Overall this is in good shape. Some points:
Mutual cross-reference between the MAC and Bearer specs might help
people trying to decide what kind of OAuth token to use.
2.3
The parameter name "oauth_token" is already taken by OAuth 1.0 and
should NOT be re-used here. Suggest changing it to "oauth2_token". An
alternative is to go back to the original non-namespaced "access_token",
which I don't recommend.
4.2
The protected resource parameter registry doesn't make much sense as
specified, and seems to imply that all non-oauth PR parmeters would also
need to be registered here. Suggest removal of this.
4.3
The error registry needs to be removed from this draft and either placed
into the core spec or another extension capability should be defined.
Either way, this spec isn't the place for it.
-- Justin
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
