From 69a2227338a392e46120ab94c5be65262f383fa7 Mon Sep 17 00:00:00 2001
From: Axel Nennker <axel.nennker@telekom.de>
Date: Tue, 1 Oct 2024 17:10:36 +0200
Subject: [PATCH] AZ -> authorization server

---
 documentation/CAMARA-Security-Interoperability.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/documentation/CAMARA-Security-Interoperability.md b/documentation/CAMARA-Security-Interoperability.md
index b4dcb4d..e2a9788 100644
--- a/documentation/CAMARA-Security-Interoperability.md
+++ b/documentation/CAMARA-Security-Interoperability.md
@@ -70,9 +70,9 @@ The OIDC Authorization Code Flow is defined in [OpenID Connect](https://openid.n
 CAMARA REQUIRES cross-site request forgery protection.
 
 CAMARA RECOMMENDS PKCE for CSRF protection. 
-CAMARA Authorization Servers SHOULD implement PKCE. If PKCE is not used by the Client then the CAMARA AZ must handle **state** and **nonce** as defined in OAuth2.
+CAMARA Authorization Servers SHOULD implement PKCE. If PKCE is not used by the Client then the CAMARA authorization server must handle **state** and **nonce** as defined in OAuth2.
 
-CAMARA API consumers SHOULD use PKCE if the CAMARA AZ supports PKCE.
+CAMARA API consumers SHOULD use PKCE if the CAMARA authorization server supports PKCE.
 
 If nonce for CSRF-protection is used then implementers must ensure that sufficient entropy is present in the nonce value.
 Please see [OAuth 2.0 Security Best Current Practice](https://oauthstuff.github.io/draft-ietf-oauth-security-topics/draft-ietf-oauth-security-topics.html#name-protecting-redirect-based-f).
@@ -114,9 +114,9 @@ This CAMARA document clarifies the values used in login_hint in the following wa
 #### Refresh Token Issuance
 
 Neither OIDC, CIBA, nor OAuth2 define a way for clients to indicate whether they need a refresh_token. 
-Refresh token issuance is optional and at the discretion of the AZ.
+Refresh token issuance is optional and at the discretion of the authorization server.
 
-CAMARA uses the scope `offline_access` in the authorization request to indicate to the AZ that the client requests a refresh token additionally to the access token for CAMARA API access.
+CAMARA uses the scope `offline_access` in the authorization request to indicate to the authorization server that the client requests a refresh token additionally to the access token for CAMARA API access.
 
 ---
 **NOTE**