Add clarification about client_id for wallet attestation

openid-4-verifiable-credential-issuance-1_0.md

@@ -1664,6 +1664,13 @@ for example, by including clear-text session information as a `state` parameter
 it in a `redirect_uri` parameter. A third party may observe such information through browser
 history, etc. and correlate the user's activity using it.
 
+### Wallet Attestation Subject {#walletattestation-sub}
+
+The Wallet Attestation as defined in (#wallet attestation) SHOULD NOT introduce a unique identifier specific to a single client.
+The subject claim for the Wallet Attestation SHOULD be a value that is shared by all Wallet instances using this type of
+wallet implementation. The value should be understood as an identifier of the Wallet type, rather than the specific Wallet
+instance itself.
+
 ## Identifying the Credential Issuer
 
 Information in the credential identifying a particular Credential Issuer, such as a Credential Issuer Identifier,
@@ -2532,7 +2539,7 @@ The following is a non-normative example of a Wallet Attestation:
 
 ```
 {
-  "typ": "oauth-client-attestation+jwt"
+  "typ": "oauth-client-attestation+jwt",
   "alg": "ES256",
   "kid": "11"
 }
@@ -2558,6 +2565,8 @@ The following is a non-normative example of a Wallet Attestation:
 
 To use the Wallet Attestation towards the Authorization Server, the Wallet MUST generate a proof of possession according to Section 5.2 "Client Attestation PoP JWT" of Attestation-Based Client Authentication.
 
+The `sub` claim of the Wallet Attestation JWT is picked by the Wallet Provider and represents the `client_id` of the Wallet. For privacy reasons, this value is the same across Wallet instances of that Wallet Provider, see (#walletattestation-sub) for more details.
+
 # IANA Considerations
 
 ## OAuth URI Registry
@@ -2756,7 +2765,7 @@ The technology described in this specification was made available from contribut
 
    -16
 
-   *
+   * add privacy considerations for the client_id used with wallet attestations
 
    -15