Permission Revocation - English language clarification

[karlcow]

In the security and privacy considerations, there is this section about revocation. To note that this is the only section of the specification where revocation is explained.

When a permission is revoked, the user agent MAY fire the "pushsubscriptionchange" event for subscriptions created with that permission, with the service worker registration associated with the push subscription as registration, a PushSubscription instance representing the push subscription as oldSubscription, and null as newSubscription. The user agent MUST deactivate the affected subscriptions in parallel.

It has too many with in a row to make it clear (at least for ESL like me). Would there be a way to rephrase this to make it clear? I put the red dots where it starts to be confusing in the level of English nesting.

When a permission is revoked,

• the user agent MAY fire the "pushsubscriptionchange" event
  • for subscriptions created with that permission
  • 🔴 with the service worker registration associated with the push subscription as registration,
  • 🔴 a PushSubscription instance representing
    • the push subscription as oldSubscription,
    • and null as newSubscription.
  • The user agent MUST deactivate the affected subscriptions in parallel.

Other mentions of revocation.

Then in 10.5 The pushsubscriptionchange Event

The pushsubscriptionchange event indicates a change in a push subscription that was triggered outside of the application's control, for example because it has been refreshed, revoked or lost.

And in the security and privacy section with

Permissions that are preserved beyond the current browsing session MUST be revocable.