Hi, Can I get an eta for responses to my comments? I had assumed there was some urgency, but I recognize the meeting tends to disrupt things for a minute or two. The good news is that we are probably only looking at a 2 week IETF Last Call.
Deb On Wed, Mar 11, 2026 at 11:28 AM Deb Cooley <[email protected]> wrote: > Hi, > > Below is a complete set of my comments on this draft (I've pestered the > authors about a couple of early comments raised by idnits already). > > idnits v3 (experimental) raised three issues, one of them is legit, one is > borderline, and the last is clearly in error: > - idnits points out that it is preferred if BCP 14 is referenced. If you > need me to find you an example of how to do this, I can. > > - RFCs to be updated are not in the Abstract. > > - the third entry here is clearly in error. Mea Culpa. (about open.org > in the references) > > Section 1: (improve clarity) The token identifies the recipient? via an > audience value(s)? If that is correct, then maybe the second sentence > could be something like 'These tokens, which identify the recipient, > contain an audience value(s). s/aud/'aud' (or something to make it obvious > that this is a field name). > > Section 3, replacing text: I'm not sure the parenthetical for Section 2.2 > (The authors re not actually aware....)adds much. I would remove it. > > Section 4 a. and b.: Just to be sure I understand... for an authorization > grant the audience can be the token endpoint URL (and nothing else), but > for client authentication, the 'aud' claim value must not be the token > endpoint URL (it has to be the issuer identifier). Assuming that audience = > aud (audience) claim value. [I have no judgement on this, just being sure > this is what you intended to say.] > > Section 7.1.1, contact information: I believe we can use oauth for this > contact (vice a person). This is the authors' preference. > > > The publication window opens on Monday, hopefully it is fine to wait until > then. Once these are addressed, I will put the draft into IETF Last Call > (3 weeks because of IETF 125). > > Thanks for your patience, > Deb > > > >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
