Problem description
The Appendix A: info.description template for device identification from access token contains text that gives the impression that some information can be "extracted" from the access token and that that information is therefore in the access token.

OAuth2, OIDC and Camara ICM do not specify the format of the access token. The access token can be self-contained and then would in fact contain said information or the access token is a reference to a database where the wording extract from the access token would not make much sense.

• The server will extract the device identification from the access token, if available.
• If the API request additionally includes a device object when using a 3-legged access token, the API will validate that the device identifier provided matches the one associated with the access token.

Expected behavior
Use language that does not suggest how access-tokens are implemented.

• If the API requires an device identifier, then the resource server obtains the device identifier associated with the access token.
• If the API request additionally includes a device object when using a 3-legged access token, then the API will validate that the device identifier provided in the request matches the one associated with the access token.