Shayne's review feedback addressed

Author: appsdesh

openid-caep-1_0.md

@@ -839,7 +839,7 @@ The Risk Level Change event is employed by the Transmitter to communicate any mo
 ### Event Specific Claims {#risk-level-change-event-specific-claims}
 
 risk_reason
-: REQUIRED, JSON string: indicates the reason that contributed to the risk level changes by the Transmitter.
+: RECOMMENDED, JSON string: indicates the reason that contributed to the risk level changes by the Transmitter.
 
 principal
 : REQUIRED, JSON string: representing the principal entity involved in the observed risk event, as identified by the transmitter. The subject principal can be one of the following entities USER, DEVICE, SESSION, TENANT, ORG_UNIT, GROUP, or any other entity as defined in {{Section 2 of SSF}}. This claim identifies the primary subject associated with the event, and helps to contextualize the risk relative to the entity involved.
@@ -871,6 +871,7 @@ The following is a non-normative example of a Risk Level Change event:
          "current_level": "LOW",
          "previous_level": "HIGH",
          "event_timestamp": 1615304991643,
+         "principal": "USER",
          "risk_reason":{
             "en": "User's password detected in the pwned password dump"
          }