Hi Brian, just a couple responses inline where it seemed fitting. Thanks for
going through everything!
— Justin
> On Aug 25, 2020, at 6:01 PM, Brian Campbell
> wrote:
>
> Thanks for the review and comments Justin. Replies (or attempts thereat) are
> inline below.
>
>
> On Wed, Aug 19, 2020
Thanks for the review and comments Justin. Replies (or attempts thereat)
are inline below.
On Wed, Aug 19, 2020 at 2:06 PM Justin Richer wrote:
> I’ve done a full read through of the PAR specification, and here are my
> notes on it.
>
> For additional context, I’ve implemented this specificatio
Here is an additional comment:
The text mentions in the Introduction:
In example is a resource server using verified person data
to create certificates, which in turn are used to create qualified
electronic signatures.
The problem is the following: the AS has no way to verify that the
This draft contains a "Privacy considerations" section (Section 9).
..
The content of this section is as follows:
The token introspection response can be used to transfer personal
identifiable information from the AS to the RS. The AS MUST ensure a
legal basis exists for the data trans
This document does not include a "Privacy considerations" section, but
it should.
Denis
All,
This is a WGLC on the *Pushed Authorization Requests *document:
https://www.ietf.org/id/draft-ietf-oauth-par-03.html
Please, take a look and provide feedback on the list by *August 25th.*
Regards,