I have started sharing my planned changes for 17: https://github.com/hueniverse/draft-ietf-oauth
Change log: https://github.com/hueniverse/draft-ietf-oauth/commit/24a48f99c204331264028 f66708427961a1bc102#diff-3 My main focus right now is to clarify client types, registration, and identification, as well as tweak the registration requirements for redirection URIs. This is still very raw. However, I would very much like to get feedback about the following sections: 1.1.1. Client Types 1.2. Client Registration 2.1.1. Redirection URI In section 2.1.1, please note that it includes many new normative requirements, but in practice, they mostly boil down to the requirement to register a redirection URI for using the implicit grant type as well as using the authorization code with a public client (new term for describing client incapable of keeping secrets). I have turned the spec around, making registered redirection URIs the default, and using the parameter as an optional feature. Feedback is very much appreciated as we only have a few more days before I have to push out -17 and would like a few more eyes looking at the new text before published. I am still not ready to share changes to section 3. Also, I have a long list of additional changes raised on the list. Thanks, EHL _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
