Re: [OAUTH-WG] tsv-dir review of draft-ietf-oauth-v2-23

Songhaibin <haibin.song@huawei.com> Thu, 08 March 2012 02:10 UTC

Return-Path: <haibin.song@huawei.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8960321E805B; Wed, 7 Mar 2012 18:10:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.507
X-Spam-Level:
X-Spam-Status: No, score=-6.507 tagged_above=-999 required=5 tests=[AWL=0.092, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oZCD7U4WtD-t; Wed, 7 Mar 2012 18:10:53 -0800 (PST)
Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [119.145.14.67]) by ietfa.amsl.com (Postfix) with ESMTP id C8D7721E8045; Wed, 7 Mar 2012 18:10:52 -0800 (PST)
Received: from huawei.com (szxga04-in [172.24.2.12]) by szxga04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0M0J00362NE430@szxga04-in.huawei.com>; Thu, 08 Mar 2012 10:10:52 +0800 (CST)
Received: from szxrg02-dlp.huawei.com ([172.24.2.119]) by szxga04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0M0J006TONE0C4@szxga04-in.huawei.com>; Thu, 08 Mar 2012 10:10:51 +0800 (CST)
Received: from szxeml202-edg.china.huawei.com ([172.24.2.119]) by szxrg02-dlp.huawei.com (MOS 4.1.9-GA) with ESMTP id AHR01602; Thu, 08 Mar 2012 10:10:11 +0800
Received: from SZXEML404-HUB.china.huawei.com (10.82.67.59) by szxeml202-edg.china.huawei.com (172.24.2.42) with Microsoft SMTP Server (TLS) id 14.1.323.3; Thu, 08 Mar 2012 10:10:02 +0800
Received: from SZXEML534-MBX.china.huawei.com ([169.254.2.222]) by szxeml404-hub.china.huawei.com ([::1]) with mapi id 14.01.0323.003; Thu, 08 Mar 2012 10:10:30 +0800
Date: Thu, 08 Mar 2012 02:10:39 +0000
From: Songhaibin <haibin.song@huawei.com>
In-reply-to: <90C41DD21FB7C64BB94121FBBC2E723453AFCD407B@P3PW5EX1MB01.EX1.SECURESERVER.NET>
X-Originating-IP: [10.138.41.129]
To: Eran Hammer <eran@hueniverse.com>, "tsv-ads@tools.ietf.org" <tsv-ads@tools.ietf.org>, "draft-ietf-oauth-v2@tools.ietf.org" <draft-ietf-oauth-v2@tools.ietf.org>
Message-id: <E33E01DFD5BEA24B9F3F18671078951F156E0D21@szxeml534-mbx.china.huawei.com>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-language: zh-CN
Content-transfer-encoding: 7BIT
Accept-Language: en-US, zh-CN
Thread-topic: tsv-dir review of draft-ietf-oauth-v2-23
Thread-index: AczrxK1m0Cmrx5G1TqO2SHCpS5HjoQQ+W/QAAASPNnA=
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
X-CFilter-Loop: Reflected
References: <E33E01DFD5BEA24B9F3F18671078951F156D8F4B@szxeml534-mbx.china.huawei.com> <90C41DD21FB7C64BB94121FBBC2E723453AFCD407B@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Cc: Martin Stiemerling <Martin.Stiemerling@neclab.eu>, "oauth@ietf.org" <oauth@ietf.org>, "tsv-dir@ietf.org" <tsv-dir@ietf.org>
Subject: Re: [OAUTH-WG] tsv-dir review of draft-ietf-oauth-v2-23
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Mar 2012 02:10:57 -0000

> > 5. Section 10.6, paragraph 2, second sentence, When the attacker is sent
> > to.../ When the authorization code request is sent to...
> 
> Not sure what you mean.

I mean you may have to change "the attacker is sent to..." to "the authorization code is sent to...".

BR,
-Haibin

> -----Original Message-----
> From: Eran Hammer [mailto:eran@hueniverse.com]
> Sent: Thursday, March 08, 2012 8:16 AM
> To: Songhaibin; tsv-ads@tools.ietf.org; draft-ietf-oauth-v2@tools.ietf.org
> Cc: tsv-dir@ietf.org; oauth@ietf.org; Martin Stiemerling
> Subject: RE: tsv-dir review of draft-ietf-oauth-v2-23
> 
> Thanks Haibin.
> 
> > -----Original Message-----
> > From: Songhaibin [mailto:haibin.song@huawei.com]
> > Sent: Wednesday, February 15, 2012 1:33 AM
> 
> > Nits:
> > 1. Section 3.1, paragraph 4, the last sentence is confusing, is it the
> > authorization server who sends the request to the authorization endpoint?
> > Or is it the resource owner?
> 
> The client. Added clarification in section 3.
> 
> > 2. Section 3.1.1, paragraph 3, "...where the order of values does not matter.."
> > I think a little clarification on the reason for this would be better for people
> > like me.
> 
> I don't think we need to explain it, but it's to meet typical developers'
> expectations.
> 
> > 3. Section 3.2, paragraph 4, the last sentence is confusing, is it the
> > authorization server who sends request to the token endpoint?
> 
> Same as #1.
> 
> > 4. Section 10.12, paragraph 4, should the terminology "end-user" be changed
> > to "resource owner"? There are same issues in other places of this
> > document.
> 
> Changed some. Clarified end-user in the intro.
> 
> > 5. Section 10.6, paragraph 2, second sentence, When the attacker is sent
> > to.../ When the authorization code request is sent to...
> 
> Not sure what you mean.
> 
> EH
>