...
We will discuss the design principle around digital signatures next week - there is some concern regarding the wording and this requires
commenting on the mailing list.
...
The second option would fit well if we had both bearer tokens and JWT tokens since the host in both cases would make the final decision whether to grant access or not - in both cases the host is provisioned with information about the resource and authorized actions and can map that locally to the actual access request to a resource.(More detail forthcoming from Maciej.)
Christian will discuss a scenario n based on a real API (possibly Flickr) and will send it to the group for commenting. (Now DONE.)
...