Am 25.11.19 um 23:02 schrieb Torsten Lodderstedt: > Parts of the text in section 4 capture discussions of potential solutions and > reasons why we decided in favor of a certain solution. I think this will be > useful in the future and it has already proven useful for me, e.g. in the > recent discussions around PoP vs audience restriction.
Then let's move these discussions to an appendix or a separate document. I have the feeling that some sections have too many "could"s, "might"s and "should"s for a normative document. Another point is that the alternative solutions that we are discussing often have not been analyzed as thoroughly as the recommended solutions (see, e.g., PKCE vs. Code-bound State vs. Token binding for Code). -Daniel
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
