Looking at the familiar diagram

Luis, acting as a trusted grantee of ACME, wants to grant access to members of a local group. Local groups mean that ACME manages the group listing and ACME's authorization agent has access to it. In that case, Luis grants specific access to the ACME RnD group. ACME's authorization agent would record the Access Consent where the group would be the grantee. Then authorization agent would generate an access grant for each member of the group.

TODO

• Clarify that a local group would only be the grantee on Access/Data Consent.
• Clarify that generating of Access/Data Grants would need to be re-triggered when group membership changes.
• Vocab to express group membership
• Should group listing go as agent registration?