Vendor-neutral open specification for digital identity, institutional trust exchange, operator governance, and optional extended modules.
Live site: odtis.org · Version: 0.9.0-draft · License: CC BY 4.0 · Copyright: FinnectOS, Inc.
ODTIS defines normative MUST/SHOULD/MAY requirements, six adoptable conformance profiles, machine-readable annexes (OpenAPI, events, registry), and an L1/L2/L3 verification model. Implementations may be open source or proprietary; conformance is proven by tests and published statements, not by using any single vendor stack.
VenID is the first reference implementation (separate repository). You do not need VenID code to implement ODTIS.
| You are… | Start with |
|---|---|
| New to ODTIS | Getting started on the spec site |
| Implementing or procuring | Adoption guide |
| Verifying conformance | Conformance overview |
| Citing or packaging | How to cite |
| Contributing | Contributing guide · Review cycle 1 (open until 2026-06-26) |
Authoritative specification text is English only (Language policy).
| Item | State |
|---|---|
| Lifecycle | Review draft (Spec stages) - not ODTIS 1.0.0 |
| Normative sections 1-10 | Review draft complete |
| Annex A OpenAPI | Frozen @ 0.9.0-draft |
| Registry | 149 ODTIS requirement IDs |
| Conformance suite | 159 test procedures (85 with smoke evidence) |
| Public site | odtis.org |
| Steward | FinnectOS, Inc. (interim; Foundation charter draft) |
Full metrics: Project status · Roadmap: Build plan
| Resource | Role |
|---|---|
| odtis.org | Specification website (built from this repo) |
| This repository | Normative source: spec/, registry/, annexes/, conformance/ |
| Core Impl | VenID reference implementation (private during Phase 3.2) |
| digitaltrustinfrastructure.org | Research organization - informative books and papers (not vendored here) |
Sibling layout (optional, for RI smokes and local site build):
workspace/
├── core-spec/ # this repository
├── core-impl/ # VenID RI (optional)
└── build/ # gitignored MkDocs output (odtis-spec-site/)
See Repository map.
├── spec/ # Sections 1-10 + adoptable profiles
├── registry/ # Requirement IDs, terminology, events, profiles
├── annexes/ # A (OpenAPI, frozen) - D
├── conformance/ # L1/L2/L3 tests and certification guides
├── governance/ # IPR, stages, review, maintainers
├── publication/ # Citation, Zenodo packaging
├── implementation/ # RI map, gaps, conformance statements (informative)
├── traceability/ # RF ↔ ODTIS automation
├── scripts/ # Validators, site build, release tools
└── site/ # MkDocs sources → odtis.org
| Profile | Sections | Tests | Smoke-evidenced | Req IDs |
|---|---|---|---|---|
| Reference Architecture | 1 | 10 | 1 | 10 |
| Core Identity | 2, 3, 5 | 58 | 9 | 45 |
| Trust Network | 4 | 30 | 18 | 27 |
| Federation | 6 | 8 | 8 | 8 |
| Operator | 7-10 | 30 | 25 | 36 |
| Extended | Annex D | 23 | 20 | 25 |
| Total | 159 | 85 | 149 |
Details: Profile definitions · Profile comparison
From this repository root:
python3 scripts/validate-registry.py
python3 scripts/sync-spec-version.py --check
./conformance/run.shWith a live deployment target (L2):
export ODTIS_TARGET=https://your-staging.example/realms/your-realm
python3 scripts/run-conformance.py --level L2 --profile core-identity./scripts/build-site.sh
source .venv-site/bin/activate # created on first build
mkdocs serve -f site/mkdocs.yml # http://127.0.0.1:8000Maintainers: Site overview · Deploy to odtis.org (local credentials, gitignored)
We welcome clarifications, editorial fixes, sandbox L2 reports, and RFC-track normative proposals.
- Read Contributing guide and Code of conduct
- Check Review cycle 1 for open feedback items
- Open an issue or PR against
main
Normative contributions are published under CC BY 4.0. Copyright holder: FinnectOS, Inc. See IPR policy.
Maintainers: GitHub setup guide (public repo, Discussions, labels, branch protection).
Specification text in this repository is licensed under Creative Commons Attribution 4.0 (CC BY 4.0).
- Copyright: FinnectOS, Inc. (interim; intended transfer to ODTIS Foundation upon incorporation)
- Trademarks (ODTIS, ODTIS Certified, VenID, FinnectOS) are not granted by CC BY - see Trademark policy
- Referenced papers/books may use separate licenses (often on digitaltrustinfrastructure.org)
Report specification or site security concerns to info@odtis.org. Do not open public issues for undisclosed vulnerabilities. See Security.
| Document | Description |
|---|---|
| Adoption guide | Profiles, certification, honest maturity claims |
| Governance | Stages, IPR, certification program |
| Certification | L1 / L2 / L3 levels |
| How to cite | Academic and procurement citation |
| Changelog | Release history |
| GitHub setup | Publish checklist, Discussions, branch protection |