Metadata elements such as client_name and logo_uri present in a clients metadata document are self attested by the client, pertain to the clients identity and often used to form UX (in obtaining user consent). They therefore create the possibility for client impersonation. A security consideration should be added to the document that discusses this and more generally any other metadata that may be open to abuse in this manner. In general the only part of the client's identity that can be validated by the AS in following this specification is the clients "client_uri".
Metadata elements such as client_name and logo_uri present in a clients metadata document are self attested by the client, pertain to the clients identity and often used to form UX (in obtaining user consent). They therefore create the possibility for client impersonation. A security consideration should be added to the document that discusses this and more generally any other metadata that may be open to abuse in this manner. In general the only part of the client's identity that can be validated by the AS in following this specification is the clients "client_uri".