Clarity regarding preventing delegation #32
Description
The spec should normatively state that preventing delegation is not allowed, and explain why in the security / privacy section.
The TLDR should be, preventing delegation leads to credential sharing.