Closed chris-wood closed 2 years ago
@dvorak42 @smhendrickson suggested also adding informative references to W3C work
Notes to self: We should directly point to the combined attestor-issuer model for cases that don't have these constraints.
Probably should be a paragraph in motivation section
One could imagine trying to implement rate limiting with the basic issuance protocol, e.g., by using an attester trusted by the origin to issue a fixed amount of tokens per time period. However, in this model, the attester would necessarily learn the origin information, breaking per-client and per-server separation. We should add more text motivating the attester/issuer split, and the motivation for the current design.