This session is about how a website interacts with a TokenScript that describes an attestation.
There are 3 scenarios - each one requires a card, the first and last are action cards while the middle one a token card. This means the TokenScript for identifier (email/mobile number) attestation has 3 cards in it.
- An attestor website asks for an attestation signing request - for which a tokenscript describes a signing request action card, which produces a signed message (the signing request).
- A user obtains an attestation. This can be done by either downloading a X.509-like DER encoded attestation (through special MIME type) or a magic link
- A website asks for attested email/mobile number (e.g. for logging-in). The user proves his ownership over an email address or a mobile number through an attestation.