Generic nonce endpoint

[OR13]

There was discussion of the nonce endpoint here: https://github.com/openid/OpenID4VCI/pull/381/files#r1752363400

Coauthors and myself worked on a draft presented to IETF OAuth WG on making a generic building block for this:

https://github.com/peppelinux/draft-demarco-oauth-nonce-endpoint

RATs, and protocols not part of OIDCVCI could benefit from an aligned approach.

If there is a chance to pull out enough of this API into a generic document that other systems could build on... that is worth exploring.

[OR13]

There is also https://datatracker.ietf.org/doc/draft-ietf-httpbis-unprompted-auth/ which is worth considering.

The Concealed HTTP authentication scheme allows a client to
authenticate to an origin server while guaranteeing freshness and
without the need for the server to transmit a nonce to the client.

[bc-pi]

There is also https://datatracker.ietf.org/doc/draft-ietf-httpbis-unprompted-auth/ which is worth considering.

The Concealed HTTP authentication scheme allows a client to
authenticate to an origin server while guaranteeing freshness and
without the need for the server to transmit a nonce to the client.

A TLS keying material exporter is pretty much just a nonce from a different layer.