Reviewer: Dirk Von Hugo Review result: Ready with Nits I am an assigned INT directorate reviewer for draft-ietf-regext-rdap-openid. These comments were written primarily for the benefit of the Internet Area Directors. Document editors and shepherd(s) should treat these comments just like they would treat comments from any other IETF contributors and resolve them along with any other Last Call comments that have been received. For more details on the INT Directorate, see <https://datatracker.ietf.org/group/intdir/about/>. In Registration Data Access Protocol (RDAP) completed in 2015 a federated authentication service was up to now still undefined/unspecified - as already stated in RFC7481 on RDAP security services pointinhg already to OAuth authorization framework and OpenID as single sign-on authentication system. The mechanism proposed in this draft fills the gap and refers to 3 PoC implementations based on earlier versions. It would be great if also a reference implementation to a more recent version could be provided IMO. Overall the document seems quite complete and elaborated in version 25 to me and even only few very minor nits have been found: - mentioned "out-of-band" source, method, mechanism refers to entities outside the described RDAP system here, right? Not sure whether this usage of the term might be clarified... - re-using vs. reused: this should be used consistently IMO - (e.g. xyz => (e.g., xyz Thanks to the author and all contributors! Best regards Dirk -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
