[Openid-specs-ab] Issue #1646: Trust in the resolver (openid/connect)

[David Chadwick]

New issue 1646: Trust in the resolver
https://bitbucket.org/openid/connect/issues/1646/trust-in-the-resolver

David Chadwick:

The current text states “The security trust model changes…\(from trusting no one except the Trust Anchor to\)… trust in the resolver to perform the validation of the cryptographically protected metadata correctly and to provide it with authentic results.” However, if there is a direct trust chain from the resolver to the trust anchor \(with no intermediates\), it should be possible to indicate that the trust anchor trusts the resolver to perform the validation of the cryptographically protected metadata correctly and to provide clients with authentic results. Then the trust model of the resolver’s clients would not change. Clients would still only need to trust their trust anchor.

This could be engineered in different ways, which is open for discussion. For example, we could define a trust mark “trusted resolver” which a trust anchor could award to a trusted resolver. Or we could possibly define a metadata component and type that indicates the protocol for interacting with a trust anchor and that the resolver could use in its Entity Configuration Statement, and the trust anchor in its Entity Statement to indicate this type of trust.

The question to be addressed is this. Is it more realistic to expect numerous clients to know how to determine if a resolver is trusted, or to expect the trust anchor to be capable of determining this.

‌