The header inidcates that this is about Authorization but then proceeds to reference authentication. Perhaps alternative wording can avoid this (e.g. "API calls SHALL be authorized with OAuth 2.0 access tokens. Implementors MAY use bearer tokens or sender constrained tokens, depending on the organizations policy".)
https://github.com/SGNL-ai/authzapi/blob/5937da2ca3a3ed189bb066ce2f75c9bd5e0a380d/authorization-api-1_0.md?plain=1#L103C12-L103C12
The header inidcates that this is about Authorization but then proceeds to reference authentication. Perhaps alternative wording can avoid this (e.g. "API calls SHALL be authorized with OAuth 2.0 access tokens. Implementors MAY use bearer tokens or sender constrained tokens, depending on the organizations policy".)