Last Call Review of draft-ietf-oauth-v2-bearer-

Request Review of draft-ietf-oauth-v2-bearer
Requested rev. no specific revision (document currently at 23)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2012-06-27
Requested 2012-04-12
Authors Michael Jones, Dick Hardt
Draft last updated 2012-07-17
Completed reviews Genart Last Call review of -?? by Alexey Melnikov
Genart Telechat review of -?? by Alexey Melnikov
Genart Last Call review of -?? by Alexey Melnikov
Assignment Reviewer Alexey Melnikov 
State Completed
Review review-ietf-oauth-v2-bearer-genart-lc-melnikov-2012-07-17
Review completed: 2012-07-17


I am still Ok with -22, but I have 1 new comment raised by introduction 

of the base64 ABNF non terminal:

I think it would be worth adding a comment for b64token that points to 

the base64 RFC. The current ABNF is too permissive (arbitrary number of 

"=" allowed at the end) and there are enough broken base64 parsers 

around (parsers that ignore everything after a "=", parsers that support 

arbitrary number of "=" at the end, etc.), so we shouldn't encourage 

creation of new ones.