Hi Kosuke,
the intention of the authors is option 1 ("Use App Attest only during
attestation generation, and rely on Keychain Services for subsequent PoP JWT
signing."). The main motivation for this is to have a common format and
mechanism across all platforms. Furthermore, the clients backend/attester may
have additional signals beyond Apple's app attest that are input for making
the decision to issue a client attestation.
Best regards, Paul
_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org
