> Corrected Text > -------------- > Resource owners cannot revoke access to an individual third party without > revoking access > to all third parties, and must do so by changing their password. > > Notes > ----- > The text was originally "their" but changed to "the third party's" between > the last draft and RFC. > However, "their" means "resource owners'", not "the third party's".
Yes, this appears to be a change the RFC Editor made that the authors didn't notice in AUTH48. But the RFC Editor change it from "their" because "their" wasn't clear. Changing it back to "their" won't help that. I suggest editing the corrected text to "by changing the resource owner's password" before marking this as Verified. Barry _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
