Alissa,
Having not heard anything more on the issue, I went ahead and made those
changes to the Privacy Consideration section. I believe they address the
question/concern in your DISCUSS ballot. As such, I'd respectfully request
that you review the changes and clear the discuss.
Thank you,
Brian
Thank you, Alissa, for the review. Please see below for inline
comments/responses and note that this is also my response to your last
message on the related thread at
https://mailarchive.ietf.org/arch/msg/oauth/MKqEIsb8TJCFUNl3vF-bB38nWv4
On Tue, Nov 20, 2018 at 12:50 PM Alissa Cooper wrote:
>
In regards to the comment on section 4.1, it depends on the
authorization policy and the deployment architecture. I don't believe
there is a single solution that will work with all deployments.
It may be worth calling out that exposure of the entire delegation chain
can leak information and
Alissa Cooper has entered the following ballot position for
draft-ietf-oauth-token-exchange-16: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to
