First study different ways of people and apps asking for permission

[timbl]

For apps asking to access a resource,
I think we should do a bake-off maybe of two designs,

• one using the built-in OIDC app authorization protocol, and
• the other using LDN notifications to request access using a solid message

We need the latter for person yo request access to a resource, so maybe the app getting access should b the same code. That has been in the back of my head my not being sure about using the oauth for this.