I propose a few specific improvements to the current specification for better security and privacy guarantees in the practical implementation:

1. Section 4.3 does not make it explicit that "An Attestation Provider SHALL NOT include any data in its issued Proof of Age attestation that could be used to break unlinkability (when the portrait attribute is not transmitted during presentation)." This is somewhat compounded by Section 4.1.1 not explicitly stating that this list of attributes is the maximum set of allowed attributes (i.e. no AP defined other attributes are allowed). Has this intentionally not been restricted, or is this made explicit in another part of the spec that I didn't see? I suggest being explicit about this requirement to ensure that attestation providers do not include trackable attributes, by (malicious) choice or mistake.
2. As long as ZKP presentation is not mandatory, the risk of AP data leaks and resulting collusion with RPs remains strong. Therefore, I recommend adding an AP requirement to Section 4.3 such as "An Attestation Provider SHALL NOT store any association of issued Proof of Age attestation with the requesting user binding after the issuance has been transmitted to the AVI."
3. In the same vain, maybe add to Section 4.4 a requirement along the lines of "A Relying Party SHALL NOT store the proof of age attestation after the relevant user session has ended."

The real fix for items 2. and 3. is to make a ZKP presentation of age verification mandatory, either based on a BBS-like construction or the recent ZKP-on-top-of-mdoc proposal in the zk-longfellow form.