Last Call Review of draft-ietf-jmap-sharing-07
review-ietf-jmap-sharing-07-secdir-lc-sheffer-2024-04-06-00

### What are groups?
In Sec. 2, a group is defined as a "group of people". Directories often support
groups of resources, too. Also, can groups be hierarchical, i.e. contain other
groups?

### Principal type
Why is the type not immutable? It is just as security-sensitive as the name,
maybe more so.

### Time zone ID
I think you mean time zone name, and please include an example such as
America/Los_Angeles.

### Filter definition
"Looks for the text" is very informal wording. Perhaps: the filter matches if
the filter string is a substring of the name (email, etc.) property. Also, I
assume (but you do not say) that all filter properties are optional.

### Spoofing
The type and email properties are also sensitive. And probably capabilities.

### ShareNotification Object Properties
Why is the changedBy property restricted to a Person? What about cases when
it's an application that makes the change?

### ShareNotifiction sent to a group principal
For some reason this is SHOULD NOT. IMO this is a security feature, and often
has a trade off vs. usability, so it should be left to the server's discretion.
There may be cases when an object is shared with a small group, and members of
that group would want to be updated if another sharer is added.

### Object Properties objectType
Where is the list of possible data types defined?

### ShareNotification Filtering
Again, please specify that each of the FilterCondition properties is optional.