> -----Original Message----- > From: Pawel Kowalik <[email protected]> > Sent: Thursday, February 2, 2023 4:58 PM > To: Hollenbeck, Scott <[email protected]>; [email protected] > Subject: [EXTERNAL] Re: [regext] I-D Action: draft-ietf-regext-rdap-openid- > 21.txt > > Caution: This email originated from outside the organization. Do not click > links > or open attachments unless you recognize the sender and know the content is > safe. > > Hi Scott, > > Feedback inline. > > Am 02.02.23 um 13:56 schrieb Hollenbeck, Scott: > >> Also the "session" in this case can go beyond the lifespan of the > >> Access Token if token refresh is possible. > > [SAH] Yes, the concept of the session is directly related to the existence > > and > validity of an Access Token, which may be refreshed. How would you suggest > that this be reworded? > > [PK] "For token-oriented clients (see Section 3.1.2 and Section 6), the RDAP > session corresponds to the lifespan of an authorization obtained from the OP > and the corresponding Access Token, including a refreshed Access Token."
[SAH] Works for me - thanks! > >> 3. The note about "Implicit Flow" - wouldn't "Security Considerations" > >> be a better place for this remark? > > [SAH] I like noting it where it's first mentioned, but yes, it could be > > mentioned > in the "Security Considerations" section, too. > > [PK] it was just a remark, you I'm also fine if you ignore it. [SAH] I'll work it in. Scott _______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
