Thanks Yaron,
Some responses in-line.
> On 23 Apr 2018, at 15:57, Yaron Sheffer wrote:
>
> Hi Neil,
>
> Thank you again for your review and the follow up. Please see my comments
> in-line.
>
> Yaron
>
>> Hi Mike,
>> I sent this originally back in June last year, I can see some of the
Hi Neil,
Thank you again for your review and the follow up. Please see my
comments in-line.
Yaron
Hi Mike,
I sent this originally back in June last year, I can see some of these points
have been addressed in -01, but not others, so I will include further comments
in-line below.
Hi Mike,
I sent this originally back in June last year, I can see some of these points
have been addressed in -01, but not others, so I will include further comments
in-line below. (Apologies if I missed replies - I’ve realised a few messages
from this WG have ended up in my spam folder).
As a
draft-sheffer-oauth-jwt-bcp-01 has been issued, butnone of the co-author
has responded to my comments.
These comments are copied below.
Both topics mentionned below have been presented and discussed during
the OAuth workshop in Zürich on July the 13 th.
Denis
Comments on draft-sheffer-oa
Comments on draft-sheffer-oauth-jwt-bcp-00
1. Section 2 lists 7 known and possible threats and vulnerabilities with
JWT implementations and deployments.
In the OAuth Threat Model Document (RFC 6819) collusions between users
located inside of a system are not mentioned
but nevertheless need to b
I originally set this message just to the BCP authors. As requested by Mike
Jones, I am sending it here too:
Hi,
I've just seen this draft best-practice guide for JWTs pop up. I have a number
of suggestions for improvements. Mostly, I think the advice is good but should
be spelt out a bit more
