Public clients only exist because pre-placed secrets aren’t possible in native apps and SPA-like things. With this method, it’s closer to using dynamic client registration, which allows what would have been a public client before to become a confidential client at runtime. You see, since you start in the back channel, each instance of your software can effectively go “hey it’s me, let’s get started”. The transaction handle is used from that point forward. If the server wants to, it can assign a client handle to the client information for the client to use next time it talks to the AS, but even that remains optional.

I don’t understand your comment about a static model — what I said was it needed to have a more solid and complete model to begin with. OAuth2’s core has almost zero model for any of its components, which is why those had to be invented later. The models should always be extensible with details, of course, but that doesn’t mean you define nothing to start.