Separate access control (including resource representations) from TRS. Note that access control was not part of TRS 2.0, but was only described in the never-standardized ILDP document.
That leaves this issue open, but with less urgency (and more freedom) to resolve it.
For the TRS spec, can we use a more general approach?
Jim says it is brittle...