Murray Kucherawy has entered the following ballot position for draft-ietf-oauth-access-token-jwt-12: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-access-token-jwt/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- My co-AD pretty much nailed it. I would go further and say that her comment about "Why is this only SHOULD?" applies to a lot of the SHOULDs in here. SHOULD presents a choice; why might an implementer reasonably not do any of the SHOULD things in here? For readability, I suggest that the three registrations packed into Section 7.2.1 be separated somehow, as right now they appear to be one continuous bullet list. Separate subsections would work, or even just a line of prose before each would suffice. The first half of the second paragraph of Section 6 seems much more like an interoperability issue than a privacy issue to me. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
