Éric Vyncke has entered the following ballot position for draft-ietf-oauth-dpop-14: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for the work put into this document. Please find below some non-blocking COMMENT points, and some nits. Special thanks to Rifaat Shekh-Yusef for the shepherd's detailed write-up including the WG consensus (and the author count) even if the justification of the intended status is rather light. I hope that this review helps to improve the document, Regards, -éric # COMMENTS (non blocking) ## Section 1 Should there be a reference to OAuth ? s/The mechanism described herein /The mechanism specified herein / ? as it is proposed standard Adding a short description of SPA would be useful, or simply remove this reference ? # NITS (non blocking / cosmetic) ## Section 2 ` Properly audience restricting access tokens can prevent such misuse` is difficult to parse ## Section 4.1 s/repeated below for ease of reference/repeated below in figure 3 for ease of reference/ ? ## Section 4.2 s/MUST NOT be none or an identifier for a symmetric algorithm (MAC)/MUST NOT be 'none' or an identifier for a symmetric algorithm/ ## Section 6.1 `JSON Web Tokens (JWT)` the JWT acronym has already been defined. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
