Hi, I just had a question on best practice. In this document a large part of the normative text is located under Security Considerations.
I had previously seen Security Considerations as things to think about when implementing not so much as MUSTs and MUST NOTs. I think it is okay to have it this way but it surprised me a bit and wanted to ask if there is any best practice for the Security Considerations section saying what type of information it should include. Best Regards Samuel Erdtman
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
