Lukasz Jaromin

1. Probably not given that it can be modified by an attacker. Maybe inclusion of the origin sourced from the user_agent in the response could help? 2. These alternatives make...

> Can you please explain how an access token issued by the AS would facilitate sharding of nonces with the credential issuer? @sorotokin Re: the WG discussion on June 10th,...

The High Assurance name obliges to prevent reply attacks. Makes sense to me. Shall we define any further requirements/recommendations regarding the nonce quality and reusability?