Thanks, Mike. I'll look at the shepherd report and see if it is ready to start last call.
Best regards, Kathleen On Mon, Nov 14, 2016 at 2:29 AM, Mike Jones <[email protected]> wrote: > Thanks for your review, Kathleen. Draft -04 has been published to address > these comments. Actions taken are described inline. > > > > -- Mike > > > > *From:* OAuth [mailto:[email protected]] *On Behalf Of *Kathleen > Moriarty > *Sent:* Saturday, October 29, 2016 3:51 AM > *To:* [email protected] > *Subject:* [OAUTH-WG] AD review of draft-ietf-oauth-amr-values > > > > Hello, > > > > I reviewed draft-ietf-oauth-amr-values and have a few comments. First, > thanks for your work on this draft! > > > > Several of the authentication methods mentioned are typically used (or > recommended for use) as a second or third factor. I see in section 3 that > multiple methods can be contained in the claim. I'd like to see an example > of single and multiple authentication methods being represented. Was it a > WG decision to leave out examples? > > · Added “amr” claim examples with both single and multiple values. > > > > In the Privacy considerations section, I think it should be made clear > that the actual credentials are not part of this specification to avoid > additional privacy concerns for biometric data. > > · Clarified that the actual credentials referenced are not part of > this specification to avoid additional privacy concerns for biometric data. > > > > Section 5, shouldn't a pointer be here to the attacks on OAuth 2.0 as well? > > · Clarified that the OAuth 2.0 Threat Model [RFC6819] applies to > applications using this specification. > > > > > > Thank you. > > -- > > > > Best regards, > > Kathleen > -- Best regards, Kathleen
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
