diff --git a/ADIA-Security-Reference.bs b/ADIA-Security-Reference.bs
index 3d94312..80ec2cf 100644
--- a/ADIA-Security-Reference.bs
+++ b/ADIA-Security-Reference.bs
@@ -33,14 +33,16 @@ spec:webidl; type:interface; text:Promise
 
 # ADIA Security and Privacy Goals # {#sctn-adia-secref-goals}
 1. Allow Users to present a claim to the service provider, where
-    1. SG-1: the service provider can verify that the shared claim was issued by an Issuer belonging to the ADIA ecosystem (and the assurance level this issuer was vetted at) and    
-    2. SG-2: the service provider can verify that the entity presenting the claim is the subject of that claim    
-2. SG-3: Ensure that the user needs to consent with the action of sharing the claim(s)
-3. SG-4: Ensure that the user can select the claims to be shared (not only all claims or none).
-4. SG-5: Ensure the issuer doesn't learn who the service provider is (Note: the service provider will learn who the issuer is)
-5. SG-6: Ensure that a service provider that receives two claims doesn't learn whether the two claims belong to the same user *beyond* the degree of overlapping claims, i.e. We don't introduce another correlation handle.  For example, if a service provider receives two claims that the respective subject is older than 21, there is no way for the service provider to know whether the two claims belong to the same or two different users.  In the case the full name, birthdate etc. are included in the claims the service provider will learn that two claims containing the same attributes will likely or even certainly relate to the same users.
-6. SG-7: Assessable level of assurance - throughout the system (IAL and AAL)
-7. SG-8: Robust minimum assurance level with
+    1. <dfn>SG-0</dfn>: the claims accurately reflect the subject and
+         owner of the <a>VC</a>
+    2. <dfn>SG-1</dfn>: the service provider can verify that the shared claim was issued by an Issuer belonging to the ADIA ecosystem (and the assurance level this issuer was vetted at) and    
+    3. <dfn>SG-2</dfn>: the service provider can verify that the entity presenting the claim is the subject of that claim    
+2. <dfn>SG-3</dfn>: Ensure that the user needs to consent with the action of sharing the claim(s)
+3. <dfn>SG-4</dfn>: Ensure that the user can select the claims to be shared (not only all claims or none).
+4. <dfn>SG-5</dfn>: Ensure the issuer doesn't learn who the service provider is (Note: the service provider will learn who the issuer is)
+5. <dfn>SG-6</dfn>: Ensure that a service provider that receives two claims doesn't learn whether the two claims belong to the same user *beyond* the degree of overlapping claims, i.e. We don't introduce another correlation handle.  For example, if a service provider receives two claims that the respective subject is older than 21, there is no way for the service provider to know whether the two claims belong to the same or two different users.  In the case the full name, birthdate etc. are included in the claims the service provider will learn that two claims containing the same attributes will likely or even certainly relate to the same users.
+6. <dfn>SG-7</dfn>: Assessable level of assurance - throughout the system (IAL and AAL)
+7. <dfn>SG-8</dfn>: Robust minimum assurance level with
     1. Credential guessing resilience, i.e. provide robust protection against eavesdroppers, e.g. be resilient to physical observation, resilient to targeted impersonation, resilient to throttled and unthrottled guessing
     2. Credential Disclosure Resilience: Be resilient to phishing attacks and real-time phishing attack, including resilience to online attacks by adversaries able to actively manipulate network traffic
     3. Verifier Leak Resilience: Be resilient to leaks from other relying parties. I.e., nothing that a verifier could possibly leak can help an attacker impersonate a user to another relying party (e.g. claim's subject to service provider or user to issuer).
@@ -53,27 +55,188 @@ Issue: The DAS will learn whenever claims are presented - this needs
     to be discussed somewhere.
 
 # ADIA Assets to be Protected # {#sctn-adia-secref-assets}
-See section "Trust Model" of the ADIA specification.
+See section "Trust Model" of the ADIA specification for an overview.
 
-1. Private keys of:
-    1. ADIA Global Directory
-    1. ADIA Regional Directory
-    1. Digital Address Service (DAS), key maintained by the DAS agent.
-    1. Issuer, key maintained by the Issuer Agent.    
-    1. Service Provider, key maintained by the Service Provider Agent.    
-    1. User
-        1. DAS User ID key, maintained by the DAS User Agent	
-        2. FIDO keys, maintained by the user's FIDO Authenticator(s), and all other FIDO related assets that need protection, see
-            <a href="https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html#assets-to-be-protected">FIDO
-            Security Reference</a>.
+## Private Key Assets ## {#sctn-adia-secref-assets-sk}
+The following private keys need to be protected against disclosure ("confidentiality protection"):
+
+<figure id="fig-privkey-asset-protection">
+ <table><COLGROUP width="100%"><COL width="60%"><COL width="40%"></COLGROUP>
+  <thead>
+   <tr><th>Asset</th><th>Protection Method</tr>
+  </thead>
+  <tbody>
+   <tr> <td>AGD_ID_SK</td> <td>TODO</td> </tr>
+   <tr> <td>ARD_ID_SK</td> <td>TODO</td> </tr>  
+   <tr> <td>DAS_USER_ID_SK</td> <td>TODO</td> </tr>  
+   <tr> <td>USER_FIDO_SK</td> <td>maintained by the user's FIDO Authenticator(s), and all other FIDO related assets that need protection, see
+        <a href="https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html#assets-to-be-protected">FIDO
+        Security Reference</a>.
+	</td>
+   </tr>  
+   <tr> <td>DAS_ID_SK</td> <td>TODO</td> </tr>  
+   <tr> <td>ISSUER_ID_SK</td> <td>TODO</td> </tr>  
+   <tr> <td>SP_ID_SK</td> <td>TODO</td> </tr>  
+  </tbody>
+ </table>
+ <figcaption>Protection of Private Keys</figcaption>
+</figure>
+
+
+## Data Relation Assets ## {#sctn-adia-secref-assets-relations}
+
+<figure id="fig-data-asset-protection">
+ <table><COLGROUP width="100%"><COL width="60%"><COL width="40%"></COLGROUP>
+  <thead>
+   <tr><th>Asset</th><th>Protection Method</tr>
+  </thead>
+  <tbody>
+   <tr> <td>Issuer stored identity proofing records and their relation to the User's DA</td> <td>Stored in Issuer DB
+
+Issue: Is this proprietary to the Issuer?  Do we have minimum security
+    requirements for that? Do we specify a minimum retention period
+    for this?
+    </td> </tr>
+   <tr> <td>Relation of a Digital Address to a Trust Anchor in
+          general</td> <td>Stored in AGD as (TA, ID, DA, HomeDASId) tuple.
+
+Issue: What is the protection method?  How can that be audited?
+     </td> </tr>  
+
+   <tr> <td>AGD_ID to AGD_DA relation</td> <td>Stored in AGD as (TA, ID, DA, HomeDASId) tuple.
+
+Issue: What is the protection method?  How can that be audited?
+     </td> </tr>
+   <tr> <td>ARD_ID to ARD_DA relation</td> <td>Stored in AGD as (TA, ID, DA, HomeDASId) tuple.
+
+Issue: What is the protection method?  How can that be audited?
+     </td> </tr>
+   <tr> <td>DAS_USER_ID to User's DA relation</td> <td>Stored in ARD as (TA, ID, DA, HomeDASId) tuple.
+
+Issue: What is the protection method?  How can that be audited?
+    </td> </tr>
+   <tr> <td>DAS_ID to DAS_DA relation</td> <td>Stored in AGD as (TA, ID, DA, HomeDASId) tuple.
+
+Issue: What is the protection method?  How can that be audited?
+    </td> </tr>
+   <tr> <td>ISSUER_ID to ISSUER_DA relation</td> <td>Stored in AGD as (TA, ID, DA, HomeDASId) tuple.
+
+Issue: What is the protection method?  How can that be audited?
+      </td> </tr>
+   <tr> <td>SP_ID to SP_DA relation</td> <td>Stored in AGD as (TA, ID, DA, HomeDASId) tuple.
+
+Issue: What is the protection method?  How can that be audited?
+      </td> </tr>
+
+   <tr> <td>DAS_USER_ID_PK to DAS_USER_ID relation</td> <td>signed DIDDoc-USER</td> </tr>
+   <tr> <td>ISSUER_ID_PK to ISSUER_ID relation</td> <td>signed DIDDoc-ISSUER</td> </tr>
+   <tr> <td>SP_ID_PK to SP_ID relation</td> <td>signed DIDDoc-SP</td> </tr>
+   <tr> <td>DAS_ID_PK to DAS_ID relation</td> <td>signed DIDDoc-DAS</td> </tr>
+   <tr> <td>ARD_ID_PK to ARD_ID relation</td> <td>signed DIDDoc-ARD</td> </tr>
+   <tr> <td>AGD_ID_PK to AGD_ID relation</td> <td>signed DIDDoc-AGD</td> </tr>
+
+   <tr> <td>Relation of the various Claims in a VC to the
+         Claim identifying the (Credential) Subject (see ADIA Trust Model).</td>
+        <td>signed VC object</td>
+   </tr>
+   <tr> <td>Relation of a VC to the VP and to the respective public key
+         that is used to the presentation.</td>
+        <td>signed VP object</td>
+   </tr>
+  </tbody>
+ </table>
+ <figcaption>Protection of Data Relation Assets</figcaption>
+</figure>
+
+
+Issue: For each item above, describe what methods are in place to protect these
+    assets. E.g. we use signed DIDDocs for integrity protection of the
+    *_PK to *_ID relations, etc.
 
 
 # ADIA Security Measures # {#sctn-adia-secref-measures}
+1. <dfn>SM-1</dfn>: Tamper-Evidence through digitally signed data:
+    1. <a>User</a>s digitally sign the <a>VP</a>s to provide evidence
+        that the credential subject is presenting the <a>VC</a>.
+    1. <a>Issuer</a>s digitally sign the <a>VC</a>s based on information the <a>Issuer</a>s have verified.
+    1. <a>DAS</a> digitally signs the DIDDoc-USER, i.e. the relation
+        between the <A>DAS_USER_ID_PK</a> and the <a>DAS_USER_ID</a>.
+    1. <a>DAS</a> digitally signs the DIDDoc-ISSUER, i.e. the relation
+        between the <A>ISSUER_ID_PK</a> and the <a>ISSUER_ID</a>.
+    1. <a>ARD</a> digitally signs the DIDDoc-DAS, i.e. the relation
+        between the <A>DAS_ID_PK</a> and the <a>DAS_ID</a>.
+    1. <a>AGD</a> digitally signs the DIDDoc-ARD, i.e. the relation
+        between the <A>ARD_ID_PK</a> and the <a>ARD_ID</a>.
+
+1. <dfn>SM-2</dfn>: secure communication between the entities (except the User) using DIDComm [[DIDCOMM-MESSAGING-V1]]
+
+1. <dfn>SM-3</dfn>: secure communication between the <a>User</a>'s DAA
+    and <a>Issuer</a> using TLS and Issuer specific methods to verify
+    the user's identity (e.g. remote ID Proofing).
+
+1. <dfn>SM-4</dfn>: secure communication between the <a>User</a>'s DAA and the
+    1. <a>Cloud Agent</a> using FIDO authenticated TLS.
+    2. <a>SP</a> using TLS and TODO! Not yet clear how a session
+        initiated by the User would be tied to a <a>VP</a> in order to
+        know whether the User at the end of the line is the
+        <a>VP</a>'s subject.
+
+1. <dfn>SM-5</dfn>: support Anonymous <a>VC</a>s leveraging
+     zero-knowledge-proofs (ZKPs).
 
 Issue: TODO
 
 ## Relation between Measures and Goals ## {#sctn-adia-secref-measgoals}
 
+<figure id="fig-sm-to-sg">
+ <table><COLGROUP width="100%"><COL width="30%"><COL width="70%"></COLGROUP>
+  <thead>
+   <tr><th>Security Goal</th><th>Supporting Security Measures</tr>
+  </thead>
+  <tbody>
+   <tr> <td><a>SG-0</a></td> <td><a>Claims are verified by
+        <a>Issuer</a>s. TODO: add stipulatoins for <a>Issuer</a>
+        systems to validate the claims and to keep the records
+        integrity protected - even under attack.  Add details on dual
+        control to limit risk of malicious employee attack.</td> </tr>
+   <tr> <td><a>SG-1</a></td> <td><a>SM-1</a></td> </tr>
+   <tr> <td><a>SG-2</a></td> <td>TODO: Seems unclear at this stage! We
+     need some random value (server nonce) generated by the SP that is returned in
+     step "Wants proof and requests User to connect DAA via SP_ID" in figure "Verifiable Presentation and Verification (Option
+     1)" and the same applies to the Optopn 2 Anonymous flow.  This
+     server nonce also needs to be included in step "Invites SP for
+     DIDComm connection (mutual authentication)" since the SP wants to
+     know whether this communication relates to the session initiated
+     from some user in the beginning.
+ </td> </tr>
+   <tr> <td><a>SG-3</a></td> <td>User consent is enforced by the User's <a>Cloud
+                                 Agent</a> via the <a>DAA</a>.
+			     </td> </tr>
+   <tr> <td><a>SG-4</a></td> <td>Claim selection is performed by
+                                 User's <a>Cloud Agent</a> via the
+                                <a>DAA</a>.  A VC structure is being
+                                  used that supports fine grained
+                                  claim selection (TODO add reference).
+                             </td> </tr>
+   <tr> <td><a>SG-5</a></td> <td>TODO: Ensure that step "Request for
+      VC along with sending User's consent" in "VC
+      Presentation and Verification" doesn't include any SP specific
+      hints.  Since this communication with the Issuer is synchronous,
+      the Issuer at least learns the time when the user wants to share
+      the VC.  That could statistically disclose some information
+      about the SP.  The Issuer learns how often a user shares a
+      VC. Ideally, ADIA would "hide" that information and "cache" the VC.
+                             </td> </tr>
+   <tr> <td><a>SG-6</a></td> <td>SM-5</td> </tr>
+   <tr> <td><a>SG-7</a></td> <td>TODO: We need to track IAL and AAL
+     throughout the system.  We also need to avoid unexpected attack
+     points that might reduce the IAL/AAL. </td> </tr>
+   <tr> <td><a>SG-8</a></td> <td>TODO</td> </tr>
+  </tbody>
+ </table>
+ <figcaption>Relation between Security Measures and Goals</figcaption>
+</figure>
+
 Issue: TODO
 
 # ADIA Security Assumptions # {#sctn-adia-security-assumptions}
@@ -82,5 +245,143 @@ Issue: TODO
 
 # Threat Analysis # {#sctn-adia-threat-analysis}
 
-Issue: TODO
+## Threats to the Global Directory ## {#sctn-ta-agd}
+
+## Threats to a Regional Directory ## {#sctn-ta-ard}
+
+## Threats to the DAS ## {#sctn-ta-das}
+
+## Threats to the Issuer ## {#sctn-ta-issuer}
+
+	  <table class='threats'><COLGROUP width="100%"><COL width="5em"><COL><COL width="5em"></COLGROUP>
+	    <thead>
+	      <tr><th><dfn>T-4.1.1</dfn></th><th>Malicious Employee</th><th>Violates</th></tr>
+	    </thead>
+	    <tbody>
+	      <tr>
+	        <td></td>
+		<td>
+		  A malicious employee forges an ID Verification.
+		  
+		  <p><b>Consequences:</b>
+
+		  Issue: TODO
+
+		  </p>
+		  <p><b>Mitigations:</b>
+		  
+		   Issue: TODO
+		  
+		  </p></td>
+		<td>[=SG-1=]</td>
+	      </tr>
+	    </tbody>
+	  </table>
+
+
+## Threats to the Service Provider ## {#sctn-ta-sp}
+
+## Threats to the User Environment ## {#sctn-ta-user}
+
+	  <table class='threats'><COLGROUP width="100%"><COL width="5em"><COL><COL width="5em"></COLGROUP>
+	    <thead>
+	      <tr><th><dfn>T-6.1.1</dfn></th><th>DAA Corruption</th><th>Violates</th></tr>
+	    </thead>
+	    <tbody>
+	      <tr>
+	        <td></td>
+		<td>
+		  The Digital Address Application used by the user
+     	          is corrupted (e.g. user installed and uses a
+	          malicious version or the original DAA was modified
+  	          by malware).
+		  
+		  <p><b>Consequences:</b>
+		    The USER_FIDO_PK/SK might be weakly protected
+		    (e.g. generated in SW rather than TEE, or
+		    generated such that it could be used without a
+		    user gesture, or generated such that export is allowed).
+
+		    The USER_FIDO_PK might be misused for unexpected
+		    purposes.
+
+		    QR-code scanned at "User Onboarding to First
+		    Issuer" might be misinterpreted.
+
+ 		    Data for remote ID Proofing might be taken from a
+		    source other than the device's live camera (e.g. a
+		    recording).
+
+		    ID-Attributes for HIDA computation might be
+		    malicious in User Initiated Digital Address Creation
+		    with DAA.
+
+		    The DAA might maliciously disclose the DAS_USER_ID
+		    and/or the DA.
+
+		    The DAA might maliciously disclose the SP_ID
+		    to the issuer.
+
+		    The DAA might display a malicious set of
+		    attributes to be included in a verifiable claim in VC
+		    Issued to a User by an Issuer.
+
+		    The DAA might display a malicious set of
+		    attributes to be included in a verifiable claim to
+		    be presented to a service provider or a malicious
+		    service provider name in Verifiable Presentation and
+		    Verification.
+
+ 		    The DAA might maliciously chose Option 1 instead
+		    of Option 2 in Verifiable Presentation and
+		    Verification.
+		  </p>
+		  <p><b>Mitigations:</b>
+		    Attestation of FIDO Authenticator allows the
+		    server to verify whether USER_FIDO_PK was
+		    generated in an authenticator with acceptable
+		    security characteristics.
+
+ 		    Issue: Should add a need to using SafetyNet and
+		        the iOS equivalent in order to allow the server to
+		        verify that the original DAA is being used.
+		  </p></td>
+		<td>[=SG-1=], [=SG-3=], [=SG-4=], [=SG-5=], [=SG-6=]</td>
+	      </tr>
+	    </tbody>
+	  </table>
+
+	  <table class='threats'><COLGROUP width="100%"><COL width="5em"><COL><COL width="5em"></COLGROUP>
+	    <thead>
+	      <tr><th><dfn>T-6.1.2</dfn></th><th>Cloud Agent Corruption</th><th>Violates</th></tr>
+	    </thead>
+	    <tbody>
+	      <tr>
+	        <td></td>
+		<td>
+		  The Cloud Agent that acts on behalf of the user is
+		  attacked.
+		  
+		  <p><b>Consequences:</b>
+		   The attacker might try to extract the DAS_USER_ID_SK.
+
+		   The attacker might try to misuse the DAS_USER_ID_SK
+		   (e.g. to sign or decrypt messages withouh approval
+		   of the user).
+
+		   Issue: Should consider renaming DAS_USER_ID_PK to
+		       CA_USER_ID_PK (for cloud agent)
+		   </p>
+		  <p><b>Mitigations:</b>
+		  
+		   Issue: TODO, e.g. let Cloud Agent use HSMs and
+		       tight coupling of the HSM to the User's FIDO Key(s).
+		  
+		  </p></td>
+		<td>[=SG-2=], [=SG-3=], [=SG-4=], [=SG-5=], [=SG-6=]</td>
+	      </tr>
+	    </tbody>
+	  </table>
+
+
 
diff --git a/header.include b/header.include
index 0023088..24578cc 100644
--- a/header.include
+++ b/header.include
@@ -7,17 +7,47 @@
   <style data-fill-with="stylesheet">
   </style>
   <style>
-  body {
-    max-width: 90%;
-    text-align: justify;
-  }
   h1, h2, h3 {
     color: #f29c00;
   }
-  li {
-    text-align: left;
+  table, th, td {
+    border: 1px solid black;
+    border-collapse: collapse;
+  }
+  :link {
+    color: #00C;
+  }
+  :visited {
+    color: #609;
+  }
+  a:active {
+    color: #C00;
+  }
+  a[href]:focus, a[href]:hover {
+    color: #C00;
+  }
+  a[href] {
+    color: #034575;  
+    text-decoration-color: #034575;
+  }
+  :link, :visited, a:active {
+    background: transparent;
+  }
+  a:link img, a:visited img { /* no border on img links */
+    border-style: none 
+  }
+  .issue, .issue::before, .issue > .marker, details.issue > summary {
+    color: #aa0000;
+    text-decoration-color: #aa0000;
+    background: #fbb;
+    border-color: #aa0000;
+  }
+  .note, .note::before, .note > .marker, details.note > summary {
+    color: #52e052;
+    text-decoration-color: #52e052;
+    background: #e9fbe9;
+    border-color: #52e052;
   }
-
   </style>
 </head>
 <body class="h-entry">
diff --git a/resources/bikeshed/header.include b/resources/bikeshed/header.include
index 87037bf..24578cc 100644
--- a/resources/bikeshed/header.include
+++ b/resources/bikeshed/header.include
@@ -10,6 +10,44 @@
   h1, h2, h3 {
     color: #f29c00;
   }
+  table, th, td {
+    border: 1px solid black;
+    border-collapse: collapse;
+  }
+  :link {
+    color: #00C;
+  }
+  :visited {
+    color: #609;
+  }
+  a:active {
+    color: #C00;
+  }
+  a[href]:focus, a[href]:hover {
+    color: #C00;
+  }
+  a[href] {
+    color: #034575;  
+    text-decoration-color: #034575;
+  }
+  :link, :visited, a:active {
+    background: transparent;
+  }
+  a:link img, a:visited img { /* no border on img links */
+    border-style: none 
+  }
+  .issue, .issue::before, .issue > .marker, details.issue > summary {
+    color: #aa0000;
+    text-decoration-color: #aa0000;
+    background: #fbb;
+    border-color: #aa0000;
+  }
+  .note, .note::before, .note > .marker, details.note > summary {
+    color: #52e052;
+    text-decoration-color: #52e052;
+    background: #e9fbe9;
+    border-color: #52e052;
+  }
   </style>
 </head>
 <body class="h-entry">
diff --git a/sections/operations/directory-enrollment.include b/sections/operations/directory-enrollment.include
index d404609..22e8598 100644
--- a/sections/operations/directory-enrollment.include
+++ b/sections/operations/directory-enrollment.include
@@ -126,7 +126,7 @@ provides services to persist and search the <a>Credential Metadata</a> associate
 
 The diagram below represents a `new` <a>User</a> requesting a <a>Digital Address</a> from an <a>Issuer</a>.
 The </a>DAS</a> providing the Agency services, provisions a <a>Cloud Agent</a> for the <a>User</a> to create
-a public/private key pair and a <a>DID</a> (i.e. <a>DAS_usER_ID</a>) for the <a>User</a>. The identifier (<a>DAS_USER_ID</a>), along with the
+a public/private key pair and a <a>DID</a> (i.e. <a>DAS_USER_ID</a>) for the <a>User</a>. The identifier (<a>DAS_USER_ID</a>), along with the
 <a>HomeDAS</a> identifier (<a>HomeDAS_ID</a>) are persisted on the <a>DAS</a> to associate their identifiers with the newly created <a>Digital Address</a>.
 Please refer to the [[#sctn-trust-anchor]] and [[#sctn-digital-address]] sections for more details on the representation and usage of the <a>Digital Address</a>.
 
diff --git a/sections/operations/vc-operations.include b/sections/operations/vc-operations.include
index dc4d29d..1b0c040 100644
--- a/sections/operations/vc-operations.include
+++ b/sections/operations/vc-operations.include
@@ -79,6 +79,11 @@ Please refer to the section on [[#sctn-trust-model]] for details on how the <a>I
     <figcaption>Verifiable Presentation and Verification (Option 1)</figcaption>
 </figure>
 
+Issue: The third arrow ("Provide SP_ID to DAA") seems wrong: The SP cannot directly connect to the DAA. I think this arrow should start a User (meaning user's Browser) and then do to DAA.
+
+Issue: We should rename user to User's Browser to be more precise.
+
+Issue: Need to add more steps to the end that show how the User's Browser would continue interacting with the SP.  Essentially the SP has established an authenticated session a known user and now needs to return an authorization token to the user's browser.  ADIA spec should be open to what type of token is used, but we need to show how that could be done.
 
 ### Present Anonymous Credentials ### {#sctn-anon-creds}
 
@@ -99,6 +104,7 @@ to avoid the exposure of a correlation handle.
     <figcaption>Verifiable Presentation and Verification (Option 2: Anonymous)</figcaption>
 </figure>
 
+Issue: Need to add more steps to the end that show how the User's Browser would continue interacting with the SP.  Essentially the SP has established an authenticated session a known user and now needs to return an authorization token to the user's browser.  ADIA spec should be open to what type of token is used, but we need to show how that could be done.
 
 
 ## User Consent ## {#sctn-user-consents}
diff --git a/sections/overview/trust-model.include b/sections/overview/trust-model.include
index 0825691..90d79e6 100644
--- a/sections/overview/trust-model.include
+++ b/sections/overview/trust-model.include
@@ -5,6 +5,8 @@
     <figcaption>ADIA Trust Model</figcaption>
 </figure>
 
+Issue: Add DIDDoc-SP.  It is referenced in a sequence diagram (setup new SP) and also in the Security Reference.
+
 When verifying a verifiable presentation of a verifiable credential,
 the following objects need to be verified:
 1. <a>Verifiable Presentation</a>, i.e. an object containing a

Asset	Protection Method
AGD_ID_SK	TODO
ARD_ID_SK	TODO
DAS_USER_ID_SK	TODO
USER_FIDO_SK	maintained by the user's FIDO Authenticator(s), and all other FIDO related assets that need protection, see + FIDO + Security Reference. +
DAS_ID_SK	TODO
ISSUER_ID_SK	TODO
SP_ID_SK	TODO
Asset	Protection Method
Issuer stored identity proofing records and their relation to the User's DA	Stored in Issuer DB + +Issue: Is this proprietary to the Issuer? Do we have minimum security + requirements for that? Do we specify a minimum retention period + for this? +
Relation of a Digital Address to a Trust Anchor in + general	Stored in AGD as (TA, ID, DA, HomeDASId) tuple. + +Issue: What is the protection method? How can that be audited? +
AGD_ID to AGD_DA relation	Stored in AGD as (TA, ID, DA, HomeDASId) tuple. + +Issue: What is the protection method? How can that be audited? +
ARD_ID to ARD_DA relation	Stored in AGD as (TA, ID, DA, HomeDASId) tuple. + +Issue: What is the protection method? How can that be audited? +
DAS_USER_ID to User's DA relation	Stored in ARD as (TA, ID, DA, HomeDASId) tuple. + +Issue: What is the protection method? How can that be audited? +
DAS_ID to DAS_DA relation	Stored in AGD as (TA, ID, DA, HomeDASId) tuple. + +Issue: What is the protection method? How can that be audited? +
ISSUER_ID to ISSUER_DA relation	Stored in AGD as (TA, ID, DA, HomeDASId) tuple. + +Issue: What is the protection method? How can that be audited? +
SP_ID to SP_DA relation	Stored in AGD as (TA, ID, DA, HomeDASId) tuple. + +Issue: What is the protection method? How can that be audited? +
DAS_USER_ID_PK to DAS_USER_ID relation	signed DIDDoc-USER
ISSUER_ID_PK to ISSUER_ID relation	signed DIDDoc-ISSUER
SP_ID_PK to SP_ID relation	signed DIDDoc-SP
DAS_ID_PK to DAS_ID relation	signed DIDDoc-DAS
ARD_ID_PK to ARD_ID relation	signed DIDDoc-ARD
AGD_ID_PK to AGD_ID relation	signed DIDDoc-AGD
Relation of the various Claims in a VC to the + Claim identifying the (Credential) Subject (see ADIA Trust Model).	signed VC object
Relation of a VC to the VP and to the respective public key + that is used to the presentation.	signed VP object
Security Goal	Supporting Security Measures
SG-0	Claims are verified by + Issuers. TODO: add stipulatoins for Issuer + systems to validate the claims and to keep the records + integrity protected - even under attack. Add details on dual + control to limit risk of malicious employee attack.
SG-1	SM-1
SG-2	TODO: Seems unclear at this stage! We + need some random value (server nonce) generated by the SP that is returned in + step "Wants proof and requests User to connect DAA via SP_ID" in figure "Verifiable Presentation and Verification (Option + 1)" and the same applies to the Optopn 2 Anonymous flow. This + server nonce also needs to be included in step "Invites SP for + DIDComm connection (mutual authentication)" since the SP wants to + know whether this communication relates to the session initiated + from some user in the beginning. +
SG-3	User consent is enforced by the User's Cloud + Agent via the DAA. +
SG-4	Claim selection is performed by + User's Cloud Agent via the + DAA. A VC structure is being + used that supports fine grained + claim selection (TODO add reference). +
SG-5	TODO: Ensure that step "Request for + VC along with sending User's consent" in "VC + Presentation and Verification" doesn't include any SP specific + hints. Since this communication with the Issuer is synchronous, + the Issuer at least learns the time when the user wants to share + the VC. That could statistically disclose some information + about the SP. The Issuer learns how often a user shares a + VC. Ideally, ADIA would "hide" that information and "cache" the VC. +
SG-6	SM-5
SG-7	TODO: We need to track IAL and AAL + throughout the system. We also need to avoid unexpected attack + points that might reduce the IAL/AAL.
SG-8	TODO