Reviewer: Phillip Hallam-Baker Review result: Ready This draft was previously reviewed by Steve Kent for the -27 version. My review therefore mostly consists of checking that the changes recommended have been made and that no new issues have arisen. Note that contrary to the data in the tracker, I was not given the assignment in 2019. If you decide that you want to use OAUTH for authorization security for Internet of Things, this is a reasonable approach to take. This is not a simple proposition or for the fainthearted. OAuth is built around the various constraints of the browser world to which the constraints of being a constrained device are added. The issues raised by Steve have all been addressed as far as I can see. It looks good to go but since it is a security spec, ADs should still take note. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call