Also tried out Justin's wording for how the AS and client handle invalidating/revoking an old RPT when the AS hands back a new RPT – see Core rev 11 Sec 3.6.6
Please see new issues! We'll discuss as necessary next week; please comment online:
266: Set math (hopefully we'll have some spec-like wording to guide us further by tomorrow)
256: Naming and concepts, specifically authorization interface vs. UMA grant concept
Issues to discuss and hand out assignments for:
256: Naming and concepts, specifically a definition for and handling of the access token/claim token situation
263: Claim token profiling / 119: Create an IANA registry for URIs that stand for claim token formats
Shoebox: 246: Endpoint for collection of "receipts" and notifications of RS action in case of extraordinary behavior / 245: Location Constraints / 224: RS Notifies AS or RO of Access / 63: Audit logs to support legal enforceability / 24: Possible to audit host's compliance in giving access based on a legitimate active permission from the AM?