Neat! It feels like cryptographic attestation by the child/secondary site would be less subject to abuse.
I.e. proving they have access to the same private key used to sign the parent, which would by definition not be something the parent would willingly share with random third parties
I.e. proving they have access to the same private key used to sign the parent, which would by definition not be something the parent would willingly share with random third parties