Hi, Please, could any of the keystone core members give me some advice on this spec? https://review.opendev.org/c/openstack/keystone-specs/+/813152 We'd like to make the following points clear by the end of this year to forward the implementation. So, please kindly check it and please let me know your opinion. - OAuth2.0 scope [1]: As there are differences between OAuth2.0 scope format and the Application credentials access rule format and we haven't found a good solution to map them, we'd like to omit the implementation of the OAuth2.0 scope in Yoga. Is there any concerns? - Access policy configuration: - Which one is appropriate? (i) End-users can use the OAuth2.0 API if they have permission for the OAuth2.0 API even if they don't have permission for the Application credentials API (ii) End-users can use the OAuth2.0 API only if they have permission for both the OAuth2.0 API and the Application credentials API. - API endpoint: - Which one is appropriate? (i) `/identity/v3/auth/OS-OAUTH2/<user_id>/clients` (ii) `/identity/v3/users/{user_id}/OS-AUTH2/clients` (iii) other [1] https://datatracker.ietf.org/doc/html/rfc6749#page-23 Thanks, Hiromu Asahina (h_asahina)