Links

Feedback to user

Once the PKSA receives a challenge request from the HAS, it should check if it has access to the required private key.
If it has access to the required private key, it should display information about the request to the user and ask for approval or denial, else it should ignore the request.
It is strongly suggested to the APP and the PKSA to display part or all of the uuid of the challenge request to the user. This will allow them to match it on both endpoints and be sure they approve the right request.