Abstract

19.1

s/authentciated/authenticated

Introduction

19.2

s/ In addition, TLS sessions are terminated prematurely at some middlebox (such as a load balancer). / In addition, TLS sessions may be terminated prematurely at some middlebox (such as a load balancer).

19.3

s/ Because of these weaknesses, several attacks to the protocol such as Redirection URI rewrite has been put forward by now. / Because of these weaknesses, several attacks against the protocol, such as Redirection URI rewriting, has been discovered.

19.4

s/ Further, the request by reference allows the reduction of over-the- wire overhead. / Furthermore, the request by reference allows the reduction of over-the- wire overhead.

19.5

s/ containment / confidentiality protection

#~~#19~~.6

s/authentcicated/authenticated

#~~#19~~.7 Dropping WAP reference

Maybe you want to drop mentioning of WAP since it is probably not that important anymore

#~~#19~~.8

s/ There are other potential formats that could be used for this purpose instead of JWT [RFC7519]. / The JWT encoding has been chosen because of

Section 10.2:

19.9

s/cacheing/caching

Section 10.3:

19.10

s/sepcification/specification

s/peform/perform

Section 11.2.1 Request Disclosure

19.11

s/poteintially/potentially

s/borwser/browser

s/corrilating/correlating

Section 12 Acknowledgements

19.12

s/ Follwoing people contributed to the creation of this document in OAuth WG. (Affiliations at the time of the contribution is used.) / The following people contributed to the creation of this document in the OAuth WG. (Affiliations at the time of the contribution are used.)

Hannes Comments