Issue #84 resolved
Basic - 4 misplaced normative text for check session endpoint
Section 4 says:
"The id_token and Check Session Endpoint MUST be used to validate the identity of a session."
Not clear why a normative MUST that concerns the check session endpoint is placed under the Userinfo endpoint section.