Adam Roach has entered the following ballot position for draft-ietf-oauth-device-flow-12: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thanks to the authors for addressing my comments and half of my DISCUSS. This final issue appears to remain unaddressed: ยง3.1: > The client initiates the flow by requesting a set of verification > codes from the authorization server by making an HTTP "POST" request > to the device authorization endpoint. The client constructs the > request with the following parameters, encoded with the "application/ > x-www-form-urlencoded" content type: This document needs a normative citation for this media type. My suggestion would be to cite REC-html5-20141028 section 4.10.22.6, as this appears to be the most recent stable description of how to encode this media type. I'd love to hear rationale behind other citations being more appropriate, since I'm not entirely happy with the one I suggest above (given that it's been superseded by HTML 5.2); but every other plausible citation I can find is even less palatable (with HTML 5.2 itself having the drawback of not actually defining how to encode the media type, instead pointing to an unstable, unversioned document). _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth