Hello, I just read through draft-ietf-oauth-jwt-bearer-09 and it looks good. The only question/comment I have is that I don't see any mention of privacy considerations in the referenced security sections. COuld you add something? It is easily addressed by section 10.8 of RFC6749, but there is no mention of privacy considerations. I'm sure folks could generate great stories about who accessing what causing privacy considerations to be important.
Thanks & have a nice weekend! -- Best regards, Kathleen
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth