Imbault, FabienRicher, JustinParecki, AaronRoßnagel, HeikoSchunck, Christian H.Mödersheim, Sebastian2021-05-202021-05-202021978-3-88579-706-7https://dl.gi.de/handle/20.500.12116/36492The Grant Negotiation and Authorization Protocol, also known as GNAP, is currently being formulated in an IETF working group. GNAP gives the opportunity to reflect on the strengths and weaknesses of OAuth 2, and highlights the new directions to improve digital access. We compare with the approach taken by OAuth 2 and show that designing authorization servers primarily as “token issuers” provides insightful consequences for security and privacy.enauthorization protocolOAuth 2GNAPManaging authorization grants beyond OAuth 2Text/Conference Paper1617-5468