Verifier API

The verifiers in the project are mostly minimally viable implementations that needs to be extended by any RP that wishes to integrate with Olympus. However, tokens created by Password JWT, Distributed RSA or Pesto client/IdP are fully JWT compatible using RSA 2048 and thus can be verified using any library supporting this format. The content of the token must still be processed appropriately though, e.g. as an Open ID Connect token. The proof-of-concept verifier for JWT can be found in the package eu.olympus.verifier in the class JWTVerifier, which takes a Token as input and verifies the signature on this against a provided public key.

For dp-ABC tokens a class PSPABCVerifier is also provided in the package eu.olympus.verifier which must be setup using Olympus specific parameters and key material, that can be obtained through the IdP REST handles. This verifier can verify a presentation token (constructed by the dp-ABC client) according to a specific, public Policy. This policy specifies which of the user’s attributes should be leaked to the verifier. However, the policy also allows the user to specify revealing a range membership of one of its attributes, instead of the exact value. This can for example be used with simple integer ranges, but also dates and thus allows increased privacy for the user towards the verifier while still allowing the verifier to assert that the needed constraints are met. This can e.g. be used to verify a user is above the age of 18 (assuming that the virtual IdP holds the user’s birthday).