Hi Paul,
Per my earlier reply at
https://www.ietf.org/mail-archive/web/gen-art/current/msg14212.html, the
specified registration procedure is the standard IANA one, prefixed by a public
review period. JWT registrations, OAuth registrations, .well-known
registrations, and others all already work this way. It works well in
practice. Particularly since changing the registration procedure for this JWT
claim would make it inconsistent with registering JWT claims, I believe that
the working group would strongly oppose removing the public review period step.
I would therefore ask that you withdraw your request to revise the registration
procedure, on this basis.
Thank you,
-- Mike
-----Original Message-----
From: Paul Kyzivat [mailto:pkyzi...@alum.mit.edu]
Sent: Thursday, January 26, 2017 9:51 AM
To: draft-ietf-oauth-amr-values....@ietf.org
Cc: General Area Review Team <gen-art@ietf.org>
Subject: [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-amr-values-05
I am the assigned Gen-ART reviewer for this draft. The General Area Review Team
(Gen-ART) reviews all IETF documents being processed by the IESG for the IETF
Chair. Please wait for direction from your document shepherd or AD before
posting a new version of the draft. For more information, please see the FAQ at
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
Document: draft-ietf-oauth-amr-values-05
Reviewer: Paul Kyzivat
Review Date: 2017-01-26
IETF LC End Date: 2016-12-13
IESG Telechat date:2017-01-32
Summary:
This draft is on the right track but has open issues, described in the review.
It is generally well written, with much better guidelines for expert reviewers
than I typically see.
Disclaimer:
I'm not well versed in JSON Web Tokens, so I have not considered the pros/cons
of having this registry or of the specific values being registered. I have
focused on the mechanics of the draft.
Issues:
Major: 0
Minor: 1
Nits: 0
(1) Minor:
Section 6.1 says:
IANA must only accept registry updates from the Designated Experts
and should direct all requests for registration to the review
mailing list.
This is inconsistent with the way IANA Expert Review works, as defined in
section 3 of RFC5226. Requests go through some channel (e.g. IESG review for
standards track RFCs) to the editor and then IANA actions requiring expert
review are referred to a designated expert. The expert then approves or denies
the request, and approved requests are acted upon by IANA.
Direction of requests to a mailing list is not an IANA function, but could be
done by the expert.
Please revise the text and procedures to be consistent with the way Expert
Review is intended to work.
(Note: In my earlier last call review of this document I erroneously cited
RFC5526 rather than RFC5226. I have corrected that above.)
_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www.ietf.org/mailman/listinfo/gen-art
