subject:"\[OAUTH\-WG\] AD Review\: draft\-ietf\-oauth\-token\-exchange\-09"

Re: [OAUTH-WG] AD Review: draft-ietf-oauth-token-exchange-09

2018-01-19 Thread Brian Campbell

edback. > > > >-- Mike > > > > *From:* OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *Eric Rescorla > *Sent:* Friday, December 29, 2017 8:41 AM > *To:* oauth@ietf.org; draft-ietf-oauth-token-excha...@tools.ietf.org > *Subject:* [OAUTH-WG] AD Rev

Re: [OAUTH-WG] AD Review: draft-ietf-oauth-token-exchange-09

2017-12-29 Thread Mike Jones

; draft-ietf-oauth-token-excha...@tools.ietf.org Subject: [OAUTH-WG] AD Review: draft-ietf-oauth-token-exchange-09 Full-featured review at: https://mozphab-ietf.devsvcdev.mozaws.net/D4278 As noted in inline comments, some additional words about the security model in which this document is embedded

[OAUTH-WG] AD Review: draft-ietf-oauth-token-exchange-09

2017-12-29 Thread Eric Rescorla

Full-featured review at: https://mozphab-ietf.devsvcdev.mozaws.net/D4278 As noted in inline comments, some additional words about the security model in which this document is embedded seem like they are needed. In particular, it's pretty unclear to me what checks the STS is supposed to do on a giv