Hi all, I read through the document as part of my shepherding task; it is nicely written and easy to understand.
I only have a few minor suggestions: * client_uri: URL of the homepage of the client. Would it be better to say that this is the URI provides further information about the client software (provided by the client software developer)? * logo_uri: The value of this field MUST point to a valid image file. Would it make sense to provide a type field here as well, such as in HTML (e.g., type="image/png")? * contacts: Would these email addresses be in the format of mailto:u...@example.com or would you just use j...@example.com? I am asking because with the URI scheme one could potentially provide other contact information here as well, such as XMPP URIs or so. * policy_uri: Would it be better to call this a privacy notice rather than policy document? Here is a short description what a privacy notice is: https://www.privacyassociation.org/resource_center/privacy_glossary/privacy_notice * jwks_uri: The text provides little information about how this element is used. I believe that this is an alternative way of using the PoP architecture, where the client registers keys with the authorization server that can then be tied to access tokens. Right? I could add some text in the PoP overview document to explain this and maybe you could include a reference to the PoP document (as an informative reference, for example). Ciao Hannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth