This doc is well-written. It explains an API for GNAP parties to talk with each other, view and dissect access tokens, and the like. The security considerations seem well-considered.  I am not a GNAP expert. A few nits follow

Abstract: should spell out GNAP.  Is the "AS" in the second sentence the same as the "piece of software" mentioned the first sentence?

Introduction: the RS doesn't answer important questions, it gets answer to them, right?

2.1.3 "ensure that the token is not receiving". Do you mean the RS is not receiving?

2.1.4 "if such information is not stored, an atacker". s/stored/included/ s/stored/presented/?

How much of 2.1.* is a restatement of the core GNAP document? How much of 2.1.* is different, soley for the purposes here -- i.e., how much of 2.1.* would more properly belong in a GNAP-CORE-bis document?

3.1 What is the point of the grant_request_endpoint field, since the first paragraph of that section implies you have to know it to add the well-known suffix?

I was surprised to see the Acknowledgements appearing before several things, and not last just-before-references.