michielbdejong
commented
5 years ago I think this describes the step where Alice sees the consent dialog? We should state that it's out of scope for this spec, but might still be useful to have a reference to it documented here, for people who are wrapping their head around the dance that the app, IDP, and storage server(s) end up doing.
Removed the trusted app reference. It was originally intended to represent an application registry where the user is able to see what apps it has authorized (rather than combing through ACLs), but the trusted app list is only to be used for trusted origin webapps. Will replace with appropriate registry to use once it is properly defined elsewhere in spec.