In these drafts you will find the following issue implementations (mostly closed):

#293: Check/fix all examples for missing required (and optional) fields; other editorial (the not-quite-editorial change to "flatten" the pushing of claim tokens so that a client pushes one claim token at a time; see Core Sec 3.6.1)

#294: Consider a proof-of-possession option for the RPT core security (see Core Sec 6.2)

#295: When a requesting party needs to withdraw their access core (see Core Sec 3.11)

#298: Reconsider whether ticket should be on all redirect-back AS responses core (see Core Sec 3.6.3) -- didn't close this issue yet because only a relatively small subset of us discussed the recommendation

#302: Typo in RReg source regarding the stylesheet editorial rsrc-reg (trivial; RReg didn't change substantively)

Please do check over the new text and examples, and the swimlane summary, and see what you think.

Also please note that there are still a couple of issues that could use your opinion!

Existing: #303: Cleaning up the security considerations: JSON Usage and OIDC for client authentication

New: #304: Do we need the UMA error invalid_request?

I'm going to turn my full attention to the spec refactoring proposal now...