In the continuing quest for simplification and OAuth/OIDC alignment as I work on the refactored specs, this seems like a biggie.

Thoughts from y'all? If we go with Grant/Fed Authz vs Core/RReg, which seems to be the prevailing opinion, I really don't like the idea of including all the "here's a new definition of how you do discovery/metadata infrastructure" stuff in our specs vs. just leveraging OAuth's and OIDC's invitation to add new metadata fields. The only unattractive part is that OAuth discovery is in draft, and I wonder if it's going anywhere.