[Openid-specs-ab] Issue #1482: Proposal on How to establish the trust to a RP in an offline scenario (openid/connect)

[peppelinux]

New issue 1482: Proposal on How to establish the trust to a RP in an offline scenario
https://bitbucket.org/openid/connect/issues/1482/proposal-on-how-to-establish-the-trust-to

Giuseppe De Marco:

**Goal**  
Propose a way to trust a RP without any possibility to query a ledger or any other public infrastructure.  
  
**Hypothetical scenario**  
Bob requests a VP to Alice establishing a link of proximity with NFC, bluetooth, wifi LAN, etc.  
  
**Problem**  
Alice doesn’t have a broadband connection, she doesn’t know who Bob is and she has no reason to trust him.  
In these conditions the VP won’t be released by Alice to Bob, Alice’s Wallet alerts her because it can’t trust Bob \(as today web browsers does with untrusted https certificates, anyway the user can confirm to continue if the user want do that\).  
  
**Requirement**  
A mechanism that allows Alice’s Wallet to trust Bob, even in absence of an internet connection.  
  
**Solution**  
A signed Badge \(as Trust Marks in OIDC Federation\) is presented in the registration objects, in the authz request. This Badge is signed by a trusted issuer. Alice’s Wallets periodically updates all the public keys of the trusted issuers of badges. Bob’s Badge has an expiration timestamp, Bob periodically download all his updated badges before they expires.  
  
In this way Alice’s Wallet can statically verify the signature of Bob’s badge having the proof that Bob is recognizable by a trusted third party, which is the badge issuer.  
  
**Limits**

If Bob is excluded and loses his badges, Alice won’t be able to get Bob’s exclusion without an internet connection, until the badges issued to Bob expire. With a fairly frequent update policy of badges \(24-48h\) and a regulation of the times of exclusion of a subject, the risks do not seem to be relevant.