The PR https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/45 is intended to address these shepherd review comments. Please review.
Thanks, -- Mike From: Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com> Sent: Thursday, July 4, 2024 5:30 AM To: oauth <oauth@ietf.org> Subject: [OAUTH-WG] Shepherd Review for OAuth 2.0 Protected Resource Metadata draft Mike, Phil, Aaron, The following is my shepherd review for OAuth 2.0 Protected Resource Metadata https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-05.html Comments/Questions 5.4. Compatibility with other authentication methods Would this not open the door for potential downgrade attacks if the list of authentication methods include weaker methods? I think this should be discussed in the Security Consideration section. Nits Section 1, second sentence: "This specification is intentionally as parallel as possible ..." It feels like there is a missing word after "intentionally"; maybe "designed", "specified"? Regards, Rifaat
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org