Hi,
I just had a question on best practice. In this document a large part of
the normative text is located under Security Considerations.
I had previously seen Security Considerations as things to think about when
implementing not so much as MUSTs and MUST NOTs.
I think it is okay to have it thi
Per working group feedback, the document now reflects the singular mission of
documenting OAuth Authorization Server Metadata as it is actually used in
practice. I believe that the document today accomplishes this mission and is
ready for publication.
-- Mike
-
Hi all,
earlier this month we issued a call for adoption of the OAuth security
topics draft, see draft-lodderstedt-oauth-security-topics-00, and the
response was quite positive on the list (as well as during the last f2f
meeting).
For this reason, we ask the authors to submit a WG version of the
Hi Denis,
thanks for your feedback regarding the scope.
The scope for this document is limited to the specifications we develop
in the IETF OAuth working group. OpenID Connect, UMA, or other
specifications need to be dealt with in other SDOs.
The document only represents a starting point for wor
Hi all,
after the working group last call of the "OAuth 2.0 for Native Apps"
document July last year (see
https://www.ietf.org/mail-archive/web/oauth/current/msg16534.html) I
had, as a shepherd, collected IPR confirmations (see
https://www.ietf.org/mail-archive/web/oauth/current/msg16672.html) and
Hi all,
it was roughly a year ago when we issued a working group last call on
draft-ietf-oauth-discovery, see
https://www.ietf.org/mail-archive/web/oauth/current/msg15796.html. Lots
of feedback resulted in a significant restructuring of the document.
The authors of the draft now believe it is rea
