- resource owner (RO) (original; from OAuth)
- requesting party (RqP) (original; confusion with identity "RP")
- resource server (RS) (enhanced OAuth version; also acts as OAuth client; confusion with identity "RP")
- client (enhanced OAuth version; also acts as OAuth client; confusion with identity "RP")
- authorization server (AS) (enhanced OAuth version)
- resource set (original), protected resource, resource (colloquial)
- scopes (also appeared in the authorization/claims message)
For now, let's please discuss only in email, unless we're all somehow magically aligned by the time we get to the next call. I'll provide my own thoughts in a followup message.