AZ -> authorization server

documentation/CAMARA-Security-Interoperability.md

@@ -70,9 +70,9 @@ The OIDC Authorization Code Flow is defined in [OpenID Connect](https://openid.n
 CAMARA REQUIRES cross-site request forgery protection.
 
 CAMARA RECOMMENDS PKCE for CSRF protection. 
-CAMARA Authorization Servers SHOULD implement PKCE. If PKCE is not used by the Client then the CAMARA AZ must handle **state** and **nonce** as defined in OAuth2.
+CAMARA Authorization Servers SHOULD implement PKCE. If PKCE is not used by the Client then the CAMARA authorization server must handle **state** and **nonce** as defined in OAuth2.
 
-CAMARA API consumers SHOULD use PKCE if the CAMARA AZ supports PKCE.
+CAMARA API consumers SHOULD use PKCE if the CAMARA authorization server supports PKCE.
 
 If nonce for CSRF-protection is used then implementers must ensure that sufficient entropy is present in the nonce value.
 Please see [OAuth 2.0 Security Best Current Practice](https://oauthstuff.github.io/draft-ietf-oauth-security-topics/draft-ietf-oauth-security-topics.html#name-protecting-redirect-based-f).
@@ -114,9 +114,9 @@ This CAMARA document clarifies the values used in login_hint in the following wa
 #### Refresh Token Issuance
 
 Neither OIDC, CIBA, nor OAuth2 define a way for clients to indicate whether they need a refresh_token. 
-Refresh token issuance is optional and at the discretion of the AZ.
+Refresh token issuance is optional and at the discretion of the authorization server.
 
-CAMARA uses the scope `offline_access` in the authorization request to indicate to the AZ that the client requests a refresh token additionally to the access token for CAMARA API access.
+CAMARA uses the scope `offline_access` in the authorization request to indicate to the authorization server that the client requests a refresh token additionally to the access token for CAMARA API access.
 
 ---
 **NOTE**