Barry Leiba <barryle...@computer.org> writes:
>> Corrected Text
>> --------------
>> Resource owners cannot revoke access to an individual third party without
>> revoking access
>> to all third parties, and must do so by changing their password.
>>
>> Notes
>> -----
>> The text was originally "their" but changed to "the third party's" between
>> the last draft and RFC.
>> However, "their" means "resource owners'", not "the third party's".
>
> Yes, this appears to be a change the RFC Editor made that the authors
> didn't notice in AUTH48. But the RFC Editor change it from "their"
> because "their" wasn't clear. Changing it back to "their" won't help
> that. I suggest editing the corrected text to "by changing the
> resource owner's password" before marking this as Verified.
Yep, I suggested that same change in a private email to Stephen, so I
would prefer this modification.
> Barry
-derek
--
Derek Atkins 617-623-3745
de...@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
