JARM tidy up

JARM is a utility type spec that’s “used” by FAPI 1.0 and 2.0 but can be used independent of FAPI too. While the JARM Foreword and Introduction talk a lot about FAPI 1.0 and fintech. I think JARM would be better served by a more concise intro about just what JARM is.

tools.ietf.org is going out of style (for lack of a better way to say it) so URLs to e.g. security topics should probably be something like https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics/

Some or many of the references probably shouldn’t be normative. This doc doesn’t seem to use the normal xml2rfc references, which is odd and somewhat related to normative/informative and tools.ietf.org. Also I’d guess why there are no links for references in the published version https://openid.net/specs/openid-financial-api-jarm-ID1.html but I fear that rat hole that includes questions about how this markdown went to xml to html because it doesn’t follow (what I think of as) normal mmark + xml2rfc stuff. I realize I’m ‘co-editor’ but I was more the idea guy on this one and Torsten did the initial document set up.

The Privacy Considerations has just a TBD and should be removed (unless someone has some legit text for it).

Some of the affiliations in the Acknowledgement are missing or out of date.

The sentence in sec 5 Client Metadata, “The parameter names follow the pattern established by OpenID Connect Dynamic Client Registration OIDR for configuring signing and encryption algorithms for JWT responses at the UserInfo endpoint.” has confused me more than once. UserInfo huh? Oh, it’s just noting a naming pattern. I think it should be removed or de-emphasised as a note or something.

The Notational Conventions talks about ISO Directive Part 2 keywords but the text of the document uses RFC2119 keywords.

This ticket is a mess, I’m sorry.

Comments (6)