Thanks for your edits Thomas! I've merged the PR. As for your BCP question, I am not totally certain about the implications of including it in BCP212, or whether it should be part of the new BCP240, or an entirely new BCP. I tried finding details about this in the various process RFCs/BCPs but I can't find an explanation.
I've noted your comment about the "scenario" language as issue #68 to follow up on later. Thanks! Aaron On Sun, Jan 26, 2025 at 7:14 AM Thomas Fossati via Datatracker < nore...@ietf.org> wrote: > Reviewer: Thomas Fossati > Review result: Ready with Nits > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://wiki.ietf.org/en/group/gen/GenArtFAQ>. > > Document: draft-ietf-oauth-browser-based-apps-22 > Reviewer: Thomas Fossati > Review Date: 2025-01-26 > IETF LC End Date: 2025-02-04 > IESG Telechat date: Not scheduled for a telechat > > Summary: > > This is a BCP for browser-based apps that use OAuth 2.0. > It's a companion to BCP212, which contains similar recommendations for > OAuth 2.0 native apps. > > This document is very clearly written, exhaustive, and well-organised. > From a Gen-ART perspective, it's ready to ship. > Many thanks to the editors and the oauth WG. > > One question for the editors and WG regarding the BCP status: is > this doc going into BCP212 or does it get its own BCP number? > > Major issues: none > > Minor issues: none > > Nits/editorial comments: > > One editorial nit regarding the use of the term "scenario" in sentences > like: > > "scenarios that attackers can use" > "[...] scenarios that an attacker can execute" > > To my (non-native) ears, to "use/execute a scenario" sounds a bit > weird :-) Maybe "attack _strategies_ that an attacker can _exploit_"? > > Apart from that, I have packed a bunch of small fixes into a PR [1]. > > [1] https://github.com/oauth-wg/oauth-browser-based-apps/pull/65 > > > > >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
