Stephen Farrell has entered the following ballot position for draft-ietf-oauth-amr-values-07: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-amr-values/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for clarifying that amr represents classes of auth methods and not (always) individual methods, that all makes more sense now;-) I think you might usefully add the phrase "classes of" (or similar) to the draft in a few places to help folks understand that, in particular, I spotted two places where I think something like that'd be good: 1. in the definition, I'd suggest: OLD: amr OPTIONAL. Authentication Methods References. JSON array of strings that are identifiers for authentication methods used in the authentication. NEW: amr OPTIONAL. Authentication Methods References. JSON array of strings that are identifiers for classes of authentication methods used in the authentication. 2. In the IANA considerations and DE guidance, maybe make the name of the new registry reflect that these are classes, in case someone gets confused only having looked at the IANA pages without reading the RFC, and perhaps point the DE guidance back to the top bit where you explain this stuff and add "classes of" in a few places in the template to save the DEs having to explain that over and over to people who just copy templates. Thanks, S. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth