Murray Kucherawy has entered the following ballot position for draft-ietf-oauth-par-08: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-par/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I concur with Ben and Zahed that RFC 6749 should be listed as a normative reference. Section 1: * "The impact of which can be ..." -- s/which/this/ * "personal identifiable information" -- s/personal/personally/ * In the final paragraph, since you quote "POST", you should quote "GET" as well. Section 7.2: * "An attacker could try register ..." -- s/try/try to/ In Section 7.3, I think that SHOULD ought to be a MUST. Is there a good reason not to do what it says? The field names in Section 10.2 don't match the field names in the registry. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
