The following errata report has been submitted for RFC7591, "OAuth 2.0 Dynamic Client Registration Protocol".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7782 -------------------------------------- Type: Technical Reported by: Tim Würtele <tim.wuert...@sec.uni-stuttgart.de> Section: 3.2.1 Original Text ------------- client_id REQUIRED. OAuth 2.0 client identifier string. It SHOULD NOT be currently valid for any other registered client, though an authorization server MAY issue the same client identifier to multiple instances of a registered client at its discretion. Corrected Text -------------- client_id REQUIRED. OAuth 2.0 client identifier string. It MUST NOT be currently valid for any other registered client, though an authorization server MAY issue the same client identifier to multiple instances of a registered client at its discretion. Notes ----- Allowing the same client_id for multiple clients is a contradiction to: 1. This document, Section 1.3, (D), 2nd bullet point: "a client identifier that is unique at the server" 2. This document, Section 3.1: "The authorization server assigns this client a unique client identifier" 3. (normative reference) RFC 6749, Section 2.2: "The authorization server issues the registered client a client identifier -- a unique string representing the registration information provided by the client. [...] The client identifier is unique to the authorization server." 4. (non-normative reference) OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2, Section 2: "Clients have metadata associated with their unique Client Identifier at the Authorization Server."; Section 3.1: "The Authorization Server assigns this Client a unique Client Identifier"; Section 3.2: "client_id REQUIRED. Unique Client Identifier. It MUST NOT be currently valid for any other registered Client. " Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC7591 (draft-ietf-oauth-dyn-reg-30) -------------------------------------- Title : OAuth 2.0 Dynamic Client Registration Protocol Publication Date : July 2015 Author(s) : J. Richer, Ed., M. Jones, J. Bradley, M. Machulak, P. Hunt Category : PROPOSED STANDARD Source : Web Authorization Protocol Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
