Roman Danyliw has entered the following ballot position for draft-ietf-regext-rdap-openid-26: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-regext-rdap-openid/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- (revising ballot down to the remaining item not addressed in -26) ** Section 11. An RDAP server operator SHOULD develop policies for information disclosure to ensure that personally identifiable information is disclosed only to clients that are authorized to process that information. Why is this not a MUST? What are the circumstances where PII should be disclosed without authorization? See ongoing discussion at https://mailarchive.ietf.org/arch/msg/regext/lTZEAyvBUaE3V2Ih2o8TgoNQ7Zk/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to the authors for reaching out to the OAuth WG when this document was first being drafted. Thank you to Justin Richer for providing a timely review of this work from the OAuth WG perspective. See https://mailarchive.ietf.org/arch/msg/oauth/33Ci5v7EHDLRC7pvvK85uarXutY/. I appreciate the patience of the WG given my deferral of this document to this telechat. Thanks for resolving my COMMENTs and DISCUSS feedback. _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
