Great doc I finally found: http://tools.ietf.org/html/rfc6819 After browsing it, I still can't find pros/cons of public vs. confidential clients. Especially when we perform all the other validations suggested. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com