Skip to content

[TSP] Require biometric authentication at time-of-upload when securely sharing TSP-encrypted documents #601

New issue
New issue
Open
Feature
Open
[TSP] Require biometric authentication at time-of-upload when securely sharing TSP-encrypted documents#601
Feature
Labels
blocked-on-robiusBlocked on a Project Robius componenttspTrust Spanning Protocol
Milestone
TSP Support Stage 2
@kevinaboos

Description

@kevinaboos
kevinaboos
opened on Oct 8, 2025

"Biometric authentication as a time-of-use check when sending sensitive wallet contents/documents to a room".

Example usage scenario: onboarding workflow

  • A new user (with their own TSP ID) wants to set up access to an existing project
  • They must communicate with an existing administrator or project maintainer in order to set up their privileged access to said project
  • The admin wants to be able to securely verify the new user's identity
  • The admin may also require the new user to sign an agreement, terms of use, or another form of document, e.g., a Developer Certificate of Origin (DCO)
    • Existing approaches for this are just a signature with an account, e.g., DocuSign, or even worse, a scanned image of a physical ink signature.
    • There is no real guarantee that the user who "signed" the agreement/document is actually the person they say they are
  • Key Challenge: The user must be able to provide and attach proof along with the signed document that they are (1) who they say they are, and (2) they are the one who signed the document, all without a centralized authority.
    1. This is where TSP comes in: the TSP ID is algorithmically verifiable and authentic.
    2. Use local biometric authentication (provided by the platform, e.g., FaceID, TouchID/fingerprints) before allowing the user to actually sign the document locally.
    • This is analogous to going to a public notary to sign a document in person under their supervision.
      • In this case, TSP + the platform together act as the notary to verify the user's actual identity and that they were the signatory.
  • Thus, by virtue of the user sending TSP-signed messages in the Matrix room, the admin can be assured that they are who they say they are. Similarly, by virtue of them sending a signed document, the admin can be assured that they are the ones who signed & completed it.
  • TSP + local biometric authentication prevent the attack vector in which your local device is stolen or otherwise compromised.
    • Together, this meets national legal requirements for signatures, similar to public notary services.

Implementation

  • We have a well-tested robius-authentication for this purpose, so it should be relatively straightforward to add this into Robrix.
  • However, uploading actual documents/file content is blocked on Robius's support for rfd on all platforms (currently missing Android).

Metadata

Metadata

Assignees

No one assigned

    Labels

    blocked-on-robiusBlocked on a Project Robius componenttspTrust Spanning Protocol

    Type

    Feature

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions