Hi Aaron, On 5/28/25 11:53, Aaron Parecki wrote:
### Update RFC 9700166 Many of these recommendations are derived from the Best Current 167 Practice for OAuth 2.0 Security [RFC9700], as browser-based 168 applications are expected to follow those recommendations as well. 169 This document expands on and further restricts various 170 recommendations given in [RFC9700]. Given the above text which states that it further restricts RFC 9700, should this document be listed as updating RFC 9700? I am not 100% sure of the criteria for marking an RFC as updating another, but I don't think that is the case here. The recommendations in this draft are meant to be complementary to RFC 9700.
Mike and Deb cleared this up during the telechat. It is not an issue.
These changes are currently in the GitHub repo but not yet published to datatracker. Here are the individual commits if you'd like to see the diffs: * https://github.com/oauth-wg/oauth-browser-based-apps/commit/728c360988399d6374f02677ac6202abc447a2f3 <https://github.com/oauth-wg/oauth-browser-based-apps/commit/728c360988399d6374f02677ac6202abc447a2f3> * https://github.com/oauth-wg/oauth-browser-based-apps/commit/95f2ca974bc34fef5b8294000cbb4da5112e1d6c <https://github.com/oauth-wg/oauth-browser-based-apps/commit/95f2ca974bc34fef5b8294000cbb4da5112e1d6c> * https://github.com/oauth-wg/oauth-browser-based-apps/commit/b6c6f25ba949b268e4d22b57f2cae31f69b905e8 <https://github.com/oauth-wg/oauth-browser-based-apps/commit/b6c6f25ba949b268e4d22b57f2cae31f69b905e8> * https://github.com/oauth-wg/oauth-browser-based-apps/commit/f33b5f02b67de0aea697f4a45a5970e7df7d4b8f <https://github.com/oauth-wg/oauth-browser-based-apps/commit/f33b5f02b67de0aea697f4a45a5970e7df7d4b8f>
These changes look good. Thanks for your time and patience. I will clear my discuss. -andy _______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
