Public roadmap
What we shipped. What we are building. What is next.
Every line item below carries a ship-status label so adopters, grant reviewers, and pitch audiences can plan against verifiable state. When something moves between statuses, this page updates on the same commit. Nothing is labeled "shipped" until it is publicly usable.
Shipped
Available today
Currently publicly usable. Every item below has a public repository, a public deployment, or a published specification. This is the credibility floor for grants and pitches.
did:sns Method Specification Shipped
W3C DID method anchored to Solana Name Service. Full CRUD spec, 186-test implementation report, deployed at spec.attestto.com/did-sns.
spec.attestto.com/did-snsvLEI Solana Bridge Shipped
Anchor program with Groth16 zero-knowledge proofs and soulbound Program Derived Accounts. Deployed to Solana mainnet at GLEif8Rf1NFiuGPXxD7n3sakuNH6SZPFfoZMg1pBVEFm.
Attestto-com/vLei-Solana-BridgeVerifiable Credentials SDK Shipped
W3C VC 2.0 SDK at attestto-com/vc-sdk. Any credential type, any DID method, Ed25519 or P-256. Costa Rica extension SDK at attestto-com/cr-vc-sdk with 11 credential types.
Attestto-com/vc-sdkCredential Wallet Extension Shipped
Browser extension at Attestto-com/attestto-creds-extension. SD-JWT and JSON-LD VCs, DIDComm v2 messaging, Shamir 2-of-3 recovery, AES-256-GCM vault.
Attestto-com/attestto-creds-extensionVerify Web Components Shipped
Drop-in JavaScript components for document verification at verify.attestto.com. Apache 2.0, no login, no backend, no data transmitted.
verify.attestto.comPDF Signing and Verification Shipped
PDF engine with PAdES-B / T / LT signing, QR embed, and Solana anchoring. Powers attestto-desktop and third-party integrations.
Attestto-com/attestto-verifyAttestto Anchor Service Shipped
Federation-ready HTTP service for anchoring content hashes to Solana via the Memo program with Merkle batching. Clone-and-deploy.
Attestto-com/attestto-anchorTrust Anchor Mirror Shipped
Independent public mirror of national PKI trust roots at attestto-com/attestto-trust. Costa Rica Firma Digital first, multi-country roadmap.
Attestto-com/attestto-trustAttestto Desktop Shipped
Sovereign identity desktop application with SQLCipher-backed vault, mandatory Shamir 2-of-3 guardian recovery, offline verification.
Attestto-com/attestto-desktopDID Resolvers (did:sns, did:pki) Shipped
Standalone and unified DIF Universal Resolver drivers. HTTP API compliant. Deployable independently or under one service.
Attestto-com/attestto-did-resolverVCP CLI (Verifiable Content Provenance) Shipped
Embed-first content envelope CLI. Signs and verifies vcp metadata blocks inside PDF, JPEG, or a sidecar for any file. Ed25519 + JCS RFC 8785. Natural carrier for IEAL claims. Working Draft v0.1 spec + reference implementation.
In progress
Building now (2026 H2)
Actively under construction. Timelines are best-effort and may shift based on customer pilots or grant milestones. Nothing here is currently shippable in production.
IEAL Specification v0.1 In progress
Identity Evidence Assurance Level. Three-axis compositional model published as a Working Draft. Standards-community engagement at W3C CCG and DIF planned. NIST SP 800-63-4 crosswalk drafted.
spec.attestto.com/iealdid:pki Method Specification In progress
W3C DID method for national PKI hierarchies. Draft v0.1.0 with active W3C DID methods registry pull request.
Attestto-com/did-pki-specFirma Digital PKCS#11 Signing In progress
Complete the Costa Rica national signing path. Verify path is shipped; signing pipeline integrates with BCCR PKCS#11 tokens.
PAdES-LTA with Solana Anchor In progress
Long-term archival PDF signing with Solana replacing the traditional Timestamp Authority. Embeds cert chain, DID doc snapshot, and Solana receipt in the PDF Document Security Store.
Attestto-com/attestto-verifyAttestto Mobile PWA In progress
Companion mobile app for camera-attested capture. Pairs with desktop via QR over local network for two-device flows.
Attestto-com/attestto-mobileSovereign Pass SBT In progress
Non-transferable soulbound token proving verified identity after KYC. Public metadata schema at attestto-com/sovereign-pass-metadata.
Attestto-com/sovereign-pass-metadataKYC / KYB API In progress
Identity and business verification with document AI, sanctions screening, and beneficial ownership analysis. Building under CORTEX platform.
OpenID4VP Presentation In progress
OpenID for Verifiable Presentations with selective disclosure via SD-JWT. Full offline-capable revocation status list checking in build.
Attestto-com/id-wallet-adapterPlanned
Scheduled (2026 Q4 through 2027)
Committed to build subject to customer or grant triggers. Nothing here is under active construction yet. Priority ordering reflects current pipeline; specific quarters may shift.
Play Integrity + App Attest Planned
Android Play Integrity API and Apple App Attest integration in attestto-mobile for hardware-attested capture. Enables IEAL Capture axis values C1 and C2. Priority P2 per IEAL implementation roadmap.
PAD Vendor Integrations Planned
ISO/IEC 30107-3 certified PAD provider integrations for IEAL Algorithm axis values A3 and A4. Customer-triggered per vendor-neutrality policy. Mitek, iProov, FaceTec are candidate integrations.
.attestto Container Format Planned
File envelope carrying encrypted witnesses, VC commitments, attestation blobs, and access-control policies for institutional dual storage. Design ADR pending, follow-on to IEAL v0.1.
Multi-stablecoin Treasury Rails Planned
Stablecoin-agnostic treasury infrastructure. USDC and EURC via Circle CCTP, USDG via the Global Dollar Network, and OUSD (Open Standard consortium, Solana-native, launching late 2026) as it matures. Rail selection follows regional partner and merchant preference, not vendor lock-in. Organization-scoped, governance-approval-gated, settlement batching supported.
Squads Multisig Vaults Planned
Product-level governance multisig on Solana Squads v4. 2-of-3 or custom thresholds for domain, asset, and signing-key custody.
LEI Issuance and Maintenance Planned
Legal Entity Identifier issuance and annual maintenance for Attestto Inc.'s own entity chain first, then a public issuance service. GLEIF-compatible under vLEI framework.
Colegio and Notary Onboarding Kit Planned
Turn-key onboarding for Costa Rica professional colegios (bar, medical, engineering) and notary offices. Ties professional-attestation model to Firma Digital signing.
Digital Currency Rails (CRCD) Planned
Stablecoin on-ramp, off-ramp, and cross-border settlement. Costa Rica digital colón (CRCD) proof of concept depends on BCCR partnership timelines.
Research
Under exploration (2027+)
Long-horizon research items with no build commitment. Included for transparency about where we think the space is heading. Priority is guided by standards-community direction and customer signals.
Post-Quantum Signing Research
ML-DSA-65 hybrid signing (NIST FIPS 204). Migration path documented. Shipping target aligned with the industry 2030 timeline for post-quantum readiness.
Zero-Knowledge Predicates Research
Range proofs and set-membership proofs in OpenID4VP presentations. Depends on standardization progress and mobile ZK proving performance.
Session-Based IEAL Research
Extending IEAL from single-capture to session-based continuous assurance. Applicable to remote proctoring, multi-party signing ceremonies, and long-lived KYC sessions.
Cross-Jurisdiction Issuer Registry Research
ToIP Trust Registry Protocol implementation for cross-jurisdiction issuer discovery and trust chain composition. Aligns with HAVID.
AI-Mediated Onboarding Research
Conversational identity provisioning with on-device LLMs. Consciousness Shards architecture. Governed by per-event consent per IEAL Storage axis.
On-Chain Cap Table Research
Regulatory-cleared on-chain equity structures. Blocked on securities-law clarity across LATAM jurisdictions. Watching but not building.
Standards engagement
Where we participate
Standards work is core to Attestto's positioning. Publishing specifications and engaging peer standards bodies is not a marketing tactic; it is how the identity infrastructure category matures. Below is our current engagement track.
W3C Credentials Community Group In progress
Active engagement on did:pki registry, did:sns discussion, IEAL peer review, and related identity primitives.
w3c-ccg.github.ioDecentralized Identity Foundation (DIF) In progress
HAVID alignment via peer discussion. IEAL scope introduced as a compositional identity assurance model for DIF adopters.
identity.foundationNIST SP 800-63-4 Planned
NIST 800-63-4 was finalized 2025-07-31. When NIST opens a future revision comment window, IEAL will be part of our submission. Meanwhile we publish an informative crosswalk.
pages.nist.gov/800-63-4ToIP Trust Registry Protocol Research
Watching HAVID and TRP developments for interoperability with our federated trust bootstrap model. Long-term direction depends on ToIP publication cadence.
trustoverip.orgGLEIF vLEI Framework Shipped
vLEI Solana Bridge deployed as an on-chain implementation of the GLEIF vLEI Framework. Attestto Inc. LEI issuance and maintenance planned as a follow-on service.
gleif.org/vleiOpenID Foundation (OIDF) Planned
OpenID4VP and OpenID4VC implementer conformance. Attestto's presentation flow targets full HAIP 1.0 alignment.
openid.net/wg/dcpHow to read this roadmap
- Shipped Shipped: publicly usable today. Has a public repository, deployment, or published specification.
- In progress In progress: under active construction. Timelines are best-effort. Not shippable in production yet.
- Planned Planned: committed subject to customer, grant, or pilot trigger. Not under active construction.
- Research Research: exploratory. No build commitment. Included for transparency about long-horizon direction.
This roadmap is honest about ship status because we would rather ship credibility over hype. A category-defining specification is worth more than a coming-soon claim. If a line item is important to your evaluation, ask us for the current state.