diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/admin.js b/openid-connect-server-webapp/src/main/webapp/resources/js/admin.js
index a49d2852f..2246eea6a 100644
--- a/openid-connect-server-webapp/src/main/webapp/resources/js/admin.js
+++ b/openid-connect-server-webapp/src/main/webapp/resources/js/admin.js
@@ -513,19 +513,28 @@ var AppRouter = Backbone.Router.extend({
 
     	var client = new ClientModel();
     	
-    	// set up this new client to require a secret and have us autogenerate one
-    	client.set({
-    		requireClientSecret:true, 
-    		generateClientSecret:true,
-    		displayClientSecret:false,
-    		scope: _.uniq(_.flatten(this.systemScopeList.defaultScopes().pluck("value"))),
-    		accessTokenValiditySeconds:3600,
-    		idTokenValiditySeconds:600
-    	}, { silent: true });
-    	
         this.clientFormView = new ClientFormView({model:client, systemScopeList: this.systemScopeList});
-        $('#content').html(this.clientFormView.render().el);
-    	setPageTitle("New Client");
+        this.clientFormView.load(function() {
+        	// set up this new client to require a secret and have us autogenerate one
+        	client.set({
+        		tokenEndpointAuthMethod: "client_secret_basic",
+        		requireClientSecret:true, 
+        		generateClientSecret:true,
+        		displayClientSecret:false,
+        		requireAuthTime:true,
+        		defaultMaxAge:60000,
+        		scope: _.uniq(_.flatten(this.systemScopeList.defaultScopes().pluck("value"))),
+        		accessTokenValiditySeconds:3600,
+        		idTokenValiditySeconds:600,
+        		grantTypes: ["authorization_code"],
+        		responseTypes: ["code"],
+        		subjectType: "public"
+        	}, { silent: true });
+        	
+        	
+        	$('#content').html(this.clientFormView.render().el);
+        	setPageTitle("New Client");
+        });
     },
 
     editClient:function(id) {
@@ -801,9 +810,12 @@ var AppRouter = Backbone.Router.extend({
              {text:"Client Registration", href:"manage/#dev/dynreg"}
         ]);
     	
-    	$('#content').html(this.dynRegRootView.render().el);
+    	this.dynRegRootView.load(function() {
+    			$('#content').html(app.dynRegRootView.render().el);
+    			
+    			setPageTitle("Self-service Client Registration");
+    	});
     	
-    	setPageTitle("Self-service Client Registration");
     },
     
     newDynReg:function() {
@@ -814,9 +826,21 @@ var AppRouter = Backbone.Router.extend({
              {text:"New", href:"manage/#dev/dynreg/new"}
         ]);
     	
-    	var view = new DynRegEditView({model: new DynRegClient(), systemScopeList:this.systemScopeList});
+    	var client = new DynRegClient();
+    	var view = new DynRegEditView({model: client, systemScopeList:this.systemScopeList});
     	
     	view.load(function() {
+
+    		client.set({
+        		require_auth_time:true,
+        		default_max_age:60000,
+        		scope: _.uniq(_.flatten(app.systemScopeList.defaultDynRegScopes().pluck("value"))).join(" "),
+        		token_endpoint_auth_method: 'client_secret_basic',
+        		grant_types: ["authorization_code"],
+        		response_types: ["code"],
+        		subject_type: "public"
+        	}, { silent: true });
+    	
     		$('#content').html(view.render().el);
     		view.delegateEvents();
     		setPageTitle("Dynamically Register a New Client");
diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/client.js b/openid-connect-server-webapp/src/main/webapp/resources/js/client.js
index 3c7825730..10e58adda 100644
--- a/openid-connect-server-webapp/src/main/webapp/resources/js/client.js
+++ b/openid-connect-server-webapp/src/main/webapp/resources/js/client.js
@@ -44,7 +44,7 @@ var ClientModel = Backbone.Model.extend({
         tosUri:"",
         tokenEndpointAuthMethod:null,
         scope:[],
-        grantTypes:["authorization_code"],
+        grantTypes:[],
         responseTypes:[],
         policyUri:"",
         jwksUri:"",
@@ -65,7 +65,7 @@ var ClientModel = Backbone.Model.extend({
         
         tokenEndpointAuthSigningAlg:null,
         
-        defaultMaxAge:60000,
+        defaultMaxAge:null,
         requireAuthTime:false,
         defaultACRvalues:null,
         
diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/dynreg.js b/openid-connect-server-webapp/src/main/webapp/resources/js/dynreg.js
index 081510fc1..6242a0302 100644
--- a/openid-connect-server-webapp/src/main/webapp/resources/js/dynreg.js
+++ b/openid-connect-server-webapp/src/main/webapp/resources/js/dynreg.js
@@ -73,6 +73,22 @@ var DynRegRootView = Backbone.View.extend({
 		"click #editreg":"editReg"
 	},
 	
+	load:function(callback) {
+    	if (this.options.systemScopeList.isFetched) {
+    		callback();
+    		return;
+    	}
+
+    	$('#loadingbox').sheet('show');
+    	$('#loading').html('<span class="label" id="loading-scopes">Scopes</span> ');
+
+    	$.when(this.options.systemScopeList.fetchIfNeeded({success:function(e) {$('#loading-scopes').addClass('label-success');}}))
+    	.done(function() {
+    	    		$('#loadingbox').sheet('hide');
+    	    		callback();
+    			});    	
+	},
+    	
 	render:function() {
     	$(this.el).html($('#tmpl-dynreg').html());
     	return this;
diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/scope.js b/openid-connect-server-webapp/src/main/webapp/resources/js/scope.js
index a57683300..4bb942dd7 100644
--- a/openid-connect-server-webapp/src/main/webapp/resources/js/scope.js
+++ b/openid-connect-server-webapp/src/main/webapp/resources/js/scope.js
@@ -46,6 +46,20 @@ var SystemScopeCollection = Backbone.Collection.extend({
 		return new SystemScopeCollection(filtered);
 	},
 	
+	dynRegScopes: function() {
+		filtered = this.filter(function(scope) {
+			return scope.get("allowDynReg") === true;
+		});
+		return new SystemScopeCollection(filtered);
+	},
+	
+	defaultDynRegScopes: function() {
+		filtered = this.filter(function(scope) {
+			return scope.get("defaultScope") === true && scope.get("allowDynReg") === true;
+		});
+		return new SystemScopeCollection(filtered);		
+	},
+	
 	getByValue: function(value) {
 		var scopes = this.where({value: value});
 		if (scopes.length == 1) {
diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/client.html b/openid-connect-server-webapp/src/main/webapp/resources/template/client.html
index 7f0048c21..c66190068 100644
--- a/openid-connect-server-webapp/src/main/webapp/resources/template/client.html
+++ b/openid-connect-server-webapp/src/main/webapp/resources/template/client.html
@@ -663,7 +663,7 @@
 
 
             <div class="control-group" id="requireAuthTime">
-                <label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Require Auth Time</label>
+                <label class="control-label">Require Authentication Time</label>
                 <div class="controls">
                     <label class="checkbox">
                         <input type="checkbox" <%=(requireAuthTime == true ? 'checked' : '')%>> Always require that the auth_time claim be sent in the id token
diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html b/openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html
index aee49172d..9f261a629 100644
--- a/openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html
+++ b/openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html
@@ -182,7 +182,7 @@
 			</div>
 
 			<div class="control-group" id="tosUri">
-				<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Terms of Service</label>
+				<label class="control-label">Terms of Service</label>
 				<div class="controls">
 					<input placeholder="https://" value="<%=client.tos_uri ? client.tos_uri : ''%>" maxlength="1000" type="text" class=""/>
 					<p class="help-block">URL for the Terms of Service of this client, will be displayed to the user</p>
@@ -190,7 +190,7 @@
 			</div>
 
 			<div class="control-group" id="policyUri">
-				<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Policy</label>
+				<label class="control-label">Policy</label>
 				<div class="controls">
 					<input placeholder="https://" value="<%=client.policy_uri ? client.policy_uri : ''%>" maxlength="1000" type="text" class=""/>
 					<p class="help-block">URL for the Policy Statement of this client, will be displayed to the user</p>
@@ -198,7 +198,7 @@
 			</div>
 
 			<div class="control-group" id="clientUri">
-				<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Home Page</label>
+				<label class="control-label">Home Page</label>
 				<div class="controls">
 					<input placeholder="https://" value="<%=client.client_uri ? client.client_uri : ''%>" maxlength="1000" type="text" class=""/>
 					<p class="help-block">URL for the client's home page, will be displayed to the user</p>
@@ -495,6 +495,23 @@
 
 	<div class="tab-pane" id="client-other-tab">
 
+            <div class="control-group" id="requireAuthTime">
+                <label class="control-label">Require Authentication Time</label>
+                <div class="controls">
+                    <label class="checkbox">
+                        <input type="checkbox" <%=(client.require_auth_time == true ? 'checked' : '')%>> Always require that the auth_time claim be sent in the id token
+                    </label>
+                </div>
+            </div>
+
+			<div class="control-group" id="defaultMaxAge">
+				<label class="control-label">Default Max Age</label>
+				<div class="controls">
+					<input placeholder="" value="<%=client.default_max_age ? client.default_max_age : ''%>" maxlength="10" type="text" class=""/>
+					<p class="help-block">Default maximum session age before re-prompting</p>
+				</div>
+			</div>
+
 			<div class="control-group" id="initiateLoginUri">
 				<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Initiate Login</label>
 				<div class="controls">
@@ -512,23 +529,6 @@
 			</div>
 
 
-            <div class="control-group" id="requireAuthTime">
-                <label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Require Auth Time</label>
-                <div class="controls">
-                    <label class="checkbox">
-                        <input type="checkbox" <%=(client.require_auth_time == true ? 'checked' : '')%>> Always require that the auth_time claim be sent in the id token
-                    </label>
-                </div>
-            </div>
-
-			<div class="control-group" id="defaultMaxAge">
-				<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Default Max Age</label>
-				<div class="controls">
-					<input placeholder="" value="<%=client.default_max_age ? client.default_max_age : ''%>" maxlength="1000" type="text" class=""/>
-					<p class="help-block">Default maximum session age before re-prompting</p>
-				</div>
-			</div>
-
             <div class="control-group" id="requestUris">
                 <label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Request URIs</label>
                 <div class="controls">