Christian Nennemann
ff795c72e6
Address 11 items from peer review: - Fix area designation from Security to ART (WIMSE is in ART area) - Switch inp_hash/out_hash to fixed SHA-256 without algorithm prefix, matching DPoP (RFC 9449) and WIMSE WPT tth claim patterns - Add partial DAG verification guidance for unavailable parents - Add DAG integrity attacks subsection (false parents, pruning, shadow DAGs) - Add privilege escalation subsection (ECTs are not authorization) - Add revocation propagation semantics through the DAG - Add W3C PROV Data Model to Related Work - Strengthen Txn-Token differentiation with fan-in/convergence bullet - Add explicit token binding paragraph to replay prevention - Switch verification step 3 to algorithm allowlist model - Add par/ext claim naming justification notes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
63 KiB
63 KiB