Thank you, you're absolutely correct. I've updated a few uses of that to something hopefully more accurate. There are a few more uses of "DOM" still and I would love someone who has more experience with browsers than me to review those for accuracy as well! Thanks!
Latest editor's draft: https://drafts.oauth.net/oauth-browser-based-apps/draft-ietf-oauth-browser-based-apps.html Aaron On Wed, Dec 7, 2022 at 12:52 AM Thomas Broyer <t.bro...@gmail.com> wrote: > > > On Wed, Dec 7, 2022 at 1:07 AM Aaron Parecki <aaron= > 40parecki....@dmarc.ietf.org> wrote: > >> Hi all, >> >> I just published a revised version of OAuth for Browser-Based Apps based >> on the feedback and discussion at IETF 115 London! >> >> >> https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-12.html >> >> The primary changes are: >> >> * Rephrased the architecture patterns to focus on token acquisition >> > > Terminology-wise, the phrasing "code executed in the DOM" is not correct: > the DOM is an API for manipulating the document. This should rather be > "code executed in a browsing context" or possibly "code executed in a > document context" (or just "in a document"?), as opposed to a "worker > context" or service worker. > > Anyway, thanks for that work. I'm only using the drafts as reference in > architecture discussions and am looking forward to this turning into an RFC. > -- > Thomas Broyer > /tɔ.ma.bʁwa.je/ <http://xn--nna.ma.xn--bwa-xxb.je/> >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
