Key things to note: The biggest thing is that the Authorization Assessment section is back, and it's reworked with something like George's example. The discussion of "default-deny" is much much softened. Throughout there are some subtle but -- I think -- helpful changes in response to lots of comments from Cigdem. More of that to come.

Based on a discussion with Cigdem (and also the discussions with the HEART WG), I think we need to add a discussion of the importance of the RS treating its permission request practices as a part of its API behavior. Something to discuss...

I will send a specific agenda tomorrow -- gettin' late now.