Agreed on general guidance, will try to draft the text. Should I post it here first or go straight to GitHub?
On Wed, Nov 16, 2022 at 1:49 PM Brian Campbell <bcampbell= 40pingidentity....@dmarc.ietf.org> wrote: > > > On Mon, Nov 14, 2022 at 5:18 PM Dmitry Telegin <dmitryt= > 40backbase....@dmarc.ietf.org> wrote: > >> >> To sum up, my idea is that in cases when we can unambiguously establish >> the scheme used, we should include error info into the corresponding >> challenge only. In cases of ambiguity, both challenges should be used to >> deliver error info. If this make sense, could it be worth covering this >> topic in the spec? >> > > Is there some text you could propose that offers guidance along those > lines? Probably to go in sec 7.2, which is where multiple authentication > schemes are mentioned. Your idea seems like a generally appropriate > approach. I don't believe there's necessarily a right or wrong though. Some > general guidance could be helpful but I'd be hesitant about going further. > > > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.*
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
