> -----Original Message----- > From: Éric Vyncke via Datatracker <nore...@ietf.org> > Sent: Thursday, September 14, 2023 8:50 AM > To: The IESG <i...@ietf.org> > Cc: draft-ietf-regext-rdap-ope...@ietf.org; regext-cha...@ietf.org; > regext@ietf.org; AlBanna, Zaid <zalba...@verisign.com>; AlBanna, Zaid > <zalba...@verisign.com> > Subject: [EXTERNAL] Éric Vyncke's No Objection on draft-ietf-regext-rdap- > openid-25: (with COMMENT) > > Caution: This email originated from outside the organization. Do not click > links > or open attachments unless you recognize the sender and know the content > is safe. > > Éric Vyncke has entered the following ballot position for > draft-ietf-regext-rdap-openid-25: No Objection >
[SAH] [snip] Thanks for the review, Éric. > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > # Éric Vyncke, INT AD, comments for draft-ietf-regext-rdap-openid-25 > > Thank you for the work put into this document. > > Please find below some non-blocking COMMENT points (but replies would > be > appreciated even if only for my own education), and one nits. > > Special thanks to Zaid AlBanna for the shepherd's detailed write-up > including > the WG consensus *and* the justification of the intended status. > > I hope that this review helps to improve the document, > > Regards, > > -éric > > # COMMENTS > > ## Long lines > > The text contains several long URL folded in two lines and it seems that RFC > 8792 is not used to represent those folded URL (this may be a user agent > issue > though). [SAH] I wasn't aware of RFC 8792. If it helps to make the examples easier to read, I can use one of the 8792 conventions. > ## Federated ? > > Is this really about "federated authentication" or simply to "OpenID" ? [SAH] It's about using OpenID Connect to provide a federated authentication system for RDAP. > ## Section 1.2 > > s/by a recognized provider/by a trusted identity provider/? > > Please provide a reference to OpenID at first use. [SAH] OK on both points. > ## Section 3 > > Isn't mentioning 'access control' in a list that also includes 'identity, > authentication, and authorization' a repetition ? Or does 'access control' > covers more ? [SAH] I think the text here is fine as-is. As described in RFC 4949, "access control" is an independent concept. > ## Section 3.1.3 > > The reader will probably wonder about the choice of 'farv1' name... Explain > it > :-) (guessing federated authentication rdap). [SAH] Yes - "federated authentication for RDAP version 1". It's spelled out in Section 8. > ## Section 3.1.5.1 > > Should part of this section be more relevant in the IANA considerations > section > 9.3 ? [SAH] This section is referenced in Section 9, but I thought it better to put the text where it is because it's a description of protocol parameters and not specifically instructions for IANA. > ## Section 3.1.5.2 > > Isn't the 'do not track' feature inherently relying on the good will of the > RDAP server (and associated proxies)? I suggest to mention this part in > section > 11 (security considerations) [SAH] Yes, that's correct, and yes, it's worth noting. Thanks for the suggestion. > ## Section 10 > > While I appreciate that the author is clear about the non-compatibility of > implementations of pre-09, I find strange (or even confusing) to list two > incompatible implementations. [SAH] Noted. > # NITS > > ## Abstract > > s/access control decisions/access-control decisions/ ? [SAH] My sense is that the hyphen isn't needed here. I could be wrong. Scott _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
