I submitted a new draft (well two, I forgot one change in -14). Open issues are marked with [[ Pending Consensus ]] are considered unsafe to implement.
Changes: * Many minor editorial changes. * Expanded abstract. * Added note to intro about this being an HTTP-specific protocol. * Additional references to 2616. * Expanded introduction to authorization grant (1.4). * Clarified implicit grant name choice (1.4.2). * Added information about the required 'response_type' parameter in 2.1. * Added restriction not to repeat any request or response parameters. * Changed the authorization endpoint to always require TLS (-15). * Clarified the special case of unauthenticated client (3). * Explicitly defined scope values are case sensitive. * Added (pending consensus) the ability to put HTTP codes in error response parameters. * Erased note about 'same origin policy' in introduction to Implicit grant (4.2). * Removed editorial comment about the need for internationalization of username and password parameters. * Added error code extensibility and registry (pending consensus). * Adjusted registries process to match RFC5988. * Changed 'Contributors' section to 'Acknowledgements' and added full credit dating back to OAuth 1.0. * Added 'Editor's notes' section. Please review the draft and submit comments to the list. There is no current deadline as we are pending the first draft of the security consideration section before publishing another draft. EHL _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
