[Gen-art] Gen-ART review of Widex Requirements Draft
Black_David@emc.com Tue, 19 December 2006 23:24 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwoJX-000728-U8; Tue, 19 Dec 2006 18:24:03 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwoJW-00071r-PF for gen-art@ietf.org; Tue, 19 Dec 2006 18:24:02 -0500
Received: from mexforward.lss.emc.com ([128.222.32.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwoJU-0002Yp-El for gen-art@ietf.org; Tue, 19 Dec 2006 18:24:02 -0500
Received: from mailhub.lss.emc.com (nagas.lss.emc.com [10.254.144.11]) by mexforward.lss.emc.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id kBJNNu5W008697; Tue, 19 Dec 2006 18:23:56 -0500 (EST)
Received: from corpussmtp3.corp.emc.com (corpussmtp3.corp.emc.com [10.254.64.53]) by mailhub.lss.emc.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id kBJNNUAV010466; Tue, 19 Dec 2006 18:23:50 -0500 (EST)
From: Black_David@emc.com
Received: from CORPUSMX20A.corp.emc.com ([128.221.62.13]) by corpussmtp3.corp.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 19 Dec 2006 18:23:38 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 19 Dec 2006 18:23:38 -0500
Message-ID: <F222151D3323874393F83102D614E055068B8A63@CORPUSMX20A.corp.emc.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Gen-ART review of Widex Requirements Draft
Thread-Index: AccjxLYxEqU5U+tcRhq7wlW7Mu+5sw==
To: gen-art@ietf.org, vlad.stibu@nokia.com, dsr@w3.org
X-OriginalArrivalTime: 19 Dec 2006 23:23:38.0653 (UTC) FILETIME=[B68BDCD0:01C723C4]
X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2006.12.19.145432
X-PerlMx-Spam: Gauge=, SPAM=0%, Reason='EMC_BODY_1+ -3, EMC_FROM_0+ -2, NO_REAL_NAME 0, __C230066_P5 0, __CP_NOT_1 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CTYPE_CHARSET_QUOTED 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __PHISH_PHRASE3 0, __SANE_MSGID 0'
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 10ba05e7e8a9aa6adb025f426bef3a30
Cc: lisa@osafoundation.org, Black_David@emc.com, dean.willis@softarmor.com
Subject: [Gen-art] Gen-ART review of Widex Requirements Draft
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org
I have been selected as the General Area Review Team (Gen-ART) reviewer for this draft (for background on Gen-ART, please see http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). Please resolve these comments along with any other Last Call comments you may receive. Document: draft-ietf-widex-requirements-03 Reviewer: David L. Black Review Date: December 19, 2006 IETF LC End Date: December 25, 2006 Summary: This draft is basically ready for publication, but has nits that should be fixed before publication. Comments: A short draft describing the requirements for the widex framework and protocol design. It's generally in good shape - all of these comments are minor. The opening sentence of section 3.4 mentions "the Widex working group". This mention should be removed as the published RFC will significantly outlive the working group. Section 3.4 switches between Widex objects and messages entirely too quickly, e.g.: There are two types of Widex Objects: WO Update (WO.Update): WO.Update messages contain description ... The word "messages" should be removed from Section 3.4 and replaced by "objects" throughout to avoid this confusion, especially as a Widex "message" may wind up containing multiple "objects". Section 4.1: o The framework MUST be modular, e.g. multiple service discovery and session setup mechanisms may be used. Nice examples, but a list of components that MUST be replaceable would be even better. o The synchronisation MUST occur at a fairly loose level that allows for a simple approach to propagating changes. Synchronization of what with what? o The framework and the synchronisation protocol SHOULD be stateless. Huh? As I understand what's going on, there's a large XML document on both sides that describes the user interface, and the exchanged objects describe changes to that document. That does not sound like a stateless protocol. What was this supposed to mean? Section 4.3: o The Widex Objects MUST support client initiated updates. o The Widex Objects MUST support server initiated updates. Should that be client initiated events (cf. interfaces in diagram in Section 2)? Section 6: As a means to support remote user interfaces, a number of security considerations need to be addressed, including the potential for unauthorized access to application services, monitoring of interactions by unauthorized third parties, spoofing of application services as a means to support phishing attacks, and denial of service attacks. Requirements defined in this document MUST allow for the implementation according to best common practices. The last sentence seems wrong, as it's pointing to this draft - it should be placing requirements on the to-be-designed widex protocol and framework to address these considerations. Thanks, --David ---------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------- _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art