Most notable pieces of functionality are IMHO
- the over-the-air/wire provisioning of 'root' credentials and other identity into a client
- supporting a model of credential presentation in which the IDP need not be involved at run-time (relevant for both privacy value and in support of offline modes)
In the spirit of 'tail-wagging-dog', lots of attention.
I'm thankful Conor wasn't able to slip in his blog URL in his supporting quotes (I guarantee you he would have been thinking about how to do it).