Could we make Mishra's suggestion simpler? Example: For public clients using implicit flows, this specification does not provide any method for the client to determine that an access token was issued to its current instance.
I'm not sure if it is explicit enough, neither convinced about "instance" (maybe "session"?) but it seems more in line with the rest of the specification's wording. Thank you for the clarification, Eriksen On Tue, Feb 4, 2014 at 4:56 PM, Bill Mills <wmills_92...@yahoo.com> wrote: > Agreed. > > > On Tuesday, February 4, 2014 8:17 AM, Dick Hardt <dick.ha...@gmail.com> > wrote: > This change is appropriate and reflects the intent of the statement. > > > On Tue, Feb 4, 2014 at 8:13 AM, RFC Errata System < > rfc-edi...@rfc-editor.org> wrote: > > The following errata report has been submitted for RFC6749, > "The OAuth 2.0 Authorization Framework". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=3880 > > -------------------------------------- > Type: Technical > Reported by: Eriksen Costa <eriksenco...@gmail.com> > > Section: 10.16 > > Original Text > ------------- > For public clients using implicit flows, this specification does not > provide any method for the client to determine what client an access > token was issued to. > > Corrected Text > -------------- > For public clients using implicit flows, this specification does not > provide any method for the authorization server to determine what > client an access token was issued to. > > Notes > ----- > A client can only know about tokens issued to it and not for other clients. > > Instructions: > ------------- > This errata is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC6749 (draft-ietf-oauth-v2-31) > -------------------------------------- > Title : The OAuth 2.0 Authorization Framework > Publication Date : October 2012 > Author(s) : D. Hardt, Ed. > Category : PROPOSED STANDARD > Source : Web Authorization Protocol > Area : Security > Stream : IETF > Verifying Party : IESG > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > > -- Blog: http://blog.eriksen.com.br Twitter: @eriksencosta
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
