Thanks for the review and ballot Éric. I've replied inline below and put together this PR with corresponding edits: https://github.com/danielfett/draft-dpop/pull/182/files
On Mon, Apr 10, 2023 at 11:45 PM Éric Vyncke via Datatracker < nore...@ietf.org> wrote: > Éric Vyncke has entered the following ballot position for > draft-ietf-oauth-dpop-14: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > Thank you for the work put into this document. > > Please find below some non-blocking COMMENT points, and some nits. > > Special thanks to Rifaat Shekh-Yusef for the shepherd's detailed write-up > including the WG consensus (and the author count) even if the > justification of > the intended status is rather light. > > I hope that this review helps to improve the document, > > Regards, > > -éric > > # COMMENTS (non blocking) > > ## Section 1 > > Should there be a reference to OAuth ? > Sure, we'll add a RFC6749 reference with OAuth in that first sentence in Section 1. > > s/The mechanism described herein /The mechanism specified herein / ? as it > is > proposed standard > Makes sense. We'll update. > > Adding a short description of SPA would be useful, or simply remove this > reference ? > I'll try to rephrase that sentence somewhat to be more descriptive. # NITS (non blocking / cosmetic) > > ## Section 2 > > ` Properly audience restricting access tokens can prevent such misuse` is > difficult to parse > I'll try to tighten it up. > ## Section 4.1 > > s/repeated below for ease of reference/repeated below in figure 3 for ease > of > reference/ ? > Sure, I'll change to ref figure 3. > > ## Section 4.2 > > s/MUST NOT be none or an identifier for a symmetric algorithm (MAC)/MUST > NOT be > 'none' or an identifier for a symmetric algorithm/ > "none" is wrapped in a <code></code> tag in the HTML/HTMLized versions of the draft, which is consistent with treatment of other JWS algorithm literals in the document. > > ## Section 6.1 > > `JSON Web Tokens (JWT)` the JWT acronym has already been defined. > Good point. I'll just use the acronym there. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
