Hi Scott,
Feedback inline.
Am 02.02.23 um 13:56 schrieb Hollenbeck, Scott:
Also the "session" in this case can go beyond the lifespan of the Access Token
if
token refresh is possible.
[SAH] Yes, the concept of the session is directly related to the existence and
validity of an Access Token, which may be refreshed. How would you suggest that
this be reworded?
[PK] "For token-oriented clients (see Section 3.1.2 and Section 6), the
RDAP session corresponds to the lifespan of an authorization obtained
from the OP and the corresponding Access Token, including a refreshed
Access Token."
3. The note about "Implicit Flow" - wouldn't "Security Considerations"
be a better place for this remark?
[SAH] I like noting it where it's first mentioned, but yes, it could be mentioned in the
"Security Considerations" section, too.
[PK] it was just a remark, you I'm also fine if you ignore it.
Kind Regards,
Pawel
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
