SpruceID Developer Update #36

At SpruceID, we’re letting users control their identity and data across the web. Here’s the latest from our development efforts.

SpruceID Developer Update #36

In case you missed it, check out our previous update here:

SpruceID Developer Update #35
At SpruceID, we’re letting users control their identity and data across the web. Here’s the latest from our development efforts.

At SpruceID, we’re letting users control their identity and data across the web. Here’s the latest from our development efforts:


SpruceKit is a collection of libraries that power your application to accept digital credentials from users on their terms, originate trusted information for users, and interact with user data vaults. SpruceKit consists of the following open-source libraries:

  • SSX
  • Sign-in with Ethereum
  • DIDKit
  • TreeLDR
  • SpruceKit also provides access to Kepler and Rebase


SSX (Self-Sovereign Anything) is the easiest way to integrate Sign-In with Ethereum, enable DAO logins, resolve ENS names, and more. It is the go-to library for developers in Web3 to get started with decentralized identity.

  • Research around WebAuthn around creating a consistent signing identity using WebAuthn, creating and signing capability objects using WebAuthn, and using WebAuthn signers with EIP-4337.


Kepler is a decentralized storage network organized around data overlays called Orbits. Kepler allows users to securely share their digital credentials, private files, and sensitive media to blockchain accounts, all using your Web3 wallet.

  • Kepler is currently being updated to adopt the latest versions of the UCAN spec (v0.10) and the CACAO spec (v3) (#155). This will keep Kepler up to date with the latest work in cryptographic object capabilities, and help to streamline code while improving performance and safety.


DIDKit provides Verifiable Credentials and Decentralized Identifier functionality across different platforms. DIDKit's core libraries are written in Rust due to Rust's expressive type system, memory safety, simple dependency web, and suitability across different platforms including embedded systems, but the comprehensive DIDKit SDK includes many libraries and interfaces for using it almost everywhere.

  • ssi-ucan is being updated to support the latest iteration of the UCAN spec: version 0.10 (#510). This will enable SSI users to take advantage of cryptographic object capabilities for delegating, invoking, and revoking permissions.
  • Last month, we upgraded our cryptographic libraries to address a vulnerability with ed25519 keys (ssi#532).
  • A major refactor of ssi continues to be underway. This refactor will help us to better handle Linked Data and generally improve our implementation of the various Verifiable Credentials and Decentralised IDs specifications (#508). The general API redesign is over, and we are now rewriting all ssi tests and making sure the new implementation does not introduce regressions.


TreeLDR is a schema definition language that aims to describe both the structure and semantics of the defined schema in a comprehensible way. It lies at the intersection between RDF and structure-oriented schema definition frameworks such as JSON Schema.

  • Working on a formal specification of TreeLDR’s layout ontology. RDF is the intermediate representation used by the TreeLDR compiler. Having a formal specification of TreeLDR's layouts in RDF will allow us to:
    • derive a formal definition of the TreeLDR language itself, based on this ontology, leading to the stabilization of TreeLDR;
    • enable developers to write extensions for TreeLDR through RDF.


  • Support for ReCaps (and Delegated Attestation flows, as a result) is now available. This opens the door to allowing Kepler and Rebase to share a delegation and only requires one signing operation before the user can create and store credentials without re-signing.
  • A new, more flexible WASM compilation build chain that enables easy importation of the WASM library into the browser, Node, and other WASM-targeting Rust libraries.
  • Automated testing of all the flows that were missing tests (e-mail, NFT, POAP, Attestation, and Delegated Attestation).
  • Full support of did:key for ed25519 keys as both issuer and subject. Key additions broaden what applications can be built on top of it and open the door for user-defined credentials which are required for content authenticity projects.

About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions. If you're curious about integrating SpruceID's technology into your project, come chat with us in our Discord.