Éric Vyncke has entered the following ballot position for draft-ietf-oauth-browser-based-apps-24: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-browser-based-apps/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # Éric Vyncke, INT AD, comments for draft-ietf-oauth-browser-based-apps-24 CC @evyncke Thank you for the work put into this document. The text is interesting and quite educational. Thanks also for using SVG graphics, so nicer figures! Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education). Special thanks to Rifaat Shekh-Yusef for the shepherd's write-up including the WG consensus and some justification of the intended status. I hope that this review helps to improve the document, Regards, -éric ## COMMENTS (non-blocking) ### As curious as Erik Kline I am eager to read the authors/WG reply to Erik Kline's comment on section 6.2 as indeed the IP address*ES* can change a lot: multi-interfaces, multiple IPv6 addresses per interface, happy eyeball switching from v4 to v6, ... ### Section 3 `this document uses the term "JavaScript" to refer to all mechanisms ` is rather an abuse of language... Anyway, if I am the only one to complain, then ignore this comment. ### Section 5 While interesting, aren't this section lead paragraphs applicable to any "Javascript" page ? ### Section 6.1 It seems that this section goes in way more details/depth than sections 6.2 and 6.3. Is there a reason for this ? e.g., more complex or more deployed ? (just curious) ### Section 6.1.3.2 Should there be more explanation about __Host ? I.e., w/o referring to the normative reference, it is unclear whether it is the fixed constant string or a FQDN ;-) _______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
