[Last-Call] Secdir last call review of draft-ietf-sipcore-sip-token-authnz-12

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Derrell Piper
Review result: Has Nits

Reviewer: Derrell Piper
Review result: Ready With Nits

I reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents entering the IESG.  These comments
are directed at the security area director(s).  Document editors and WG
chairs should treat these comments like any other last call comments.

This document defines a third-party token authentication scheme for
authentication to SIP services using "bearer" tokens from the OAuth 2.0
framework and the OpenID Connect Core 1.0 to support native application
assisted (or proxy-based) token-based authentication and authorization.

pp. 3, 1., nit

"...enables the single-sign-on features, which allows the user to..."

"...enables single sign-on, which allows the user to..."

pp. 5, last sentence

"previously" means "from the out-of-scope mechanism", just say that.

pp. 7, 2.1.1

"(or with invalid credentials)"

Why continue when a UAC presents invalid credentials?  [See below.]

pp. 8, 2.1.3

2.1.1 says if you get invalid credentials to go REGISTER, and here in
REGISTER, it says if you get invalid credentials, go to 2.1.1.  This
seems recursive though I'm assuming this ultimately terminates when all
the schemes are exhausted without success.

Derrell



-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux