Hi Johan,
thanks for your proposal. I’m not sure whether it should go to 3.7.1.4. The
reason audience restriction turns up as a subsection of 3.7 is our document is
organized by attacks instead of security controls. I could image to add a
section on audience/action restriction as sub section of
Hi Doug,
Am 22.05.18 um 07:48 schrieb McDorman, Doug:
I attached 2 diffs which should help highlight the changes.
thanks, that helped a lot!
To summarize:
Added 1.1. Notational Conventions
Section 3.1.1. Attacks on Authorization Code Grant
FROM
control, say "https://www.evil.com";.
TO
co
