Feedback on the REST profile draft:

Section 2.3 Resources "Each section defines with operations are supported... " typo. with => which

It would be helpful if there were non-normative examples urls for illustration.
I realize that since the REST responses are supposed to be self-documenting for
discovery, specifying the URL patterns should not be part of the normative text.
Including examples in the normative sections 2.3.* might be confusing to keep
normative separate from nonnormative, but perhaps a new examples section that
follows the normative 2.3.* text?

For example, what is the REST entry point referred to in 2.3.1? For a PDP at
http://pdp.example.com/v1/, is the REST entry point described in 2.3.1
http:/pdp.example.com/, which will list the v1 url as one of the interfaces
provided by that server and only that server? Or is the REST entry point an
entirely separate service entity (http://discover.example.com) which lists
available PDP (and other) interfaces on all servers?

Section 2.3.1 REST Entry Point uses HTTP GET to obtain information about what
services / interfaces are available. Isn't that the job of the HTTP OPTIONS
method?

Should section 2.3.1 mention anything about best-practices such as filtering
results to only return links to services that the client credentials are
authorized to use? If an organization has multiple PDPs running, and some of
them are domain specific and only accessible to certain clients, it could be
considered a breach of disclosure if the REST Entry Point returned all the PDP
services links, including links to services that the client can't access.

Section 2.3.3 Policy Administration Point GET returns a list of available XACML policies. It would be helpful to mention
the use of "next", "prev" link relations to manage pagination of large result
sets. http://www.iana.org/assignments/link-relations/link-relations.xml

Thanks, -Danny