Hi Murray, Thank you for your comments, and sorry for the late reply. We addressed most of the issues in the latest version, but I have one comment (see below).
On 3/25/21 5:28 AM, Murray Kucherawy via Datatracker wrote: > Murray Kucherawy has entered the following ballot position for > draft-ietf-ace-dtls-authorize-16: No Objection > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > In Section 3.2.2, first paragraph, why is that only a SHOULD? What's a > situation in which I might do something else? Same for the one in the second > paragraph of Section 3.4. I agree that the phrasing in 3.2.2 is a bit odd. We rephrased that sentence. In section 3.4, I guess you refer to the sentence "New access tokens issued by the authorization server SHOULD replace previously issued access tokens for the respective client." The reason for this phrasing is that while we recommend that the RS only has a single access token per client, it is not forbidden to have several (see also section 5.10.1 of draft-ace-oauth-authz). Applications may, e.g., decide to let the AS add new permissions to the existing ones. > > In the last paragraph of Section 3.3.1, "additionally" doesn't need to appear > twice. Okay, fixed. Thank you for your time, Steffi _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
