Last Call Review of draft-ietf-oauth-dyn-reg-24
I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
Please resolve these comments along with any other Last Call comments
you may receive.
Reviewer: Brian Carpenter
Review Date: 2015-03-05
IETF LC End Date: 2015-03-16
IESG Telechat date:
Summary: Almost ready
>2. Client Metadata
> The following client metadata fields are defined by this
> Extensions and profiles of this specification MAY expand this list.
That definitely needs a forward reference to the IANA Considerations.
I don't think it's an RFC 2119 MAY, so it should read something like
Extensions and profiles of this specification may expand this list
with metadata names registered in accordance with the IANA Considerations
in Section 4 of this document.
> The authorization server MUST ignore any client metadata values sent
> by the client that it does not understand.
Silently, or with an error report?
>4. IANA Considerations
>4.1. OAuth Dynamic Registration Client Metadata Registry
> This specification establishes the OAuth Dynamic Registration Client
> Metadata registry.
> OAuth registration client metadata values are registered with a
> Specification Required ...
This may be a nit but it confused me; surely it isn't metadata *values*
that are registered; it's metadata names and descriptions?
I expected a reference, presumably [RFC6749], at the first mention
of OAuth 2.0 (in the first sentence).