Mike, Phil, Aaron, The following is my shepherd review for OAuth 2.0 Protected Resource Metadata https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-05.html
*Comments/Questions* 5.4. Compatibility with other authentication methods Would this not open the door for potential downgrade attacks if the list of authentication methods include weaker methods? I think this should be discussed in the Security Consideration section. *Nits* Section 1, second sentence: “This specification is intentionally as parallel as possible …” It feels like there is a missing word after “intentionally”; maybe “designed”, “specified”? Regards, Rifaat
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
