Hi, I'm surprised there've been no responses. I thought there was more interest in this one.
Ta, S. On 04/09/2013 06:27 PM, Stephen Farrell wrote: > > Hi, > > I've done my AD review of this draft. I have two quick questions > I'd like to get answered before I start IETF LC. Depending on the > answers maybe we should re-spin or just fire ahead, let's see... > > (1) 2.1: "upon the return of the request" isn't right is it? I > think you mean the response at least. And what about HTTP error > handling? What if I get a 503 error? Is the client supposed > to re-send ever? Don't you need to say? > > (2) 2.2: what's in the response body with a 200 response? If it > doesn't matter please say so. > > I see from the write-up one author hasn't confirmed there are > no IPR issues. I've sent a Marius a mail so hopefully we > can sort that as we go. > > I also have the following nits that can be fixed (if need > be) whenever the draft is next changed: > > - intro: "app" isn't really a great term to use, can you replace > with something from 6479. > > - section 2: the "MAY include a query component" is sort of > dangling there, maybe it'd be better moved elsewhere? > > - section 2: "MUST be obtained from a trustworthy source." might > generate comment from IESG members who don't like using 2119 > terms in ways that don't affect interoperability. (I'm fine with > it fwiw, and have nearly cured 'em of that craze;-) Consider > s/MUST/need to/ here. > > - 2.1: ought there be a registry for token_type_hint values? It > looks like maybe there ought be. > > - 2.1: "A client compliant with [RFC6749] must be prepared" was > that meant to be a 2119 MUST? > > - section 6: maybe s/shall/need to/ in the last para > > Cheers, > S. > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
