[OAUTH-WG] Review of draft-ietf-oauth-dyn-reg-metadata-00

Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 23 April 2014 19:19 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E6271A024D for <oauth@ietfa.amsl.com>; Wed, 23 Apr 2014 12:19:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.172
X-Spam-Level:
X-Spam-Status: No, score=-2.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4o1_bpIS1_CK for <oauth@ietfa.amsl.com>; Wed, 23 Apr 2014 12:19:39 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by ietfa.amsl.com (Postfix) with ESMTP id 6C2001A04C8 for <oauth@ietf.org>; Wed, 23 Apr 2014 12:19:39 -0700 (PDT)
Received: from [192.168.131.128] ([80.92.122.106]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MCwbX-1WmhUN13bf-009kmo for <oauth@ietf.org>; Wed, 23 Apr 2014 21:19:32 +0200
Message-ID: <5358110C.9020503@gmx.net>
Date: Wed, 23 Apr 2014 21:14:20 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
X-Enigmail-Version: 1.5.2
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="mPuBW1dej32FjPk2SsO9AFg9ecPWkrRRh"
X-Provags-ID: V03:K0:enCJmOBSPyABzMeGYNMMxHgKryq+Bx1zAdj5rflSPz2zwdG2Q2s UNqnSb6ceWr8zx5/av+vD5f8ZZFn+dHN4Om+icHPiibdc62muvMDz+cKdpIQF6cuqmfjxVk xfJv/n4aLeoHyFEdbp/e+wlQgcofejWoggq6ZV96LsYAZyDl/mIF0jUdZzIG3JfKcksbYpm Sh1htFBmLTYzC766+Z+LA==
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/rrO75-Eb8dmsNgJ2RCPih44DNG4
Subject: [OAUTH-WG] Review of draft-ietf-oauth-dyn-reg-metadata-00
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Apr 2014 19:19:41 -0000

Hi all,

I read through the document as part of my shepherding task; it is nicely
written and easy to understand.

I only have a few minor suggestions:

* client_uri: URL of the homepage of the client.

Would it be better to say that this is the URI provides further
information about the client software (provided by the client software
developer)?

* logo_uri: The value of this field MUST point to a valid image file.

Would it make sense to provide a type field here as well, such as in
HTML (e.g., type="image/png")?

* contacts: Would these email addresses be in the format of
mailto:user@example.com or would you just use joe@example.com?
I am asking because with the URI scheme one could potentially provide
other contact information here as well, such as XMPP URIs or so.

* policy_uri: Would it be better to call this a privacy notice rather
than policy document?
Here is a short description what a privacy notice is:
https://www.privacyassociation.org/resource_center/privacy_glossary/privacy_notice

* jwks_uri: The text provides little information about how this element
is used. I believe that this is an alternative way of using the PoP
architecture, where the client registers keys with the authorization
server that can then be tied to access tokens. Right? I could add some
text in the PoP overview document to explain this and maybe you could
include a reference to the PoP document (as an informative reference,
for example).

Ciao
Hannes