https://docs.kantarainitiative.org/uma/ed/uma-core-2.0-13.html https://docs.kantarainitiative.org/uma/ed/oauth-resource-reg-2.0-05.html Key things to note: The biggest thing is that the Authorization Assessment section <https://docs.kantarainitiative.org/uma/ed/uma-core-2.0-13.html#authorization-assessment> is back, and it's reworked with something like George's example. The discussion of "default-deny" is much much softened. Throughout there are some subtle but -- I think -- helpful changes in response to lots of comments from Cigdem. More of that to come. Based on a discussion with Cigdem (and also the discussions with the HEART WG), I think we need to add a discussion of the importance of the RS treating its permission request practices as a part of its API behavior. Something to discuss... I will send a specific agenda tomorrow -- gettin' late now. *Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl