means exactly that.

Protocol model machine-checked in the Tamarin prover (Dolev-Yao adversary): 36 lemmas verified — 32 trace properties + 4 observational-equivalence proofs (≈5,500 proof steps), across 7 theory files.

Theorem status on the evidence page →

Process

How an engagement runs

Gap scan. A free 30-minute call, no deck. Bring a deployment URL or a roadmap.
Scope. A fixed-bid scope and statement of work — you know the price before we start.
Run. We drive the suite against your deployment and deliver a prioritized findings report.
Fix window. You fix, we answer questions, then we re-run to confirm.
Optional managed submission. We operate your actual certification run as an add-on.

Fixed bid. No retainer required to start.

Scope & limits

Read this before you buy

Scope & limits

A PSDP audit is independent engineering evidence — it is not an OIDF certification, not a CAB conformity assessment, and not legal advice.
Our own suite results are self-run and reproducible, not a published certification.
Certification itself is issued by the OpenID Foundation (or an accredited body) on your submission, not by us.
PSDP is currently a pre-incorporation project: engagement contracting is scoped honestly on the gap-scan call, and we’ll tell you plainly what that means before any money moves.

Next step

Book the gap scan

Bring a deployment URL or a roadmap; leave with a concrete read on where you stand. Engineering to engineering.

Start the conversation See the live demos