Skip to main content

Last Call Review of draft-ietf-oauth-dyn-reg-24
review-ietf-oauth-dyn-reg-24-genart-lc-carpenter-2015-03-05-00

Request Review of draft-ietf-oauth-dyn-reg
Requested revision No specific revision (document currently at 30)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2015-03-16
Requested 2015-03-04
Authors Justin Richer , Michael B. Jones , John Bradley , Maciej Machulak , Phil Hunt
I-D last updated 2015-03-05
Completed reviews Genart Last Call review of -24 by Brian E. Carpenter (diff)
Genart Last Call review of -27 by Brian E. Carpenter (diff)
Secdir Last Call review of -24 by Charlie Kaufman (diff)
Opsdir Last Call review of -24 by Tina Tsou (Ting ZOU) (diff)
Assignment Reviewer Brian E. Carpenter
State Completed
Request Last Call review on draft-ietf-oauth-dyn-reg by General Area Review Team (Gen-ART) Assigned
Reviewed revision 24 (document currently at 30)
Result Almost ready
Completed 2015-03-05
review-ietf-oauth-dyn-reg-24-genart-lc-carpenter-2015-03-05-00
I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-ietf-oauth-dyn-reg-24.txt
Reviewer: Brian Carpenter
Review Date: 2015-03-05
IETF LC End Date: 2015-03-16
IESG Telechat date:

Summary: Almost ready
--------

Issues:
-------

>2.  Client Metadata
>   ...
>   The following client metadata fields are defined by this
>   specification.
>   ...
>   ...
>   Extensions and profiles of this specification MAY expand this list.

That definitely needs a forward reference to the IANA Considerations.
I don't think it's an RFC 2119 MAY, so it should read something like

  Extensions and profiles of this specification may expand this list
  with metadata names registered in accordance with the IANA Considerations
  in Section 4 of this document.

>   The authorization server MUST ignore any client metadata values sent
>   by the client that it does not understand.

Silently, or with an error report?

>4.  IANA Considerations
>
>4.1.  OAuth Dynamic Registration Client Metadata Registry
>
>   This specification establishes the OAuth Dynamic Registration Client
>   Metadata registry.
>
>   OAuth registration client metadata values are registered with a
>   Specification Required ...

This may be a nit but it confused me; surely it isn't metadata *values*
that are registered; it's metadata names and descriptions?

Nit:
----

I expected a reference, presumably [RFC6749], at the first mention
of OAuth 2.0 (in the first sentence).