Update CAEP & RISC Events and SSF Docs with txn claim #157
Description
The txn claim is called out as optional on RFC 8417 but is not referenced on CAEP / RISC Events or in the general SSF documentation. With the new CAEP Event being introduced, session established, it feels like introducing txn now is the right time before v1 is established. This speaks to how a transmitter(SST) and receiver(SSR) can co-op using a standard JWT claim.
SST -> session revoked CAEP Event -> SSR with txn: 123. The SSR that received the SET can then send back, acting as a SST, a session revoked event to the Transmitter which is now acting as a SSR. This is a good example of auditing and accounting practices. This also helps inform a SST that the signals it is emititng to the SSR's are still accurate and not subjective noise to a SSR (i.e. the underlying data powering the SST is valid and accurate...which is important).
Would like to update the open-id-caep-spec (Sections 2 and 3), open-id-risc-spec (Sections 2 and 3) and open-id-sharedsignals-framework-1.0 (Section 5) md files. In the events I think we would want to call out the specifics to use the txn claim and not have it optional for all events.