Peter Sorotokin

Based on my implementation experience, having nonce endpoint issue nonces/challenges that can be used by any session is a big red flag. It is not a big issue on a...

> Can you please explain how an access token issued by the AS would facilitate sharding of nonces with the credential issuer? Nonces can be scoped to the access token....

> Out of curiosity: have you implemented your current version with self-contained nonces? I think I understand your point, but from my experience what people would do for such larger-scale...

> [@sorotokin](https://github.com/sorotokin) Re: the WG discussion on June 10th, and to add to [@tlodderstedt](https://github.com/tlodderstedt)'s question above — if one makes a design choice to implement session stickiness and wants to...

> I think it might be an option to require the wallet to pass an access token, but leave it upto the issuer whether it actually requires & checks the...

> The problem I see with always using an access token is that this would require DPoP (if DPoP is used by the AS) as well which might add significant...