Re: [GNAP] Genart last call review of draft-ietf-gnap-core-protocol-16
Justin Richer <jricher@mit.edu> Tue, 28 November 2023 15:09 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71246C15171B for <txauth@ietfa.amsl.com>; Tue, 28 Nov 2023 07:09:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zMn1RBVxRkVH for <txauth@ietfa.amsl.com>; Tue, 28 Nov 2023 07:09:44 -0800 (PST)
Received: from outgoing-exchange-1.mit.edu (outgoing-exchange-1.mit.edu [18.9.28.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B73FC151553 for <txauth@ietf.org>; Tue, 28 Nov 2023 07:09:44 -0800 (PST)
Received: from w92exedge4.exchange.mit.edu (W92EXEDGE4.EXCHANGE.MIT.EDU [18.7.73.16]) by outgoing-exchange-1.mit.edu (8.14.7/8.12.4) with ESMTP id 3ASF9Vpt009989; Tue, 28 Nov 2023 10:09:31 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1701184172; bh=dUNb+T5rCpMBDSd+/93GMR4jY4bphTIN5BIxiNmixuk=; h=From:Subject:Date:Message-ID:Content-Type:MIME-Version; b=p1f1cqqUjojhRtvkWRmq5JShPX+8B0ullDa2jAPrYXiy3UNfOfCYEspmZJOZEbQIH /txTMfFJnNN0TbTgVpwqyjxyHo/26l9zhSxqh9qjx6cY7EqKq4Ip2rebW6rvC/uAzZ TT76LXoVc6xgQ2ZZjQON1CXpqj/yguSjrGa0h5+ayo0R/NlWmMfZsXBz+WwBICcq4M BDElzCTz2ET8fagUyJqbJW0CLIP7m/0g/KAevnOPIc5o998NUf71vlWqMXJ5jWGUAa lfpQoCPuFEFATsBAiOQE91T7j4VGanKaQAenVO92AFfAbWG5b6zzphG53wSV/L98rn V0Ax2PavXEbfg==
Received: from oc11exhyb3.exchange.mit.edu (18.9.1.99) by w92exedge4.exchange.mit.edu (18.7.73.16) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 28 Nov 2023 10:07:54 -0500
Received: from oc11exhyb5.exchange.mit.edu (18.9.1.110) by oc11exhyb3.exchange.mit.edu (18.9.1.99) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 28 Nov 2023 10:08:21 -0500
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (104.47.73.168) by oc11exhyb5.exchange.mit.edu (18.9.1.110) with Microsoft SMTP Server (TLS) id 15.0.1497.48 via Frontend Transport; Tue, 28 Nov 2023 10:08:21 -0500
Received: from SN6PR01MB4446.prod.exchangelabs.com (2603:10b6:805:ea::22) by PH0PR01MB7928.prod.exchangelabs.com (2603:10b6:510:280::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7025.28; Tue, 28 Nov 2023 15:08:14 +0000
Received: from SN6PR01MB4446.prod.exchangelabs.com ([fe80::813e:3ac7:518c:7800]) by SN6PR01MB4446.prod.exchangelabs.com ([fe80::813e:3ac7:518c:7800%7]) with mapi id 15.20.7025.022; Tue, 28 Nov 2023 15:08:14 +0000
From: Justin Richer <jricher@mit.edu>
To: Dan Romascanu <dromasca@gmail.com>
CC: GNAP Mailing List <txauth@ietf.org>, "rdd@cert.org" <rdd@cert.org>
Thread-Topic: [GNAP] Genart last call review of draft-ietf-gnap-core-protocol-16
Thread-Index: AQHaIfG0wjMgyIldXE+g+DCAx24PibCP1XqA
Date: Tue, 28 Nov 2023 15:08:14 +0000
Message-ID: <A5CAB58A-8D95-4D45-AA47-4E4B0AF8184B@mit.edu>
References: <170117247977.17490.7187734231412233814@ietfa.amsl.com>
In-Reply-To: <170117247977.17490.7187734231412233814@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SN6PR01MB4446:EE_|PH0PR01MB7928:EE_
x-ms-office365-filtering-correlation-id: 9ef2168f-b332-4802-0b49-08dbf023d7f5
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: qsPBHkOGO9p+jjX+lPyMjYdmZswa8s52/D4R+kBkKA9e0SloiKnVr8YszEMI/j87in1hHcVlu2LDJ/Nw2K77LWyhgYBEvjzYv9EJmiiJdUolpJMT03JTM+wscfd3yq1v9Tbpntzxb7nNf7V3gbthOc+BlAsCoTL0IWZx0VAfLoB5sxQlH8cD2R5c1Gdctvcl/Xw9XIg/TsX495+9RWkoo8wmM9n2ZjL9flpqFWxTfdIxCPnzh4PhXPrb2mklaCK4cpeKRiPKPMzOqVQBxEVu0ZsuWuyLW5sUqCERaATbq41L+E4ukUcnZF3WFZo6MPQ8AjtruuStutBVPxYRYb3XBZlG8tOX/nF6LkWPXpIaSjUXYfi0DwOdF+AVsow8LHgGSUH9s0Hdx926zeuZ9rKPKHBk3azyIb0OA5CWeledMA5OrnCtbrnlLnzpIUYcJloObKmodf2LoEWUODXZ0aDU72E3Z0hJrUGgKhrDFTl06RBY42kdm3nB6bz0Lda9e79v94OU67Vg5PcB3nefcGyepnb+YLkIA2Y9fRCbX4VRo9QxjBHpLEZ0rj6UOOPUuTFdifZfRKcTxtvI7hyChL8uFA+jO9KJKlycZlb9Qp26rLI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR01MB4446.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(396003)(136003)(39860400002)(366004)(376002)(230922051799003)(186009)(451199024)(64100799003)(1800799012)(8936002)(8676002)(71200400001)(4326008)(6512007)(6506007)(53546011)(64756008)(66946007)(316002)(66556008)(54906003)(76116006)(91956017)(6916009)(75432002)(786003)(6486002)(478600001)(122000001)(36756003)(38100700002)(41300700001)(38070700009)(4001150100001)(33656002)(86362001)(26005)(66476007)(2616005)(83380400001)(2906002)(5660300002)(66446008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: O6i/0FNSwKUOO60Lo0d+0VeQR3Eiq6AQ8sCtiZItgbfXlYX445j1lbOfTPMkS3a9TKpAmkrfUVWqrIva3lvk3UqLxTFvRbM218zrO75Wm/HueFkkmcNDp5RtQhUKLUDLDO8GghuPfoJyKPVQgIbrxil0MPQz3t2LIrxcmndiVOBpnQ+IWtH+lQKF3PwqmQZnIL3+g2veiI4bHSHj2bUDR5q8UFuSmCMXKvxtgaBhm9CNUT+OMVNR08ouUiDO9Z1fgv2zoaWSwby1Ts6eG5NFv4KtlttIgI+wEqpNzc4y8lPss2Lqcf9Yo4JTZT871gpRJbZAi7jckPr4ZwDUg5g2j5oiwmy1NL9lgM0Iz+Wt2GjEJoMxeInYAB1DRsbhqIysuwuCQPnhpuHYI9h2CA7qkKGCSi3ylmoaIr2BZQV/Zwsm18exq8Nh6nPnpWpcPK9q2dmpLvn3LOIGImZ4a/JIKKsIpZY0U1kqlooVvHG1DpORvVxymo+ULILazmMQLNBR25LuZlFiyzliIYe245s6bi7Ae0kdap2WdGDhKbI7RDOCTx+hshD/gyA6qZgXOge6exptGU1nFHT1HFtbdP7oXZmyjl4OvQcR5NL5H7OPdu/fQEq5p8cRKVxRO5trIeU6niZAezwb25T6A5mnk0dAcjLqmxfErMaxVnEOfe32PAjQonpANYExuio+sywmfUOFNvhyAHltN8ARTja5mQZlQSXcshAO+pGg/8jkBtYu5fU7zZGsjc6PJskhS7f55gnofsEbJUyFV0MTs7u7Bbn/9fhiX1AfPFKATNxjvWFUKKcX4icjng141KSboLwnbv2vQkXs268kbZYB1QIhILNGtL2i47uJWe2csE6XgVZlEdMqQHnSBlzPqywSF50IvzX6bk/Q/oxy9kJsUKZJar14rfUNOCIAusKa1bO26cpRgcBBDuhzRX0I8oa3LvQOJZY4omlculjJgg8jnKxsFT/NK951IFeUidHsW4LQXxe3W/eT7D19EQAYsNsi+3jlqmZgkkdi0YDEKT306XkedAqSsJUcyVYJY2fQYLMYdH2qbrHZaCKK2xoTMdqr5IbWQ0SfJDVOwie5oaAFN3BtIti7MRj8gIGNsa9G5lFsd6XK4UR3nUXUAEYAoqy5wA/CESFgKVG34r40Z73ky55QzYU59MkGkO6ygjqxss2f/Fs05pfvqDjUW9v0+1lpbASymQk09N7VTwq8jBcguFrkHBF7tXlVnPIGIxWXdDZzhr1mzKJoi+HfuCpR0NFJPH52OuRJCic+hfQxg1t07we44NxKywUsTVmjMZXKiWW/CO73X13yBzfDnTFkbTvCwzFX/EUawaFzKh/NGMQkDXOcESO8mpLY5SWkGcuC+7NzZL+oCJRiObbVSAOoDsuBGeCcHJ5+QqiJZ/9B5lZjjWFP8wjzQyLJZYOc+RZ4hhX2DlUNNIoAIHkFtwXeKqDq1M93cEyz5QC/6bfpguZOvG5DeDQhvSW1eqg4A0x6f5T3djZHFZuEq3xv/K/IgqecM5HViVSKNsMV/RLKcXaP2WkIwMTEjjTRMcFPTtDDeyZ8lpfxJ+j4YRXb5etC7JuWVA4oyfQa
Content-Type: text/plain; charset="utf-8"
Content-ID: <210393E1253A924BAD6F817A490332C9@prod.exchangelabs.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN6PR01MB4446.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9ef2168f-b332-4802-0b49-08dbf023d7f5
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Nov 2023 15:08:14.0489 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +5qxqG6y46M7qtYzWxrYimSJ2jkk+6nj0smx5EDgjRVDDscDoUB0F8mVaGkbOB4q
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR01MB7928
X-OriginatorOrg: mit.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/bI5n6EumO3aI73iqaf8w0UZOrFc>
Subject: Re: [GNAP] Genart last call review of draft-ietf-gnap-core-protocol-16
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2023 15:09:48 -0000
Hi Dan, some responses inline. > On Nov 28, 2023, at 6:54 AM, Dan Romascanu via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Dan Romascanu > Review result: Ready with Issues > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://wiki.ietf.org/en/group/gen/GenArtFAQ>. > > Document: draft-ietf-gnap-core-protocol-16 > Reviewer: Dan Romascanu > Review Date: 2023-11-28 > IETF LC End Date: 2023-11-21 > IESG Telechat date: Not scheduled for a telechat > > Summary: Ready with Issues > > A complex and detailed document. Well written, but demands relevant expertise > to read, understand, use and implement. There are a couple of minor issues and > a few nits that I would recommend addressing before approval for publication. > > Major issues: > > Minor issues: > > 1. Section 2.3.2 > >> If the client instance has additional information to display to the > RO during any interactions at the AS, it MAY send that information in > the "display" field. This field is a JSON object that declares > information to present to the RO during any interactive sequences. > > name (string): Display name of the client software. RECOMMENDED. > > MAY and RECOMMENDED do not seem to be in tune here. Maybe the MAY needs to be a > SHOULD? The goal here is that the overall object is a MAY but within that object the display name is a SHOULD. So you don’t have to send the object, but if you do, then you should send the name. > > 2. Section 3.1 > >> wait (integer): The amount of time in integer seconds the client > instance MUST wait after receiving this request continuation > response and calling the continuation URI. The value SHOULD NOT > be less than five seconds, and omission of the value MUST NOT be > interpreted as zero (i.e., no delay between requests). > RECOMMENDED. > > I do not understand how this works from an operational point of view. I assume > there is some logic in picking 5 sec as a minimal value, but then why is this > limitation a SHOULD and not a MUST? This was discussed on another review - the editors are going to plan to make an omission mean 5 seconds to align with OAuth 2. > > Nits/editorial comments: > > 1. It's probably too late for a change, but the name of the new protocol does > not exactly fit it's purpose, as this is not an authorization protocol, but > rather a delegation for authorization protocol. Well ... Naming is hard and you’re not wrong on it not being a perfect fit and also being a bit too late to re-do it. There was a huge discussion at the start of the WG on the name, and this was the least-contentious option at the time. > > 2.Section 1.2 - in the Legend of the figure what does 'potential equivalence' > mean? (same question in legend of figure in 1.6.1) It simply means they might be the same person, but they might not be. > > 3. General remark - I would recommend numbering the Figures in the document. Thanks, I think we’re missing figure captions throughout so we should probably go fix that! > > 4. There are no definition of the lines in the figures inserted in 1.6.2, > 1.6.3, etc. I assume the conventions are the same as in 1.6.1, but this should > be better clearly specified. Thanks, we can call that out. > > 5. Section 3.6 s/Additional error codes can be defined in the Error Code > Registry/Additional error codes can be defined in the Error Codes Registry/ > > 6. Section 7.3.2 - MTLS needs to be expanded and a reference must be provided. > > 7. Section 7.3.3 - JWS needs to be expanded and a reference must be provided. > Thanks, we’ll take a look at all those as well, these make sense to fix and should be straight forward. — Justin
- [GNAP] Genart last call review of draft-ietf-gnap… Dan Romascanu via Datatracker
- Re: [GNAP] Genart last call review of draft-ietf-… Justin Richer