Do clients really need access to their Grants/Authorizations?

[woutermont]

In light of data-interoperability-panel/issues/308 (giving grantees access to Authorizations), I wondered which use cases actually need grantees to directly access permission info (authorizations/grants, denials etc.) at all ... Afaik, none of our reference AS frameworks (OAuth 2.x, UMA, GNAP) support that; if a client wants to know whether it is allowed to access some resource, it can always try to get a token. After all, upon discovery of existing authorization, that's what the client would do anyway. Leaving direct access out would thus simplify our model, and bring it closer to existing AS implementations.