Reviewer: Thomas Fossati Review result: Ready with Nits I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://wiki.ietf.org/en/group/gen/GenArtFAQ>. Document: draft-ietf-oauth-browser-based-apps-22 Reviewer: Thomas Fossati Review Date: 2025-01-26 IETF LC End Date: 2025-02-04 IESG Telechat date: Not scheduled for a telechat Summary: This is a BCP for browser-based apps that use OAuth 2.0. It's a companion to BCP212, which contains similar recommendations for OAuth 2.0 native apps. This document is very clearly written, exhaustive, and well-organised. >From a Gen-ART perspective, it's ready to ship. Many thanks to the editors and the oauth WG. One question for the editors and WG regarding the BCP status: is this doc going into BCP212 or does it get its own BCP number? Major issues: none Minor issues: none Nits/editorial comments: One editorial nit regarding the use of the term "scenario" in sentences like: "scenarios that attackers can use" "[...] scenarios that an attacker can execute" To my (non-native) ears, to "use/execute a scenario" sounds a bit weird :-) Maybe "attack _strategies_ that an attacker can _exploit_"? Apart from that, I have packed a bunch of small fixes into a PR [1]. [1] https://github.com/oauth-wg/oauth-browser-based-apps/pull/65 -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
