However, assume the EAT of the previous example is hierarchical and
each claim subset for a downstream consumer is created in the form of
a nested EAT. Then, Transport Layer Security between the receiving
and downstream consumers is not strictly required. Nevertheless,
downstream consumers of a nested EAT should provide a nonce unique to
the EAT they are consuming.
I don't follow how a hierarchical relation changes the required security. Could this be clarified?"
Reference: https://mailarchive.ietf.org/arch/msg/rats/50ZbUkhSrU1cgOLYkir3f1kKFiY/
EAT reference: https://www.ietf.org/archive/id/draft-ietf-rats-eat-19.html#name-multiple-eat-consumers
"** Section 9.4.
However, assume the EAT of the previous example is hierarchical and each claim subset for a downstream consumer is created in the form of a nested EAT. Then, Transport Layer Security between the receiving and downstream consumers is not strictly required. Nevertheless, downstream consumers of a nested EAT should provide a nonce unique to the EAT they are consuming.
I don't follow how a hierarchical relation changes the required security. Could this be clarified?"