From 8d475679234fce2f17c1949270140e62c817ee52 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Thu, 8 Feb 2024 13:50:45 -0500 Subject: [PATCH] clarify introduction and scope --- draft-ietf-gnap-core-protocol.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/draft-ietf-gnap-core-protocol.md b/draft-ietf-gnap-core-protocol.md index c714f16..f04f686 100644 --- a/draft-ietf-gnap-core-protocol.md +++ b/draft-ietf-gnap-core-protocol.md @@ -158,8 +158,11 @@ passed directly to the software. # Introduction This protocol allows a piece of software, the client instance, to request delegated -authorization to resource servers and subject information. This delegation is -facilitated by an authorization server usually on +authorization to resource servers and subject information. The delegated access to +the resource server can be used by the client instance to access resources and APIs +on behalf a resource owner, and delegated access to +subject information can in turn be used by the client instance to make authentication decisions. +This delegation is facilitated by an authorization server usually on behalf of a resource owner. The end user operating the software can interact with the authorization server to authenticate, provide consent, and authorize the request as a resource owner. @@ -312,10 +315,10 @@ Right: : ability given to a subject to perform a given operation on a resource under the control of an RS. Subject: -: person, organization or device. The subject decides whether and under which conditions its attributes can be disclosed to other parties. +: person or organization. The subject decides whether and under which conditions its attributes can be disclosed to other parties. Subject Information: -: set of statements and attributes asserted by an AS about a subject. +: set of statements and attributes asserted by an AS about a subject. These statements can be used by the client instance as part of an authentication decision.