- changed component to FAPI2: Security Profile
Scope needs clarification
Current text
This document specifies the requirements for confidential Clients to securely obtain OAuth tokens from Authorization Servers and securely use those tokens to access REST APIs at Resource Servers.
This is kind of OK, but it also appears as if this document just specifies the requirements for clients, which is not the case. A large part of the document specifies the requirements for servers.
This is a non-normative editorial change but still desirable to be implemented.
Comments (5)
-
reporter -
-
assigned issue to
-
assigned issue to
-
turn into bullet points
add point about the AS
add point about RS
and mention attacker model -
-
reporter - changed status to resolved
Merged in issue-562-scope (pull request #439). Fix
#562adjust scope to make clear its not just clientS
Approved-by: Joseph Heenan Approved-by: Nat Sakimura
→ <<cset 7974b596553f>>
- Log in to comment