On 10/15/14 6:06 PM, Brian Campbell wrote:
Thanks for your review and feedback, Pete. Replies are inline below...
Thanks for addressing the comments, including Barry's followup. Just on
the questions:
On Tue, Oct 14, 2014 at 2:42 PM, Pete Resnick
<presn...@qti.qualcomm.com <mailto:presn...@qti.qualcomm.com>> wrote:
scope
[...]
As such, the
requested scope MUST be equal or lesser than the scope
originally
granted to the authorized accessor.
s/MUST/will (unless you explain whether it's the server or the client
that's supposed to be obeying that MUST, and for what reason)
They are both supposed to obey it - the client shouldn't ask for more
and the server will reject the request, if it does.
Is "will" more appropriate than "MUST" here? Or maybe a non 2119 "should"?
Ah, so you're saying that a client could conceivably (either purposely
or accidentally) try to sneak through a larger scope than it should, and
the client MUST NOT do that, and the server MUST reject if it gets one.
OK, that makes sense. (I do tend to like active MUSTs -- the foo MUST do
X or the bar MUST NOT do Y -- but this is probably OK as is.)
Here and throughout: s/non-normative example/example (As far as I
know,
there are no other kinds in IETF documents.)
I thought I picked that language up from some other draft or RFC but
I'm now not sure where it came from and can't easily find other
examples of the same thing. So I am happy to remove the
"non-normative" throughout, if it is already understood and/or not
customary to say so.
Yeah, we've seen other RFCs with such language. I've whined about it in
the past. Some authors roll their eyes at me. You are welcome to roll
your eyes if you like, but I find such text silly. :-)
Thanks for the rest of the planned changes. Looks good.
pr
--
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
