discovery - plan of record: IS-04, need to think about resource servers (i.e. services/devices) using IS-04's x- (extended claims) to register the catena scopes supported, and any other x-catena info we should put in there.
bearer token format needs expert review - demo working with more than one authz server (keycloak / okta) (both SDK and standard requirement)
demo dynamic client registration working (an SDK requirement, not a requirement for the standard)
demo service/device registration with authz
demo mTLS between client & service and service-service(?)
break this into separate issues