Document: draft-ietf-oauth-cross-device-security Title: Cross-Device Flows: Security Best Current Practice Reviewer: Bing Liu Review result: Has Nits
Hi Dear authors, I'm assigned to review draft-ietf-oauth-cross-device-security-13 by OPSDir. # General status: Ready with Nits# I read the latest -13 version, the draft contains very clear explanation of the cross-device flow patterns and relevant exploits analysis, and the examples are very practical and easy for readers to understand. I believe it is ready with a couple of nits as the following. # Small writing nits: 1) In section 1.1, s/ there is no technical mechanisms/there are no technical mechanisms 2) Also section 1.1, s/Authorization device/Authorization Device (capital character issue) 3) In Section 1.1 and Section 6.2.1.2, the reference of Exploit 1 to Exploit 6 both appears as a “trunck”, maybe they need to have more concrete citing? # Suggestions on chapter organization 1) The sub-sections in Section 3 and 4 are mostly aligned. But it is not very convenient for readers to read one Cross-Device Flow Pattern in Section 3 and then jump to the relevant Cross-Device Flow Exploit in Section 4. Would it be much easier to read if the content of Section 4 be integrated into Section 3? 2) The examples in Section 3/4 seem a bit random. If these are very typical/common examples that could cover many/most of the application scenarios, then it’s good. If not, maybe consider to move them into an Appendix chapter. Best regards, Bing _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
