Kristina

In https://datatracker.ietf.org/doc/html/draft-ietf-oauth-attestation-based-client-auth-04 iss in Client Attestation PoP JWT is > iss: REQUIRED. The iss (subject) claim MUST specify client_id value of the OAuth Client. sub in Client Attestation JWT >...

we introduced request_uri_mode post in OID4VP, so guess the question is do we want to introduce it in HAIP or not?

let's discuss in the WG, and decide if we add any text about request_uri_method post

now that client_metadata has been improved in oid4vp, we should add it back

I think things have changed - now that we have client_metadata much better defined in OpenID4VP, we might be ok mandating client_metadata? and it is actually needed for response encryption,...

based on few other issues (like #101), it would be very beneficial to add a section in HAIP, explaining that `HAIP specifies the key resolution mechanisms, but how to establish...

closing in favor of #140

i personally don't think it is necessary..

issue open for more than a year without progress... closing for now in a week unless strong opposition

sounds like the value `haip` has stuck and has been used in implementations.