Here is a new review - the sooner you ask about anything that is unclear the
more likely I will remember what I was referring to.
Jim
* In figure 4: The CDDL is not correct. "2*role" should be "2*role:tstr"
or role should be defined as a separate item
* Section 3.2 - The third to last parag
RFC 8693 defines the “scope” JWT claim for use with OAuth 2.0, and so is
application-specific – just like the corresponding CWT “scope” claim is
specific to ACE OAuth.
Unless Hannes (the other Designated Expert) disagrees with my and Chuck’s
assessment by then, I propose that we proceed with th