Karsten, Daniel, Can you please address my comments in a new version of the draft to allow me to progress it?
Regards, Rifaat On Mon, Sep 6, 2021 at 6:50 AM Karsten Meyer zu Selhausen < karsten.meyerzuselhau...@hackmanit.de> wrote: > Hi Rifaat, > > thank you for the shepherd's review. > > Those are valid comments. We will have a second look on this paragraph. > > Best regards, > Karsten > On 04.09.2021 16:20, Rifaat Shekh-Yusef wrote: > > Hi Karsten, Daniel, > > As the document shepherd, I have reviewed the document and I have the > following comments on draft-ietf-oauth-iss-auth-resp-01 version: > > > Section 2.4, paragraph 3, first sentence: > > "If clients interact with both authorization servers supporting this > specification and authorization servers not supporting this > specification, clients SHOULD store the information which > authorization server supports the "iss" parameter." > > Why is this a SHOULD? > > > "Clients MUST > reject authorization responses without the "iss" parameter from > authorization servers which do support the parameter according to the > client's configuration." > > What should the client do when it receives a response with "iss" parameter > from an authorization server that did not indicate its support for this > parameter? > > > Section 7 > > RFC6479 should be replaced with *RFC6749* > > > Regards, > Rifaat > > _______________________________________________ > OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth > > -- > Karsten Meyer zu Selhausen > Senior IT Security Consultant > Phone: +49 (0)234 / 54456499 > Web: https://hackmanit.de | IT Security Consulting, Penetration Testing, > Security Training > > Is your OAuth or OpenID Connect application vulnerable to mix-up attacks? > Find out more on our > blog:https://www.hackmanit.de/en/blog-en/132-how-to-protect-your-oauth-client-against-mix-up-attacks > > Hackmanit GmbH > Universitätsstraße 60 (Exzenterhaus) > 44789 Bochum > > Registergericht: Amtsgericht Bochum, HRB 14896 > Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. > Christian Mainka, Prof. Dr. Marcus Niemietz > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
