Issue 18 did raise some comments. The feedback was that the parameter value should be changed from a simple string to a space-delimited list of values. 5 people expressed support with 2 (myself included) expressed concern about this change. I would be great if others would take 10 minutes to study it and join the conversation (the thread is 'defining new response types').
Issues 15-17 are not trivial changes and I would really like to see some comments about them, even if just of support. EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Barry Leiba > Sent: Friday, July 15, 2011 7:37 AM > To: OAuth WG > Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-18 > > >> List of open issues: > >> > >> * Consensus for new Client Registration section (2) > >> * Consensus for revised Redirection URI section (3.1.2) > >> * Consensus for new token endpoint Client Authentication section > >> (3.2.1) > >> * Consensus for new authorization endpoint response type > >> extensibility (8.4) > > These issues have been open for almost a week -- they're issues 15 thru 18 in > the tracker: > http://trac.tools.ietf.org/wg/oauth/trac/report/1 > > There's already text in draft-ietf-oauth-v2-18 for them, marked as "pending > consensus", so we have only to confirm that the text is acceptable to the > working group. There's been no discussion of that text that I've seen, and I > take that to mean that what's there looks good. > > We'll give it another few days, and take silence to mean assent. In other > words, if anyone has problems with the "pending consensus" text, please > start a new thread about it, and put the issue number in the subject line > ("Subject: Issue 15, new client registration", for example). Barring > objections > by this coming Tuesday afternoon (19 July), I will close issues 15 thru 18. > > As soon as we get resolutions for issues 19 thru 21, we'd like to start > working > group last call on draft-ietf-oauth-v2. So let's get all the issues sorted > out as > soon as we can, and move this document ahead. > > Issues 19 thru 21: > > * Missing example from security section 10.4 Refresh Tokens > > * Missing reference to DOM variable example in section 10.12 Cross-Site > > Request Forgery > > * Need editing for 10.13 Clickjacking to better align with the protocol > terminology, > > missing reference for x-frame-options header > > Barry, as chair > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
