Qin, Thank you for your valuable feedback. Version 12 incorporates some of your feedback. Replies inline:
On Tue, Jun 12, 2018 at 4:25 AM, Qin Wu <[email protected]> wrote: > Reviewer: Qin Wu > Review result: Ready > > I have reviewed this document as part of the Operational directorate¡¯s > ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written with the intent of improving the operational aspects > of > the IETF drafts. Comments that are not addressed in last call may be > included > in AD reviews during the IESG review. Document editors and WG chairs > should > treat these comments just like any other last call comments. Document > reviewed: > draft-ietf-oauth-device-flow > > Summary: > This document defines device flow among browserless and input constrained > devices, end user at browser and authorization server. This device flow > allows > OAuth clients to request user authorization from devices that have an > Internet > connection, but don't have an easy input method. This document is well > written, > especially security consideration section. I think it is ready for > publication. > > Major issue: None > Minor issue: Editorial > Section 3.3.1 > The short name for NFV needs to be expanded, maybe add reference. > QR code also needs to be expanded. > NFC and QR were expanded. > Section 3.5: > Who is token endpoint, how token endpoint is related to authorization > server? > Would it be great to add some clarification text about this. This separation is covered in OAuth. I added a some more references to OAuth 2 in Section 3.1 of version 12. Could do the same in section 3.5. > Section 4: Would it be great to clarify the relationship between > device_authorization_endpoint > defined in this document and authorization_endpoint defined in > draft-ietf-oauth-discovery-10 and explain why authorization_endpoint is not > sufficient,e.g., draft-ietf-oauth-discovery-10 has already defined > authorization server metadata value authorization_endpoint, however ¡¡ > > Some text to clarify the distinction between these two endpoints was added to Section 3.1 Best, William
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
