[Last-Call] Artart last call partial review of draft-ietf-oauth-iss-auth-resp-02

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Review is partially done. Another assignment may be needed to complete it.

Reviewer: Julian Reschke
Review result: Almost Ready

(I have reviewed this with zero knowledge of OAuth, so additional review
probably would be good)

Major issues:

2.4

"Clients MUST compare the extracted and URL-decoded value to the issuer
identifier of the authorization server where the authorization request was sent
to."

I'm not sure that "URL-decoded" is correct with respect to decoding query
parameters. Consider URLs containing "+" or "=". You probably need the encoding
rules for application/x-www-form-urlencoded instead.

Minor issues:

References to registries should not be listed as normative.

Nits:

Section links to external documents do not appear to be marked up as such (and
use a trailing dot in the section number which they should not)

There are no Acks; so section 6 should be deleted (if there were acksm they
should go into an unnumbered section at the end of the document)



-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux