Hi Scott,
a first feedback is about the "notice" object used in the examples.
It seems to me that the values of the "description" member are not
compliant with what is stated in section 4.3 of RFC 9083:
*an array of strings named "description" for the purposes of conveying
any descriptive text*
As a general rule, I think we should not use jagged arrays. They are
harmful for clients because they cannot be deserialized straightforwardly.
This is also one of the reasons why jCard is considered inefficient.
So I would opt for defining a new "session response" based on an
unambiguous data model.
Best,
Mario
Il 08/02/2022 19:57, Hollenbeck, Scott ha scritto:
-----Original Message-----
From: I-D-Announce<i-d-announce-boun...@ietf.org> On Behalf Of
internet-dra...@ietf.org
Sent: Tuesday, February 8, 2022 1:53 PM
To:i-d-annou...@ietf.org
Cc:regext@ietf.org
Subject: [EXTERNAL] I-D Action: draft-ietf-regext-rdap-openid-10.txt
Caution: This email originated from outside the organization. Do not click links
or open attachments unless you recognize the sender and know the content
is safe.
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Registration Protocols Extensions WG of the
IETF.
Title : Federated Authentication for the Registration Data
Access
Protocol (RDAP) using OpenID Connect
Author : Scott Hollenbeck
Filename : draft-ietf-regext-rdap-openid-10.txt
Pages : 27
Date : 2022-02-08
Abstract:
The Registration Data Access Protocol (RDAP) provides "RESTful" web
services to retrieve registration metadata from domain name and
regional internet registries. RDAP allows a server to make access
control decisions based on client identity, and as such it includes
support for client identification features provided by the Hypertext
Transfer Protocol (HTTP). Identification methods that require
clients to obtain and manage credentials from every RDAP server
operator present management challenges for both clients and servers,
whereas a federated authentication system would make it easier to
operate and use RDAP without the need to maintain server-specific
client credentials. This document describes a federated
authentication system for RDAP based on OpenID Connect.
[SAH] Please review this, folks. It's been significantly modified since version
-09, replacing the token management queries with simpler login, logout, and
session queries. This puts the draft in a much better position with respect to
RDAP behaving like a web service, and it simplifies client processing, too.
Scott
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
--
Dr. Mario Loffredo
Technological Unit “Digital Innovation”
Institute of Informatics and Telematics (IIT)
National Research Council (CNR)
via G. Moruzzi 1, I-56124 PISA, Italy
Phone: +39.0503153497
Web:http://www.iit.cnr.it/mario.loffredo
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
