Clarify when to honor token validity expiration. Add remark to Part 4 (7.36.6 IssuedIdentityToken) regarding this behavior.

Need input from Randy to continue

Not sure what input is needed. AccessTokens expire. When they expire Session credentials should be revoked.

Clients that use AccessTokens need to be aware of the expiry time and call ActivateSession with a new token prior to expiry of the existing Token if they want uninterrupted access.

Added following clarification to 7.41.6 IssuedIdentityToken

IssuedIdentityTokens have an expiration time, and a Server shall reject the credentials of the Session after the expiration of the token. The Session shall stay valid with an Anonymous user token if the Server allows Anonymous users. Clients should renew the token with ActivateSession before the expiration time to avoid communication interruption.

Agreed to 1.05 text. Needs 1.04 Errata to close.

Need to define test cases for this cloned issue