This reads like GPT-5 output. Anyone familiar with the model will recognize its distinctive style. While using LLM-generated content isn't inherently wrong, why not share the prompts? It's like presenting a book summary without naming the book.
My original idea was to have the bank sign a thing that contained your ip address and user agent; have the bank add in an age claim; and copy/paste it to the RP.
I figured it would produce a document a little more on point.
This setup with webauthn feels like overkill; but with banks and regs - it feels more beefy without adding a substantial amount of complexity.
