Would making it even simpler also work? (and is more consistent with the 6749 language) > > The decision of whether to accept such responses is beyond the scope of > this specification.
Warren Parad Founder, CTO Secure your user data with IAM authorization as a service. Implement Authress <https://authress.io/>. On Wed, Oct 27, 2021 at 9:41 PM Roman Danyliw <[email protected]> wrote: > Hi! > > I performed an AD review of draft-ietf-oauth-iss-auth-resp-02. Thanks for > documenting this mitigation. > > The document is in good shape so I am advancing it to IETF LC. Please > treat these minor comments as part of that feedback: > > ** Section 2.4. Editorial. > > The decision of whether to accept such > responses is individual for every scenario and it is not in the scope > of this specification. > > Would it be more clear to say: > > "Local policy or configuration can determine whether to accept such > responses and specific guidance is out of scope for this specification." > > There is also similar language in the next paragraph. > > ** Section 5.1 and 5.2. Per the "Change Control" field, please > s/IESG/IETF/ > > Thanks, > Roman > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
