Last Call Review of draft-ietf-oauth-dyn-reg-24
review-ietf-oauth-dyn-reg-24-genart-lc-carpenter-2015-03-05-00

Request Review of draft-ietf-oauth-dyn-reg
Requested rev. no specific revision (document currently at 30)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2015-03-16
Requested 2015-03-04
Other Reviews Genart Last Call review of -27 by Brian Carpenter (diff)
Secdir Last Call review of -24 by Charlie Kaufman (diff)
Opsdir Last Call review of -24 by Tina Tsou (diff)
Review State Completed
Reviewer Brian Carpenter
Review review-ietf-oauth-dyn-reg-24-genart-lc-carpenter-2015-03-05
Posted at http://www.ietf.org/mail-archive/web/gen-art/current/msg11434.html
Reviewed rev. 24 (document currently at 30)
Review result Almost Ready
Draft last updated 2015-03-05
Review completed: 2015-03-05

Review
review-ietf-oauth-dyn-reg-24-genart-lc-carpenter-2015-03-05

I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-ietf-oauth-dyn-reg-24.txt
Reviewer: Brian Carpenter
Review Date: 2015-03-05
IETF LC End Date: 2015-03-16
IESG Telechat date:

Summary: Almost ready
--------

Issues:
-------

>2.  Client Metadata
>   ...
>   The following client metadata fields are defined by this
>   specification.
>   ...
>   ...
>   Extensions and profiles of this specification MAY expand this list.

That definitely needs a forward reference to the IANA Considerations.
I don't think it's an RFC 2119 MAY, so it should read something like

  Extensions and profiles of this specification may expand this list
  with metadata names registered in accordance with the IANA Considerations
  in Section 4 of this document.

>   The authorization server MUST ignore any client metadata values sent
>   by the client that it does not understand.

Silently, or with an error report?

>4.  IANA Considerations
>
>4.1.  OAuth Dynamic Registration Client Metadata Registry
>
>   This specification establishes the OAuth Dynamic Registration Client
>   Metadata registry.
>
>   OAuth registration client metadata values are registered with a
>   Specification Required ...

This may be a nit but it confused me; surely it isn't metadata *values*
that are registered; it's metadata names and descriptions?

Nit:
----

I expected a reference, presumably [RFC6749], at the first mention
of OAuth 2.0 (in the first sentence).