Thinking about possible extensions to GNAP's interaction modes, I had the impression that the specification could be a bit clearer regarding requirements on such extensions.
Interaction Finish Nonce in Grant Response
From reading Section 3.3, my understanding is that all implementations of GNAP, including ones using extensions which define additional interaction finish methods, MUST include a finish nonce in the grant response (given that the AS wants to use the finish method offered by the client instance):
with the two following sections describing the finish methods defined by GNAP core.
This is, however, somewhat clearer in Section 4.2.3:
The AS MUST always provide this hash, and the client instance MUST validate the hash when received.
I.e., Section 4.2.3 implies that AS must (somehow) provide the client instance with an interaction reference and interaction finish nonce. But it may be helpful to make this more explicit throughout the relevant Sections.
Interaction Start Methods
There seem to be no requirements for future interaction start methods. It may be helpful to document some minimal requirements, e.g., enough information to identify the grant has to be conveyed to AS via RO in the interaction start (such as the redirect URI in GNAP core).
Thinking about possible extensions to GNAP's interaction modes, I had the impression that the specification could be a bit clearer regarding requirements on such extensions.
Interaction Finish Nonce in Grant Response
From reading Section 3.3, my understanding is that all implementations of GNAP, including ones using extensions which define additional interaction finish methods, MUST include a
finishnonce in the grant response (given that the AS wants to use the finish method offered by the client instance):https://github.com/ietf-wg-gnap/gnap-core-protocol/blob/052162d7cfae1796f09bc27ddcc8dae85a54402d/draft-ietf-gnap-core-protocol.md?plain=1#L2115-L2116
However, Section 3.3.5 sounds a bit different, only referring to the two interaction finish methods defined by GNAP core:
https://github.com/ietf-wg-gnap/gnap-core-protocol/blob/052162d7cfae1796f09bc27ddcc8dae85a54402d/draft-ietf-gnap-core-protocol.md?plain=1#L2284-L2303
Interaction Hash
Section 4.2 could be a bit clearer as to what is expected of future extensions to GNAP, it currently says:
https://github.com/ietf-wg-gnap/gnap-core-protocol/blob/052162d7cfae1796f09bc27ddcc8dae85a54402d/draft-ietf-gnap-core-protocol.md?plain=1#L2770-L2772
with the two following sections describing the finish methods defined by GNAP core. This is, however, somewhat clearer in Section 4.2.3:
I.e., Section 4.2.3 implies that AS must (somehow) provide the client instance with an interaction reference and interaction finish nonce. But it may be helpful to make this more explicit throughout the relevant Sections.
Interaction Start Methods
There seem to be no requirements for future interaction start methods. It may be helpful to document some minimal requirements, e.g., enough information to identify the grant has to be conveyed to AS via RO in the interaction start (such as the redirect URI in GNAP core).