Hi, Please find my feedback from page 21 onwards below.
Hans. Overall I would argue there's room for a very concise guidance section that says: do this, don't do that, without explanation, just as a reference for developers; the current text provides in depth analysis but that is perhaps not suitable for developers who just want to know what to do (or not to do) and don't really care about the background/reasoning P21 first bullet "the client has bound this data to this particular instance." -> particular instance of what? 3rd paragraph: "call to the tokens endpoint." -> "call to the token endpoint." last paragraph could forward point to the next section by adding something like "using one of the mechanisms described in the next section." P22 3rd paragraph: is the token binding guidance still accurate? it seems to be overestimating the adoption -- [email protected] ZmartZone IAM - www.zmartzone.eu
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
