Document: draft-ietf-oauth-rfc7523bis Title: Updates to OAuth 2.0 JSON Web Token (JWT) Client Authentication and Assertion-Based Authorization Grants Reviewer: Rich Salz Review result: Has Issues
This is the Security Directorate review for draft-ietf-oauth-rfc7523bis. The authors know what this kind of thing is. The Security ADs should treat this as any other last-call comments. Not surprisingly, I found the document pretty clear. I had to read a bunch of OAUTH RFCs to catch the context; as I'm mostly ignorant about it.. The only issue I found was that there discussion of backward compatibility other than Section 3, where it's kinda weakly stated. The identifier isn't changing, so at least a statement that it is backward compatible would be helpful I think. _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
