Hi.
Overall, +1.
While reviewing the latest draft, wanted to share few comments (sorry, if a bit
late):
1.2: "willing to share more information about them self" ... Minor: wouldn't
"themselves" read better than "them self"?
1.2: "It can also provide the ability to collect additional user identification
information, and that information can be shared with the consent of the user."
... Not clear who that information could be shared with.
3.1.2: "The RDAP server sends the RDAP client and Authentication Request"
…Minor: Should "and" be "an"?
3.1.3.2: "as described in Section 3.1.2.2 of the OpenID Connect Core protocol
[OIDCC]" ... Minor: Just in case, noticed that such section links to the Open
ID documentation either point to within this doc (read the "htmlized" version),
or go nowhere.
4.1.1: "An OPTIONAL "userClaims" object that contains the set of claims
associated with the End-User's identity as used/requested by the RDAP server to
make access control decisions." ... For consistency with other field
definitions, should we mention that it is an array of strings?
4.1.3: ""iss": (MANDATORY) a string value equal to Issuer Identifier of the OP
as per OpenID Connect Core specification [OIDCC]" ... Should it be clarified
that "iss" is a URI value?
4.7: "RDAP servers MUST reject queries that include identification information
that is not associated with a supported OP by returning an HTTP 501 (Not
Implemented) response." ... Should this not be a 401 (Unauthorized) instead?
... I know Andy suggested a 400 (Bad Request). :)
4.8: "If a client sends any request that includes an unknown HTTP cookie, the
server MUST return an HTTP 409 (Conflict) error." ... Should this not be a 401
(Unauthorized) instead?
5: In some operational scenarios (such as a client that is providing a proxy
service), an RP can receive tokens with an "aud" value that does not include
the RP's client_id." ... Should we further elaborate "a client that is
providing a proxy service"? ... Not clear to me. :)
8.3: "Value: academicPublicInterestDNSRResearch" … Minor: Is there an extra 'R'
in "DNSRResearch"?
Thanks,
Jasdip
On 9/26/22, 10:03 AM, "regext on behalf of James Galvin"
<regext-boun...@ietf.org on behalf of gal...@elistx.com> wrote:
The document editors have indicated that the following document is ready
for submission to the IESG to be considered for publication as a Proposed
Standard:
Federated Authentication for the Registration Data Access Protocol (RDAP)
using OpenID Connect
https://datatracker.ietf.org/doc/draft-ietf-regext-rdap-openid/17/
Please indicate your support or no objection for the publication of this
document by replying to this message on list (a simple “+1” is sufficient).
If any working group member has questions regarding the the publication of
this document please respond on the list with your concerns by close of
business everywhere, Monday, 10 October 2022. If there are no objections the
document will be submitted to the IESG.
The Document Shepherd for this document is Zaid Al Banna.
Thanks,
Antoin and Jim
WG Co-Chairs
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
