This errata seems to be correct, an omission in the example that doesn't align
with the normative requirements.
From: RFC Errata System
Sent: Monday, June 3, 2024 1:30 PM
To: i...@justin.richer.org ; m...@microsoft.com
; ve7...@ve7jtb.com ;
maciej.machu...@gmail
The following errata report has been submitted for RFC7591,
"OAuth 2.0 Dynamic Client Registration Protocol".
--
You may review the report below and at:
https://www.rfc-editor.org/errata/eid7969
--
Type: Technical
Reported by
Internet-Draft draft-ietf-oauth-security-topics-29.txt is now available. It is
a work item of the Web Authorization Protocol (OAUTH) WG of the IETF.
Title: OAuth 2.0 Security Best Current Practice
Authors: Torsten Lodderstedt
John Bradley
Andrey Labunets
Sorry, I got confused with the section numbers.
We did initially have the order "updated threat model", "best
practices", and then "attacks and mitigations", but feedback the WG got
was that we should put the best practices front and center. That's why
we moved the best practices to section 2,
Internet-Draft draft-ietf-oauth-security-topics-28.txt is now available. It is
a work item of the Web Authorization Protocol (OAUTH) WG of the IETF.
Title: OAuth 2.0 Security Best Current Practice
Authors: Torsten Lodderstedt
John Bradley
Andrey Labunets
Thank you for the feedback!
I would like to keep the order as it is. Section 2 is short, but
explains a bit on the background why certain requirements were not
contained in RFC6749 and RFC6819, but are now best practices described
in Section 3.
-Daniel
Am 14.05.24 um 16:15 schrieb Éric Vync
Thank you, this will be addressed in the next version I'll release in a
few minutes.
-Daniel
Am 14.05.24 um 17:49 schrieb Zaheduzzaman Sarker via Datatracker:
Zaheduzzaman Sarker has entered the following ballot position for
draft-ietf-oauth-security-topics-27: No Objection
When responding, p
