[GNAP] Artart early review of draft-ietf-gnap-resource-servers-05
Rich Salz via Datatracker <noreply@ietf.org> Mon, 24 June 2024 18:05 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: txauth@ietf.org
Delivered-To: txauth@ietfa.amsl.com
Received: from [10.244.2.35] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id 199E4C14F6A6; Mon, 24 Jun 2024 11:05:13 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Rich Salz via Datatracker <noreply@ietf.org>
To: art@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.16.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <171925231276.192.13227103516845567495@dt-datatracker-5864469bc9-n5hqk>
Date: Mon, 24 Jun 2024 11:05:12 -0700
Message-ID-Hash: D35PU52EVKTVJNL65OHUTTXLXDZY7LET
X-Message-ID-Hash: D35PU52EVKTVJNL65OHUTTXLXDZY7LET
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-gnap-resource-servers.all@ietf.org, txauth@ietf.org
X-Mailman-Version: 3.3.9rc4
Reply-To: Rich Salz <rsalz@akamai.com>
Subject: [GNAP] Artart early review of draft-ietf-gnap-resource-servers-05
List-Id: GNAP <txauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/PTydAWjee9fydwh5Ee_eFM2C6v0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Owner: <mailto:txauth-owner@ietf.org>
List-Post: <mailto:txauth@ietf.org>
List-Subscribe: <mailto:txauth-join@ietf.org>
List-Unsubscribe: <mailto:txauth-leave@ietf.org>
Reviewer: Rich Salz Review result: Ready with Nits This doc is well-written. It explains an API for GNAP parties to talk with each other, view and dissect access tokens, and the like. The security considerations seem well-considered. I am not a GNAP expert. A few nits follow Abstract: should spell out GNAP. Is the "AS" in the second sentence the same as the "piece of software" mentioned the first sentence? Introduction: the RS doesn't answer important questions, it gets answer to them, right? 2.1.3 "ensure that the token is not receiving". Do you mean the RS is not receiving? 2.1.4 "if such information is not stored, an atacker". s/stored/included/ s/stored/presented/? How much of 2.1.* is a restatement of the core GNAP document? How much of 2.1.* is different, soley for the purposes here -- i.e., how much of 2.1.* would more properly belong in a GNAP-CORE-bis document? 3.1 What is the point of the grant_request_endpoint field, since the first paragraph of that section implies you have to know it to add the well-known suffix? I was surprised to see the Acknowledgements appearing before several things, and not last just-before-references.
- [GNAP] Artart early review of draft-ietf-gnap-res… Rich Salz via Datatracker