Improve wording about how masquerading works

specification/application_service_api.rst

@@ -185,18 +185,17 @@ homeserver.
 Identity assertion
 ++++++++++++++++++
 The client-server API infers the user ID from the ``access_token`` provided in
-every request. It would be an annoying amount of book-keeping to maintain tokens
+every request. To avoid the application service from having to keep track of each
-for every virtual user. It would be preferable if the application service could
+user's access token, the application service should identify itself to the Client-Server
-use the CS API with its own ``as_token`` instead, and specify the virtual user
+API by providing its ``as_token`` instead for the ``access_token`` alongside the
-they wish to be acting on behalf of. For real users, this would require
+user the application service would like to masquerade as.
-additional permissions granting the AS permission to masquerade as a matrix user.
 
 Inputs:
  - Application service token (``as_token``)
  - User ID in the AS namespace to act as.
 
 Notes:
- - This will apply on all aspects of the Client-Server API, except for Account Management.
+ - This applies to all aspects of the Client-Server API, except for Account Management.
  - The ``as_token`` is inserted into ``access_token`` which is usually where the
    client token is, such as via the query string or ``Authorization`` header. This 
    is done on purpose to allow application services to reuse client SDKs.