AuthZEN trust service

[leifj]

Trust evaluation happens inside verifyCertificate. The current implementation only allows for a very straight-forward validation of a client cert against a CA. Implementing support for more complex trust models such as openid federation, ETSI 119 612 (aka trust status lists) would move a lot of complexity into this library.

An alternative is to provide a backend service endpoint that is responsible for trust evaluation and can be configured to handle many different trust frameworks. I propose a solution that builds a trust evaluation endpoint based on the AuthZEN API. AuthZEN is a proposed standard from the OpenID foundation that implements a PDP (policy decision point). The AuthZEN JSON-based protocol is pretty general and can be used to model a request for trust evaluation.

I am working on a prototype over here: https://github.com/leifj/go-trust

[leifj]

https://leifj.github.io/draft-johansson-authzen-trust/draft-johansson-authzen-trust.html

[leifj]

Now also on IETF datatracker: https://datatracker.ietf.org/doc/draft-johansson-authzen-trust/

[leifj]

this is now implemented in github.com/sirosfoundation/vc aka github.com/dc4eu/vc