What's missing?
Within the drawings of the sequence diagram for the 6.1 Issuance Flow, the STS is only visualized on the Client-side, but not on the Issuer-side.
Why should it be in the spec?
I think it is inconsistent to explicitate the authentication of the Client via the STS, but not for the Issuer.
Where should this be added?
Inside the Issuance Flow
More context
To my understanding and in current implementations, the Issuer indeed uses an STS to authenticate themselves against the Client's Credential Service.
I suggest this should be standardized for the Issuer in the same way is is for the Client.
What's missing?
Within the drawings of the sequence diagram for the 6.1 Issuance Flow, the STS is only visualized on the Client-side, but not on the Issuer-side.
Why should it be in the spec?
I think it is inconsistent to explicitate the authentication of the Client via the STS, but not for the Issuer.
Where should this be added?
Inside the Issuance Flow
More context
To my understanding and in current implementations, the Issuer indeed uses an STS to authenticate themselves against the Client's Credential Service.
I suggest this should be standardized for the Issuer in the same way is is for the Client.