So, uh, happy new year. :-) https://docs.kantarainitiative.org/uma/ed/uma-core-2.0-10.html https://docs.kantarainitiative.org/uma/ed/oauth-resource-reg-2.0-03.html I've been working on great detailed comments from Cigdem and Mike (thanks!) and other mostly editorial stuff, and managed to implement 98% of the big section refactoring I've been talking about for a while (flatten-consolidate-shorten). Please try and give these a read-through. Questions: - I'm starting to believe that the "*authorization interface*" is actually properly the "*UMA grant*", tip to toe. In one place I actually did call it that. True? - I added a precondition/assumption that the client needs to use the *client credentials grant* to get an access token to use in the header when it makes a call to the token endpoint to get an RPT. Is my understanding correct? We didn't say anything about this before. - We have "five definitive errors" that *end the authorization process*. But is there anything that should happen to make this truly definitive? Should permission tickets expire, or what? - I've got a couple of other *Table of Contents nerd questions* that I'd love to pore over with others similarly inclined in a quick session before our Thursday session. Self-identify and I'll find you. *Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl