Hi, As the shepherd for this document, I have reviewed version 05 of the draft https://www.ietf.org/archive/id/draft-ietf-oauth-rfc7523bis-05.html
and I have the following comments/questions: *Section 3* It is RECOMMENDED that SAML Bearer Assertions not be used for client > authentication. Should the RECOMMENDED be a MUST? If not, can you add some text to explain when SAML Bearer Assertions could still be used? *Section 5, *Second paragraph, “The paragraph describing the audience value in Section 2” You might want to explicitly state which paragraph this is referring to. *Section 5, *Last paragraph, “Client authentication JWTs SHOULD be explicitly…” Can you elaborate on what this is a “SHOULD” to make it clear to the implementer? *Section 8.2* It seems to me that the following references should be moved to the Normative References section: IANA.MediaTypes, IANA.OAuthParameters, OpenID.Core, RFC2046, and RFC6838 Regards, Rifaat
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
