Offline usage (dp-ABCs)

In some mobile app usecases, it might be relevant to support offline use. In this case, the OLYMPUS framework offers distributed privacy-attribute based credentials (dp-ABCs). A dp-ABC is (in principle) a set of attributes with a special signature from the vIdP. Given a policy, the special signature allows the user client to build a cryptographic proof satisfying the policy, without contacting the vIdP.

This feature does come at a cost: If an attacker gains knowledge of the dp-ABC, it will be able to impersonate the user, hence it must be stored securely. Furthermore, the cryptographic proof constructed from the dp-ABC is not a standard signature (such as RSA or ECDSA), requiring the relying party to use the verifier supplied by the OLYMPUS framework in order to verify the proof.