Security Consideration: "As specified in the IUA profile, the IUA Authorization Client and Authorization Server actors SHALL support Any actor who supports this transaction MAY support the JWE (unsigned but encrypted) alternative of the JWT token."
This makes no sense, either all actors implement and use JWEs, or nobody needs to. If it isn't used, then it's only additional complexity in the spec.
Security Consideration: "As specified in the IUA profile, the IUA Authorization Client and Authorization Server actors SHALL support Any actor who supports this transaction MAY support the JWE (unsigned but encrypted) alternative of the JWT token." This makes no sense, either all actors implement and use JWEs, or nobody needs to. If it isn't used, then it's only additional complexity in the spec.