Rights and attributes SHOULD be equally supported

[Denisthemalice]

The core draft defines

Privilege: right or attribute associated with a subject Access Token: a data artifact representing a set of rights and/or attributes

However, the core draft does not allow a RS to distinguish between rights and attributes.

The core protocol should define two fields in an access token request to distinguish between rights (i.e. capabilities) and attributes.

A set of standard attribute types should be defined to support ABAC (Attribute Based Access Control) : e.g. first name, family name, birth date, birth location, home address, email address, social security number, citizenship(s), etc …

[fimbault]

Closing as already answered several times