RS Clauses re access token

Issue #497 resolved
Dave Tonge created an issue

We have these clauses for Resource Servers

shall verify that the scope of the access
   token authorizes the access to the resource it is representing
shall identify the associated entity to the access token
shall only return the resource identified by the combination of the entity
   implicit in the access and the granted scope and otherwise return errors as
   in section 3.1 of [@!RFC6750]

I’m not sure how we can test them and I’m not sure about the language.

We need to consider that some RS endpoints will be POST / PATCH / PUT, i.e. an action is being performed rather than just a resource being returned.

Can we not simply the above 3 clauses to something like:

shall verify that the authorization represented by the access token is sufficient for the requested resource access