Telechat Review of draft-ietf-oauth-amr-values-05
review-ietf-oauth-amr-values-05-genart-telechat-kyzivat-2017-01-26-00

I am the assigned Gen-ART reviewer for this draft. The General Area 
Review Team (Gen-ART) reviews all IETF documents being processed by the 
IESG for the IETF Chair. Please wait for direction from your document 
shepherd or AD before posting a new version of the draft. For more 
information, please see the FAQ at 
<​http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Document: draft-ietf-oauth-amr-values-05
Reviewer: Paul Kyzivat
Review Date: 2017-01-26
IETF LC End Date: 2016-12-13
IESG Telechat date:2017-01-32

Summary:

This draft is on the right track but has open issues, described in the 
review.

It is generally well written, with much better guidelines for expert 
reviewers than I typically see.

Disclaimer:

I'm not well versed in JSON Web Tokens, so I have not considered the 
pros/cons of having this registry or of the specific values being 
registered. I have focused on the mechanics of the draft.

Issues:

Major: 0
Minor: 1
Nits:  0

(1) Minor:

Section 6.1 says:

     IANA must only accept registry updates from the Designated Experts
     and should direct all requests for registration to the review
     mailing list.

This is inconsistent with the way IANA Expert Review works, as defined 
in section 3 of RFC5226. Requests go through some channel (e.g. IESG 
review for standards track RFCs) to the editor and then IANA actions 
requiring expert review are referred to a designated expert. The expert 
then approves or denies the request, and approved requests are acted 
upon by IANA.

Direction of requests to a mailing list is not an IANA function, but 
could be done by the expert.

Please revise the text and procedures to be consistent with the way 
Expert Review is intended to work.

(Note: In my earlier last call review of this document I erroneously 
cited RFC5526 rather than RFC5226. I have corrected that above.)