I've been working on great detailed comments from Cigdem and Mike (thanks!) and other mostly editorial stuff, and managed to implement 98% of the big section refactoring I've been talking about for a while (flatten-consolidate-shorten). Please try and give these a read-through.

Questions:

• I'm starting to believe that the "authorization interface" is actually properly the "UMA grant", tip to toe. In one place I actually did call it that. True?
• I added a precondition/assumption that the client needs to use the client credentials grant to get an access token to use in the header when it makes a call to the token endpoint to get an RPT. Is my understanding correct? We didn't say anything about this before.
• We have "five definitive errors" that end the authorization process. But is there anything that should happen to make this truly definitive? Should permission tickets expire, or what?
• I've got a couple of other Table of Contents nerd questions that I'd love to pore over with others similarly inclined in a quick session before our Thursday session. Self-identify and I'll find you.