Hi Justin, Thank you for your detailed review.
> §9+ this draft should add privacy considerations, particularly for BFF > pattern's proxy architecture.e I wanted to ask for a bit more context on this comment. I understand that having a proxy as a separate entity would expose all requests/responses to this entity. However, in the context of a BFF, the frontend and the BFF belong together (i.e., they are one application deployed as two components). The frontend and BFF are deployed and operated by the same party, so I’m not sure if this comment effectively applies. Looking forward to hearing from you. Philippe _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
