I did not do a full in-depth research on this topic, but it looks like my
AD review of what became RFC 9200
(https://mailarchive.ietf.org/arch/msg/ace/k5RzWwmuawvczrHN88JoE3vbH78/)
noted that what-became-RFC8693 had already gotten "scope" registered in the
JWT claims registry, so that RFC 9200
It took a bit of looking but Neil is correct and that some other document
is RFC9200:
https://datatracker.ietf.org/doc/html/rfc9200#name-cbor-web-token-claims
(last one in that section)
which doesn't seem quite right. I would have expected the entry in the
registry to point back to RFC9200,
