The PR https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/45 
is intended to address these shepherd review comments.  Please review.

                                                                Thanks,
                                                                -- Mike

From: Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com>
Sent: Thursday, July 4, 2024 5:30 AM
To: oauth <oauth@ietf.org>
Subject: [OAUTH-WG] Shepherd Review for OAuth 2.0 Protected Resource Metadata 
draft

Mike, Phil, Aaron,

The following is my shepherd review for OAuth 2.0 Protected Resource Metadata
https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-05.html

Comments/Questions

5.4. Compatibility with other authentication methods

Would this not open the door for potential downgrade attacks if the list of 
authentication methods include weaker methods?
I think this should be discussed in the Security Consideration section.


Nits

Section 1, second sentence:
"This specification is intentionally as parallel as possible ..."
It feels like there is a missing word after "intentionally"; maybe "designed", 
"specified"?
Regards,
 Rifaat

_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

Reply via email to