> -----Original Message----- > From: Dirk Von Hugo via Datatracker <noreply@xxxxxxxx> > Sent: Friday, September 8, 2023 5:20 PM > To: int-dir@xxxxxxxx > Cc: draft-ietf-regext-rdap-openid.all@xxxxxxxx; last-call@xxxxxxxx; > regext@xxxxxxxx > Subject: [EXTERNAL] Intdir last call review of draft-ietf-regext-rdap-openid- > 25 > > Caution: This email originated from outside the organization. Do not click links > or open attachments unless you recognize the sender and know the content > is safe. > > Reviewer: Dirk Von Hugo > Review result: Ready with Nits > > I am an assigned INT directorate reviewer for draft-ietf-regext-rdap-openid. > These comments were written primarily for the benefit of the Internet Area > Directors. Document editors and shepherd(s) should treat these comments > just like they would treat comments from any other IETF contributors and > resolve them along with any other Last Call comments that have been > received. For more details on the INT Directorate, see <https://secure- > web.cisco.com/1Z77o6KSr7heuMwkFMy1VEun9j_SIdKFujp9jEyM- > 1ebhDmdRnYGnJ5NldTx-vPMn8QRDAfcAwnsWGNE- > qF5lhhcjc1BB83RYTiAz0JdiCUgtbSFhzw3-DA8nZwCxDt8xZoRB11-o-9S- > OLT6cRZC6Ukf5DVyadT4Oj2lpvrvFclr5L1mTPlpKCu3N2VZWNV3T0ZrZa7qdZ06 > 1PxlaIbaCh- > Q2iinxD2n5V9vfPTQphg7hZ3NxbB4qT_C1Wt0Lfkt8TFJ8f8uUOypbGyEd0iHswI > BNaZZjDbgJkTPdM7pr5I/https%3A%2F%2Fdatatracker.ietf.org%2Fgroup%2Fi > ntdir%2Fabout%2F>. > > In Registration Data Access Protocol (RDAP) completed in 2015 a federated > authentication service was up to now still undefined/unspecified - as already > stated in RFC7481 on RDAP security services pointinhg already to OAuth > authorization framework and OpenID as single sign-on authentication > system. The mechanism proposed in this draft fills the gap and refers to 3 > PoC implementations based on earlier versions. It would be great if also a > reference implementation to a more recent version could be provided IMO. [SAH] Thanks for the review, Dirk! What's in the draft now is what we know. I don't think anyone has a fully implemented version of the specification. > Overall the document seems quite complete and elaborated in version 25 to > me and even only few very minor nits have been found: - mentioned "out- > of-band" > source, method, mechanism refers to entities outside the described RDAP > system here, right? Not sure whether this usage of the term might be > clarified... - re-using vs. reused: this should be used consistently IMO - (e.g. > xyz => (e.g., xyz [SAH] I'll check on these when I deal with the IESG feedback - thanks! Scott -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call