Last Call Review of draft-ietf-oauth-discovery-07
review-ietf-oauth-discovery-07-opsdir-lc-bhandari-2017-10-23-00

Reviewer: Shwetha Bhandari

Review result: Ready

I have reviewed this document as part of the Operational directorate's ongoing

effort to review all IETF documents being processed by the IESG.  These

comments were written with the intent of improving the operational aspects of

the IETF drafts. Comments that are not addressed in last call may be included

in AD reviews during the IESG review.  Document editors and WG chairs should

treat these comments just like any other last call comments.

Summary:

This specification defines a metadata format that an OAuth 2.0 client can use
to obtain the information needed to interact with an OAuth 2.0 authorization
server. The process of deploying authorization server metadata and discovering
its location is out of scope of this specification. The specification
establishes and populates IANA registry for authorization server metadata
names. It also registers URI suffix “oauth-authorization-server” in the IANA
"Well-Known URIs" registry without mandating applications to use only this
suffix to publish authorization server metadata.

There is no operational considerations or manageability section in the document.

I don’t see any operational, network management or security management concerns
with this document.

Thanks,

Shwetha