The term "access grant" in the -09 spec is a bit odd. Normally "access grant" or "permission grant" would refer to a specific policy decision made by a resource owner.
But that's not how the -09 spec uses the term. The -09 spec refers to authorization codes and assertions as "access grants". Again, that's weird. Normally an assertion would be referred to as a "credential", not a grant. I think the term "authorization credential" might be a better fit than "access grant". It certainly describes the purpose of the authorization code and the assertion. And the term "credential" is normally used to describe things that need to be verified and protected. Cheers, Brian _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
