> Reading all of this makes me think it would be cleaner to introduce a > separate scope concept ;) > > A user doesn't have a scope - a user has roles and attributes. Re-using roles > concept for the scope just makes it feel awkward and retrofitted. +10000