Hi Eric,
we addressed your comments in -15 which we just uploaded:
https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-15.html
-Daniel
Am 11.04.23 um 17:05 schrieb Eric Vyncke (evyncke):
Thank you, Brian, for your prompt reply and the PR.
Your point about the tags around "none" is well taken.
Regards
-éric
*From: *Brian Campbell <bcampb...@pingidentity.com>
*Date: *Tuesday, 11 April 2023 at 16:11
*To: *Eric Vyncke <evyn...@cisco.com>
*Cc: *The IESG <i...@ietf.org>, "draft-ietf-oauth-d...@ietf.org"
<draft-ietf-oauth-d...@ietf.org>, "oauth-cha...@ietf.org"
<oauth-cha...@ietf.org>, "oauth@ietf.org" <oauth@ietf.org>,
"rifaat.s.i...@gmail.com" <rifaat.s.i...@gmail.com>
*Subject: *Re: Éric Vyncke's No Objection on draft-ietf-oauth-dpop-14:
(with COMMENT)
Thanks for the review and ballot Éric. I've replied inline below and
put together this PR with corresponding edits:
https://github.com/danielfett/draft-dpop/pull/182/files
On Mon, Apr 10, 2023 at 11:45 PM Éric Vyncke via Datatracker
<nore...@ietf.org> wrote:
Éric Vyncke has entered the following ballot position for
draft-ietf-oauth-dpop-14: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut
this
introductory paragraph, however.)
Please refer to
https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT
positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Thank you for the work put into this document.
Please find below some non-blocking COMMENT points, and some nits.
Special thanks to Rifaat Shekh-Yusef for the shepherd's detailed
write-up
including the WG consensus (and the author count) even if the
justification of
the intended status is rather light.
I hope that this review helps to improve the document,
Regards,
-éric
# COMMENTS (non blocking)
## Section 1
Should there be a reference to OAuth ?
Sure, we'll add a RFC6749 reference with OAuth in that first sentence
in Section 1.
s/The mechanism described herein /The mechanism specified herein /
? as it is
proposed standard
Makes sense. We'll update.
Adding a short description of SPA would be useful, or simply
remove this
reference ?
I'll try to rephrase that sentence somewhat to be more descriptive.
# NITS (non blocking / cosmetic)
## Section 2
` Properly audience restricting access tokens can prevent such
misuse` is
difficult to parse
I'll try to tighten it up.
## Section 4.1
s/repeated below for ease of reference/repeated below in figure 3
for ease of
reference/ ?
Sure, I'll change to ref figure 3.
## Section 4.2
s/MUST NOT be none or an identifier for a symmetric algorithm
(MAC)/MUST NOT be
'none' or an identifier for a symmetric algorithm/
"none" is wrapped in a <code></code> tag in the HTML/HTMLized
versions of the draft, which is consistent with treatment of other JWS
algorithm literals in the document.
## Section 6.1
`JSON Web Tokens (JWT)` the JWT acronym has already been defined.
Good point. I'll just use the acronym there.
*/CONFIDENTIALITY NOTICE: This email may contain confidential and
privileged material for the sole use of the intended recipient(s). Any
review, use, distribution or disclosure by others is strictly
prohibited. If you have received this communication in error, please
notify the sender immediately by e-mail and delete the message and any
file attachments from your computer. Thank you./*
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth