[Openid-specs-ab] Issue #1551: Administrative Trust in the RP (openid/connect)
David Chadwick
issues-reply at bitbucket.org
Thu Jul 14 13:44:55 UTC 2022
New issue 1551: Administrative Trust in the RP
https://bitbucket.org/openid/connect/issues/1551/administrative-trust-in-the-rp
David Chadwick:
Wallets may need to decide if RPs are administratively trusted prior to asking the user for consent to send credentials to the RP. \(Note administrative trust is not the same as cryptographic trust, which can be established with a TLS link to the RP.\) We have already specified a mechanism for RPs and wallets to administratively trust issuers, **regardless of the trust infrastructure used,** and we need a similar mechanism to enable trust in RPs. The following methods are suggested:
1. The RP adds a trust\_federation property to its metadata, listing the names of the trust federations that it purports to be a member of;
2. The RP sends its trust\_federation property values to the wallet along with the presentation request.
Note that the trust federation property values asserted by the RP may be true or false. It is the responsibility of the wallet to determine whether any of the values are true or not by using the method specified by its trust infrastructure. The inputs to this algorithm are: the name of the RP and the name of asserted trust federation.
More information about the Openid-specs-ab
mailing list