Critique new wording and spec structure (Sec 1.4.2 / Sec 3.6.5)
What should be done about previous RPTs on requests – if they're allowed, why, what does the AS do in return, and what does the client do with its various RPTs?
How (and where in the spec) should the RS document its permission request practices so the client has an idea what's in its RPTs?
Are our "notes" for default-deny and everything else as they should be?