I disagree with this errata. The original text is correctly representing that the "photo-sharing service" trusts the authorization server. The suggested text is ambiguous because it does not make clear which party is trusting which other party.
Aaron On Sun, Sep 17, 2023 at 11:00 AM RFC Errata System < rfc-edi...@rfc-editor.org> wrote: > The following errata report has been submitted for RFC6749, > "The OAuth 2.0 Authorization Framework". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid7642 > > -------------------------------------- > Type: Editorial > Reported by: Wilhelm Fast <w.fas...@gmail.com> > > Section: 1 > > Original Text > ------------- > Instead, she authenticates directly with a server trusted by the > photo-sharing service (authorization server), which issues the printing > service delegation- > specific credentials (access token). > > Corrected Text > -------------- > Instead, she directly authenticates with a trusted server, the > authorization server, which issues delegation-specific credentials, known > as access tokens, to the printing service for controlled and secure access. > > Notes > ----- > The sentence is confusing, and the reader might confuse the Authorization > Server with the Resource Server. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC6749 (draft-ietf-oauth-v2-31) > -------------------------------------- > Title : The OAuth 2.0 Authorization Framework > Publication Date : October 2012 > Author(s) : D. Hardt, Ed. > Category : PROPOSED STANDARD > Source : Web Authorization Protocol > Area : Security > Stream : IETF > Verifying Party : IESG > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
