As per draft Stuttgart security analysis:
Expected Origins Parameter [OID4VP, Appendix A.2] introduces a new authentication request
parameter, expected_origins for signed requests over the DC API. However, the specification
does not explicitly require the wallet to verify that the origin asserted by the DC API is included in
this set.