In the high-level overview diagram there is example of Sec-Session-Registration header returned by the server which contains both session_identifier and challange as named parameters. However, further in more detailed description of the Start Session flow the session_identifier is not present in the examples for Sec-Session-Registration headers. I think the identifier of the session is required in the header as indicated in the overview section.
Furthermore, the proposed structure of the Registration JWT described in Start Session section of the Explainer does not mention if and how the identifier of the session is going to be provided by the Browser to the Server. I think this is required so the Server can match the registration request sent by the Browser to the sign-in flow response. If my understanding is incorrect, please clarify that aspect of the registration flow.
In the high-level overview diagram there is example of Sec-Session-Registration header returned by the server which contains both
session_identifierandchallangeas named parameters. However, further in more detailed description of the Start Session flow thesession_identifieris not present in the examples forSec-Session-Registrationheaders. I think the identifier of the session is required in the header as indicated in the overview section.Furthermore, the proposed structure of the Registration JWT described in Start Session section of the Explainer does not mention if and how the identifier of the session is going to be provided by the Browser to the Server. I think this is required so the Server can match the registration request sent by the Browser to the sign-in flow response. If my understanding is incorrect, please clarify that aspect of the registration flow.