[OAUTH-WG] Review of draft-ietf-oauth-dyn-reg-metadata-00

Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 23 April 2014 19:19 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 4E6271A024D for <oauth@ietfa.amsl.com>; Wed, 23 Apr 2014 12:19:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.172
X-Spam-Status: No, score=-2.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 4o1_bpIS1_CK for <oauth@ietfa.amsl.com>; Wed, 23 Apr 2014 12:19:39 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net []) by ietfa.amsl.com (Postfix) with ESMTP id 6C2001A04C8 for <oauth@ietf.org>; Wed, 23 Apr 2014 12:19:39 -0700 (PDT)
Received: from [] ([]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MCwbX-1WmhUN13bf-009kmo for <oauth@ietf.org>; Wed, 23 Apr 2014 21:19:32 +0200
Message-ID: <5358110C.9020503@gmx.net>
Date: Wed, 23 Apr 2014 21:14:20 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
X-Enigmail-Version: 1.5.2
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="mPuBW1dej32FjPk2SsO9AFg9ecPWkrRRh"
X-Provags-ID: V03:K0:enCJmOBSPyABzMeGYNMMxHgKryq+Bx1zAdj5rflSPz2zwdG2Q2s UNqnSb6ceWr8zx5/av+vD5f8ZZFn+dHN4Om+icHPiibdc62muvMDz+cKdpIQF6cuqmfjxVk xfJv/n4aLeoHyFEdbp/e+wlQgcofejWoggq6ZV96LsYAZyDl/mIF0jUdZzIG3JfKcksbYpm Sh1htFBmLTYzC766+Z+LA==
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/rrO75-Eb8dmsNgJ2RCPih44DNG4
Subject: [OAUTH-WG] Review of draft-ietf-oauth-dyn-reg-metadata-00
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Apr 2014 19:19:41 -0000

Hi all,

I read through the document as part of my shepherding task; it is nicely
written and easy to understand.

I only have a few minor suggestions:

* client_uri: URL of the homepage of the client.

Would it be better to say that this is the URI provides further
information about the client software (provided by the client software

* logo_uri: The value of this field MUST point to a valid image file.

Would it make sense to provide a type field here as well, such as in
HTML (e.g., type="image/png")?

* contacts: Would these email addresses be in the format of
mailto:user@example.com or would you just use joe@example.com?
I am asking because with the URI scheme one could potentially provide
other contact information here as well, such as XMPP URIs or so.

* policy_uri: Would it be better to call this a privacy notice rather
than policy document?
Here is a short description what a privacy notice is:

* jwks_uri: The text provides little information about how this element
is used. I believe that this is an alternative way of using the PoP
architecture, where the client registers keys with the authorization
server that can then be tied to access tokens. Right? I could add some
text in the PoP overview document to explain this and maybe you could
include a reference to the PoP document (as an informative reference,
for example).