Details on Session Identifier are not clear in the Explainer
Opened this issue · 0 comments
In the high-level overview diagram there is example of Sec-Session-Registration header returned by the server which contains both session_identifier
and challange
as named parameters. However, further in more detailed description of the Start Session flow the session_identifier
is not present in the examples for Sec-Session-Registration
headers. I think the identifier of the session is required in the header as indicated in the overview section.
Furthermore, the proposed structure of the Registration JWT described in Start Session section of the Explainer does not mention if and how the identifier of the session is going to be provided by the Browser to the Server. I think this is required so the Server can match the registration request sent by the Browser to the sign-in flow response. If my understanding is incorrect, please clarify that aspect of the registration flow.