The document is basically well written and clear. The only nits I suggest to fix is in the security chapter: it seems a copy/paste of the same sections as RFC 7519 one, but maybe some "expanded statements" on the implication of external signature use and in case about potential risks associated may help the non security expert implementer to better understand the whole picture.

Given the above, the document is ready to go.