Thanks Haibin. > -----Original Message----- > From: Songhaibin [mailto:[email protected]] > Sent: Wednesday, February 15, 2012 1:33 AM
> Nits: > 1. Section 3.1, paragraph 4, the last sentence is confusing, is it the > authorization server who sends the request to the authorization endpoint? > Or is it the resource owner? The client. Added clarification in section 3. > 2. Section 3.1.1, paragraph 3, "...where the order of values does not > matter.." > I think a little clarification on the reason for this would be better for > people > like me. I don't think we need to explain it, but it's to meet typical developers' expectations. > 3. Section 3.2, paragraph 4, the last sentence is confusing, is it the > authorization server who sends request to the token endpoint? Same as #1. > 4. Section 10.12, paragraph 4, should the terminology "end-user" be changed > to "resource owner"? There are same issues in other places of this > document. Changed some. Clarified end-user in the intro. > 5. Section 10.6, paragraph 2, second sentence, When the attacker is sent > to.../ When the authorization code request is sent to... Not sure what you mean. EH _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
