> > 5. Section 10.6, paragraph 2, second sentence, When the attacker is sent > > to.../ When the authorization code request is sent to... > > Not sure what you mean.
I mean you may have to change "the attacker is sent to..." to "the authorization code is sent to...". BR, -Haibin > -----Original Message----- > From: Eran Hammer [mailto:[email protected]] > Sent: Thursday, March 08, 2012 8:16 AM > To: Songhaibin; [email protected]; [email protected] > Cc: [email protected]; [email protected]; Martin Stiemerling > Subject: RE: tsv-dir review of draft-ietf-oauth-v2-23 > > Thanks Haibin. > > > -----Original Message----- > > From: Songhaibin [mailto:[email protected]] > > Sent: Wednesday, February 15, 2012 1:33 AM > > > Nits: > > 1. Section 3.1, paragraph 4, the last sentence is confusing, is it the > > authorization server who sends the request to the authorization endpoint? > > Or is it the resource owner? > > The client. Added clarification in section 3. > > > 2. Section 3.1.1, paragraph 3, "...where the order of values does not > > matter.." > > I think a little clarification on the reason for this would be better for > > people > > like me. > > I don't think we need to explain it, but it's to meet typical developers' > expectations. > > > 3. Section 3.2, paragraph 4, the last sentence is confusing, is it the > > authorization server who sends request to the token endpoint? > > Same as #1. > > > 4. Section 10.12, paragraph 4, should the terminology "end-user" be changed > > to "resource owner"? There are same issues in other places of this > > document. > > Changed some. Clarified end-user in the intro. > > > 5. Section 10.6, paragraph 2, second sentence, When the attacker is sent > > to.../ When the authorization code request is sent to... > > Not sure what you mean. > > EH > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
