Re: [apps-discuss] Reivew of draft-johansson-loa-registry
Ted Hardie <ted.ietf@gmail.com> Mon, 09 April 2012 14:42 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AD9321F8717; Mon, 9 Apr 2012 07:42:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level:
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jzzTDoqTfAkN; Mon, 9 Apr 2012 07:42:08 -0700 (PDT)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 6B64721F8713; Mon, 9 Apr 2012 07:42:08 -0700 (PDT)
Received: by vcbfk13 with SMTP id fk13so2198866vcb.31 for <multiple recipients>; Mon, 09 Apr 2012 07:42:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=8Klkpw7/8RdtBfrYWemgZ745qrSgg4b7kYfC8FOziEo=; b=Qtde9kS0MJycowsAnx+lWH87fdVsLmMHpoKmcMPOz/LkDqFW0dR/vBf52cizwqYfZj NytYh2RcL92+HU04tE9hoHi/jhN5kuOFG7NHehAS1T76ejHrVkLuwAdCXMQTkSqmP6cR uW3i5k+Vt3UgFkFBrfh5nWwWiUZh9c9fl57EDuaqAFPAbt/mgX6ngrprGO3WrV3xBW0R Fc5CNBJKBJUhqVgPda8+hZc3JqLoomz8qY2Kbpwh3rJjocD88yQUKzLO20FXtZ1ROxUK yAgAjlPIVUXS9KZcGA6OpZLwyP2e3X8b0hXbA/Gy8T5sInE316HGIIA4Tq0LhKFpx8TS DLAQ==
MIME-Version: 1.0
Received: by 10.220.230.67 with SMTP id jl3mr3727559vcb.50.1333982527964; Mon, 09 Apr 2012 07:42:07 -0700 (PDT)
Received: by 10.52.162.99 with HTTP; Mon, 9 Apr 2012 07:42:07 -0700 (PDT)
In-Reply-To: <4F8182D7.1030106@sunet.se>
References: <CA+9kkMC0vnzoHMVwfNYFrjhMLoCSArj6r+XBgevAx6+f5cfCxQ@mail.gmail.com> <4F8182D7.1030106@sunet.se>
Date: Mon, 09 Apr 2012 07:42:07 -0700
Message-ID: <CA+9kkMAwb_Uu1_X9CwdX-w_MC4Pr51=aQ1QybGW0_H3QMKm9ig@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Leif Johansson <leifj@sunet.se>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: draft-johansson-loa-registry.all@tools.ietf.org, IESG <iesg@ietf.org>, apps-discuss@ietf.org
Subject: Re: [apps-discuss] Reivew of draft-johansson-loa-registry
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Apr 2012 14:42:09 -0000
On Sun, Apr 8, 2012 at 5:21 AM, Leif Johansson <leifj@sunet.se> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > >> Each registration contains a URI, a schema definition, a short >> name, and an informational URL. It is not clear, however, whether >> these URIs must be unique across registrations. Would it be >> possible, for example, to have a non-SAML usage documented in this >> registry by having it re-register with an existing URI, but a >> different informational URL? I believe this point should be made >> explicit as guidance to the expert reviewers. > > No that would not be consistent with the intent of the registry. Did you > suggest that such a practice would be useful? > Honestly, I have no opinion on whether having multiple registrations with different informational URLs would be useful or not; it's hard to say without knowing how much re-use there would be. I think it would be best if you clarified that each registration must present a unique URI, though, if you don't intend for that to happen. >> >> The document uses ABNF to describe the required format of the short >> name, but there is no reference for ABNF given; presumably RFC5234 >> should be included as a reference. The ABNF in the document >> excludes specific prefixes (LOA, AL) in order to avoid >> non-descriptive short names, but it is not clear why it also >> excludes all-digit references. In general, the use of the ABNF for >> this seems fairly clumsy, and I would suggest that the document >> shift this from ABNF determinism to advice (to both registrants >> and expert reviewers), to help ensure that the resulting names are >> useful. There are a host of equally problematic possibilities >> (saml-loa-10, for example) that good guidance would better avoid >> than ABNF rules. >> > > I see your point. However I believe there is value in having very > clear guidance which the ABNF does give... Perhaps if I include > text in the reviewers guide along the lines of "The reviewers should > exclude registrations where the short name does not unambiguously > identify the LoA definition or where the short name is a simple > variation on one of the reserved (cf above) LoA names." > That would make sense. Once you have updated the document and added the ABNF reference, a fresh run through an ABNF checker is probably in order. >> For the "informational URL" definition, a list of permitted URI >> schemes might be useful, as it is not clear whether a contact-only >> URI would be acceptable. The document says: >> >> Informational URL: A URL containing auxilliary information. This >> URL MUST minimally reference contact information for the >> administrative authority of the level of assurance definition. >> >> Would an informational URL of mailto:loa-registrant@example.org be >> acceptable? >> > > Ah yes. Good catch! > Just to confirm, you plan to add a list? >> >> Minor Issues: >> >> The example given in 3.1 does not give an information URL, but the >> registration template implies that this field is mandatory. >> > > Good catch. Quite embarrassing :-) > >> In 4.1, the document twice uses the term "bona fide" to describe >> entries: >> >> The expectation of the IANA LoA Registry is that it contain bona >> fide Level of Assurance Profiles while not presenting a very high >> bar for entry. Expert reviewers SHOULD NOT place undue value in >> any percieved or actual quality of the associated trust framework >> or federation and SHOULD only exclude such registrations that in >> the view of the experts do not represent bona fide attempts at >> defining an LoA. >> >> I suggest that "good faith" be used to replace at least one of >> these, to clarify the meaning. >> > > I like it. > >> >> >> >> Nits: [list editorial issues such as typographical errors, >> preferably by section number] >> >> I personally found the Introduction somewhat hard to parse, and I >> believe it would be improved by bringing paragraphs two and three >> forward, then following them with the gist of paragraphs one and >> four. >> >> >> In the Acknowledgements Section: >> >> The various versions of the draft was socialized >> >> should be "were socialized". > > Yep > Thanks for your quick reply, regards, Ted Hardie > Cheers Leif > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk+BgtEACgkQ8Jx8FtbMZnfR4ACbBK2JHXFpM9nEehqAp6IinGW9 > 2HwAn3qHKIXXpVHEHEEJ7+6qpmIZTc+a > =mHA3 > -----END PGP SIGNATURE-----
- [apps-discuss] Reivew of draft-johansson-loa-regi… Ted Hardie
- Re: [apps-discuss] Reivew of draft-johansson-loa-… Leif Johansson
- Re: [apps-discuss] Reivew of draft-johansson-loa-… Ted Hardie
- Re: [apps-discuss] Reivew of draft-johansson-loa-… Leif Johansson