I am not aware of any IPRs associated with this document.
Philippe
> On 19 Dec 2024, at 20:56, Rifaat Shekh-Yusef wrote:
>
>
> As part of the shepherd write-up, all authors of the OAuth 2.0 for
> Browser-Based Applications draft must confirm that any and all appropriate
> IPR disclosures req
On Tue, Dec 17, 2024, 1:59 PM Joseph Heenan wrote:
>
> Hi Watson
>
> Just to respond to the suggested text:
>
> >
> > "When disclosures include information easily understood to be
> > identifying, users intuitive view of what they are revealing largely
> > matches the underlying technical reality.
I am not aware of any IPRs associated with this document.
Aaron
On Thu, Dec 19, 2024 at 11:58 AM Rifaat Shekh-Yusef
wrote:
>
> As part of the shepherd write-up, all authors of the *OAuth 2.0 for
> Browser-Based Applications *draft must confirm that any and all
> appropriate *IPR disclosures* re
As part of the shepherd write-up, all authors of the *OAuth 2.0 for
Browser-Based Applications *draft must confirm that any and all
appropriate *IPR
disclosures* required for full conformance with the provisions of BCP 78
and BCP 79 have been disclosed.
https://datatracker.ietf.org/doc/draft-ietf-o
Hi Philippe, Aaron,
Few comments on the references:
It looks like you have two unused references: RFC5116 and RFC9207.
Please, remove them if they are no longer needed.
I think the following references should be moved to the normative reference
section:
*RFC8707*
Section 9.1 has the following
Another concern I have with this is that it is an *individual* draft, and
not a WG adopted draft.
We do not want people to get into the habit of taking individual drafts
seriously before they are adopted by a WG, regardless of the quality of
this specific document.
Regards,
Rifaat
On Thu, Dec
Brian, as a co-author of the mentioned TMI-BFF draft, do you have an
opinion on whether this draft should mention it inline as is currently in
the doc, or whether we should remove the paragraph and mark the TMI-BFF
draft as replaced by the Browser BCP?
Aaron
On Thu, Dec 19, 2024 at 6:11 AM Rifaat
Picking in on one item:
>> Section 6.1.3.2
>> “
>> • The BFF SHOULD enable the SameSite=Strict flag for its cookies
>> • The BFF SHOULD set its cookie path to /
>> • The BFF SHOULD NOT set the Domain attribute for cookies
>> • The BFF SHOULD start the name of its cookies with the __Host- prefix
Thanks Aaron and Philippe!
See a few replies below.
Regards,
Rifaat
On Wed, Dec 18, 2024 at 4:08 PM Aaron Parecki wrote:
> Hi all, the authors have published a new draft of the Browser-Based Apps
> BCP addressing Rifaat's comments from the shepherd writeup. Notes on the
> individual points a
