Latest ARF V1.10 : discrepancies about WUA with adopted CIR requirements and/or topic C

[Nathall7]

Topic C refers to the following [CIR 2024/2979] requirement: « The WUA must contain a public key, where the corresponding private key is protected by a WSCD"

BUT the chapter 6.5.3.4 of the ARF 1.10 only specifies an option
“The PID Provider or Attestation Provider can optionally verify that the private key belonging to this public key is protected by the same WSCD as the private key belonging to the WUA public key, if this is supported by the WSCD.”

Topic C refers to the following [CIR 2024/2979] requirement: « Wallet Units must provide WUA to wallet-relying parties or Wallet Units upon request”. Topic C is even defining two types of WUA: WUA for use case RP and WUA for PID or attestation providers to comply with privacy issue to control the content of WUA legitimate for each case.

BUT the chapter 6.5.3.4 of the ARF 1.10 intends that option might not be feasible in terms of business reasons (and so GDPR compliancy)
“To ensure User privacy, the Wallet Unit presents its capabilities and properties only to PID Providers and Attestation Providers, but not to Relying Parties. This is because PID Providers and Attestation Providers have a valid business reason to know these properties, whereas Relying Parties do not. “