I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document creates a new URN subregistry for oauth use. The security considerations section points out that there is no new security considerations in this document that are not already inherernt to using URNs and points to RFC2141 for more information. On the other hand RFC2141 is very generic and says that there are security considerations that are outside the scope of that document, and they should be included in the document registering the namespace identifiers. As this again only generates subregistry and not any actual registry values, it might be better to just add similar note than what is in RFC2141, adding pointer to another document which says "there is nothing here", isn't that helpful. -- kivinen at iki.fi