For those on the ietf@xxxxxxxx list, you can find my responses as editor to Mark's useful apps area feedback at these locations: http://www.ietf.org/mail-archive/web/oauth/current/msg08040.html http://www.ietf.org/mail-archive/web/oauth/current/msg08075.html As editor, I attempted to apply all of Mark's recommendations, other than those that were contrary to working group consensus positions that had already been established via discussions on the working group mailing list. Where his recommendations were not adopted, reasons were given in my responses on behalf of the working group cited above. Best wishes, -- Mike -----Original Message----- From: oauth-bounces@xxxxxxxx [mailto:oauth-bounces@xxxxxxxx] On Behalf Of Mark Nottingham Sent: Tuesday, January 24, 2012 3:19 PM To: IETF Discussion Cc: OAuth WG Subject: Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard My comments were made in: http://www.ietf.org/mail-archive/web/apps-discuss/current/msg03805.html Most of them (excepting the nits) haven't been addressed in the drafts. Regards, Begin forwarded message: > Subject: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard > Date: Mon, 23 Jan 2012 07:46:43 -0800 > From: The IESG <iesg-secretary@xxxxxxxx> > Reply-To: ietf@xxxxxxxx > To: IETF-Announce <ietf-announce@xxxxxxxx> > CC: oauth@xxxxxxxx > > > The IESG has received a request from the Web Authorization Protocol WG > (oauth) to consider the following document: > - 'The OAuth 2.0 Authorization Protocol: Bearer Tokens' > <draft-ietf-oauth-v2-bearer-15.txt> as a Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > ietf@xxxxxxxx mailing lists by 2012-02-06. Exceptionally, comments may > be sent to iesg@xxxxxxxx instead. In either case, please retain the > beginning of the Subject line to allow automated sorting. > > Abstract > > > This specification describes how to use bearer tokens in HTTP > requests to access OAuth 2.0 protected resources. Any party in > possession of a bearer token (a "bearer") can use it to get access to > the associated resources (without demonstrating possession of a > cryptographic key). To prevent misuse, bearer tokens need to be > protected from disclosure in storage and in transport. > > > > > The file can be obtained via > http://datatracker.ietf.org/doc/draft-ietf-oauth-v2-bearer/ > > IESG discussion can be tracked via > http://datatracker.ietf.org/doc/draft-ietf-oauth-v2-bearer/ > > > No IPR declarations have been submitted directly on this I-D. > -- Mark Nottingham http://www.mnot.net/ _______________________________________________ OAuth mailing list OAuth@xxxxxxxx https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf