It's about as thin as it can be, given the requirements for offline validation, and the environment it's designed for (airports / other national borders etc).
Nobody wants every verification resulting in a ping back to some central server doing who knows what.
Nobody wants every verification resulting in a ping back to some central server doing who knows what.