The PR https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/45
is intended to address these shepherd review comments. Please review.
Thanks,
-- Mike
From: Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com>
Sent: Thursday, July 4, 2024 5:30 AM
To: oauth <oauth@ietf.org>
Subject: [OAUTH-WG] Shepherd Review for OAuth 2.0 Protected Resource Metadata
draft
Mike, Phil, Aaron,
The following is my shepherd review for OAuth 2.0 Protected Resource Metadata
https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-05.html
Comments/Questions
5.4. Compatibility with other authentication methods
Would this not open the door for potential downgrade attacks if the list of
authentication methods include weaker methods?
I think this should be discussed in the Security Consideration section.
Nits
Section 1, second sentence:
"This specification is intentionally as parallel as possible ..."
It feels like there is a missing word after "intentionally"; maybe "designed",
"specified"?
Regards,
Rifaat
_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org
