OIDF-automation

### Imported from AB/Connect bitbucket - Original Commenter: KristinaYasuda discussed in the Atlantic Connect call. It was agreed that the diagram would be helpful to understand the attacker model. So...

### Imported from AB/Connect bitbucket - Original Commenter: ve7jtb To David’s question, the attacker could get the access token, but the attack is to switch that access token with the...

### Imported from AB/Connect bitbucket - Original Commenter: dwc8 One point we might have missed is that W3C VCs do not need to have a proof key \(typically a DID\)....

### Imported from AB/Connect bitbucket - Original Commenter: tlodderstedt The binding between proof and access token can be established by the Authorization Server/ the Credential Issuer, respectively, by binding the...

### Imported from AB/Connect bitbucket - Original Commenter: bifurcation Sorry for letting this sit for a while. @{557058:49426bbc-8680-4881-9fc8-079d2c6aed99} , you are correct that having the AS/Issuer bind the `c_nonce` to...

### Imported from AB/Connect bitbucket - Original Commenter: bifurcation To be clear though, I think a change is still needed. To add `ath` or to add a requirement on `c_nonce`,...

### Imported from AB/Connect bitbucket - Original Commenter: KristinaYasuda The following text is being added in PR #535. would this be good enough? On SIOP call, there seemed to be...

### Imported from AB/Connect bitbucket - Original Commenter: josephheenan I was tempted to make a comment onto [https://bitbucket.org/openid/connect/pull-requests/535/adding-security-considerations-on-the](https://bitbucket.org/openid/connect/pull-requests/535/adding-security-considerations-on-the) but this issue is probably a more appropriate place. It’s interesting to...

### Imported from AB/Connect bitbucket - Original Commenter: authlete-taka The current spec provides implementers with two choices. | | **c\_nonce from token endpoint** | **round trip at credential endpoint** |...

### Imported from AB/Connect bitbucket - Original Commenter: b_d_c The wallet implementation needs to be able to handle an `invalid_proof` \(or `invalid_or_missing_proof` b/c the draft currently has both\) error/challenge in...