https://docs.kantarainitiative.org/uma/ed/uma-core-2.0-21.html
In these drafts you will find the following issue implementations (mostly closed):
#293: Check/fix all examples for missing required (and optional) fields; other editorial (the not-quite-editorial change to "flatten" the pushing of claim tokens so that a client pushes one claim token at a time; see Core
Sec 3.6.1)
#294: Consider a proof-of-possession option for the RPT core security (see Core
Sec 6.2)
#295: When a requesting party needs to withdraw their access core (see Core
Sec 3.11)
#298: Reconsider whether ticket should be on all redirect-back AS responses core (see Core
Sec 3.6.3) -- didn't close this issue yet because only a relatively small subset of us discussed the recommendation
#302: Typo in RReg source regarding the stylesheet editorial rsrc-reg (trivial; RReg didn't change substantively)
Please do check over the new text and examples, and the swimlane summary, and see what you think.
Also please note that there are still a couple of issues that could use your opinion!
Existing: #303: Cleaning up the security considerations: JSON Usage and OIDC for client authentication
New: #
304: Do we need the UMA error invalid_request?
I'm going to turn my full attention to the spec refactoring proposal now...
Eve Maler
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl