What does a DAA credential represent actually?

[henkbirkholz]

Based on https://mailarchive.ietf.org/arch/msg/rats/okJriJPpapmZgeOfjbVGVP57bQk/

Authentication Secret IDs ('authSecID'): mandatory In DAA, Authentication Secret IDs are represented by the Endorser (DAA issuer)'s public key that MUST be used to create DAA credentials for the corresponding Authentication Secrets used to protect Evidence. In DAA, an Authentication Secret ID does not identify a unique Attesting Environment but associated with a group of Attesting Environments. This is because an Attesting Environment should not be distinguishable and the DAA credential which represents the Attesting Environment is randomised each time it used.

In my understanding, here says that the DAA credential identities the Attesting Environment. Compared with the description in the “Attester Identity” part, what does the DAA credential represent actually?

[Liqun-Chen]

Because the Attester is bound with the Attesting Environment, the DAA credential represents the Attester's identity and also the Attesting Environment.

[henkbirkholz]

Moved to draft-birkholz-rats-daa

[William-PanWei]

Because the Attester is bound with the Attesting Environment, the DAA credential represents the Attester's identity and also the Attesting Environment.

The DAA credential directly represents the Attesting Environment, and indirectly represents the Attester's identity because the Attester owns this Attesting Environment, do I understand correctly? But the Attester may have several Attesting Environments, in such case will the Attester have several identities?