@Christian: If you want to replace certificates with JWT/CWT (in case using it
for QEAA acc. Art. 45b ff.) it might be meaningful regarding validation (and so
revocation subjects) to have look into current development of ETSI EN 319 102
(last version 03/24) which defines current signature valida
The following errata report has been submitted for RFC9470,
"OAuth 2.0 Step Up Authentication Challenge Protocol".
--
You may review the report below and at:
https://www.rfc-editor.org/errata/eid7951
--
Type: Technical
Report
This seems to be logical - the authentication event would always be before the
token was issued in the usual case. However, assuming that the AS "upgrades" an
existing token in-place during a step up, isn't it possible for the latest
relevant authentication event to come after the token was init
