Re: [Last-Call] Artart last call review of draft-ietf-oauth-rar-14

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks Thomas,

We will certainly incorporate those fixes/suggestions. 

On Fri, Nov 4, 2022 at 4:00 PM Thomas Fossati via Datatracker <noreply@xxxxxxxx> wrote:
Reviewer: Thomas Fossati
Review result: Ready

This document defines an OAuth parameter ("authorization_details") to
carry fine-grained authorization data in OAuth messages. This allows
APIs to customise their authorization requests and has applicability in
a number of scenarios, e.g.: banking, e-health, accessing tax data, etc.
The document also defines a base vocabulary for expressing common
semantics, which grants consistency in an otherwise completely open
space.

It is a very well written document and was a pleasure to read.

It has a clearly defined goal and well designed mechanisms.

The examples (both JSON and HTTP) are many, very well crafted, and
syntactically impeccable -- apart from a couple of stray ellipses in the
JSON examples of §10, and the snippet in Figure 16, which were the only
alerts I got from my linter.

The IANA requests are in good shape (with only a tiny typo issue, see
below.)

Here a couple of very minor reference suggestions:
* §2, when JSON is first mentioned, you could add a pointer to RFC7493
* §2.1, when ASCII is mentioned, you could add a pointer to RFC0020

Please fix these:
* §2.2: "[...] the permissions the client requests is" should be "[...]
  the permissions the client requests are"
* §3: "[...] to improve to security" should be "[...] to improve the
  security"
* §15.6: "[...] authorization_details_parameterto" should be
  "[...] authorization_details parameters to" (I think)

Other than that, ship it!




CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.
-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux