Hi all, Here are some considerations/comments about SCT (Saved Consent Token): 1. SCT could be considered as session token or session identifier for managing RqP/Client interactions with AS for the trust elevation process, for keeping transparent the subsequent actions. The use case is when Bob (RqP) attempts to access to a protected resouce, obtaining a RPT+SCT. Later (10 min), when he tries to access to a new protected resource which match the previouse claims policy, having an active session (on AS), the client posts the SCT which proof that he has previously released the claims, avoiding the claims gathering again. 2. As session identifier token, it should follow the three rules: unique, random and encrypted. Validity is important as well. 3. Maybe the name "Saved consent Token" could be confusing because of "consent" word, which recall compliance terminology. I hope this is helpful for the discussion. Domenico Sent from my iPad