Rather than interrogating a device directly, we ask the device vendor to do it for us.

I see so much problems coming 🍿
At the same time, I like the idea so much!

4 parties involved:

• an origin (service provider)
• a client (service consumer)
• an attester (proof the client is real, for example device vendors)
• an issuer: producer of the token called by the attester and choosed by the origin