Dear all, thanks for this interesting work! I think that there's some editorial work that should be done on terminology (e.g. a consistent use of JOSE header parameter, HTTP header field, ...) and some simplification will really make the spec more easy to read.
For example, once defined that the syntax of DPOP is a JWS, it is redundant to further state that DPOP value MUST be a JWS. Moreover there are security considerations all throughout the document, that should probably be moved to the #Security section. I will provide further feedback in the next few days. I'm providing some PRs on the repo: feel free to comment there. - https://github.com/danielfett/draft-dpop/pulls/ioggstream Kind regards, R. Il giorno lun 28 mar 2022 alle ore 14:01 Rifaat Shekh-Yusef < [email protected]> ha scritto: > All, > > As discussed during the IETF meeting in *Vienna* last week, this is a *WG > Last Call *for the *DPoP* document: > https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ > > Please, provide your feedback on the mailing list by April 11th. > > Regards, > Rifaat & Hannes > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
