Section 6.2.3.5 could be softened a bit. The first sentence should include, “… and a suitable FIDO credential is not available on the consumption device.” In most patterns, this mechanism is used to bootstrap a new credential on the device, rather than using this mechanism for authN every time.
PieterKas
commented
2 months ago
Feedback from Dean Saxe during WGLC
https://mailarchive.ietf.org/arch/msg/oauth/T9XDSCqvVWPQAjDHjkH9iOQXsOo/