Our Authorizations vocabulary describes multiple different authentication flows and the scopes that can be requested for each flow.

What is missing is a way of documenting which resources/properties are available given a particular scope.

This would allow documentation to be generated that tells the client/app which scopes they need to request in order to access certain resources.

OData-884 and OData-1145 attempt to align with OpenAPI by describing operations supported, and necessary headers, parameters, and permissions required to invoke those operations.  However, we have moved away from OData-884, which uses a more operation-centric approach, to something that aligns with our capabilities.  In doing so, we need a way to specify what permissions are required to access a particular resource (or properties within a resource).