Hi all, Am 18.12.18 um 19:14 schrieb Torsten Lodderstedt: > Hi Hannes, > > while I think the current text needs some substantial work, I support the > adoption of this draft as a working group document. I also think we need to > carefully define the boundaries between the Security BCP and the SPA BCP in > order to prevent unnecessary duplications and inconsistencies.
+1 > General remark: I would suggest to restructure section 6 to describe the > potential architectures this BCP has in mind. From my perspective these are: > - "pure" SPA > - SPA w/ backend > - SPA w/o OAuth (as fallback) This distinction is very important and should not be discussed in Section 6, but in the beginning of the document. -Daniel
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
