(1) This document is labeled to be a Proposed Standard. This is
what the the track of the document should be.
(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:
The ACE WG has created a framework for constrained servers
to do authentication and authorization using OAuth.
This document provides the details for how to use DTLS as
the security for protecting and authentication the messages
defined in the framework as well as the final client to
resource server messages.
Working Group Summary
The document did not raise any issues during development.
Most of the issues were focused on the framework document.
At least two implementations of prior versions of this document
exist. The process of doing these implementations and making
sure that they were interoperable was influential in some of
the content in the document.
Jim Schaad is the Document Shepherd. Benjamin Kaduk is the
Responsible Area Director.
(3) In addition to validating my implementation of the specification
I checked the IANA considerations to make sure that they were complete,
checked all of the nits and did a read through to make sure all WGLC comments
(4) All of my concerns have been addressed during the WGLC process.
(5) Looking at the mechanism that is defined for resource server
key generation should be checked against the security considerations
and any problems.
(6) I have no specific concerns with this document.
(7) All authors have confirmed that all appropriate IPR disclosures have been made
** Stefanie ** YES * 5/2/19
** Olaf ** YES * 4/30/19
** Carsten ** YES * 4/29/19
** Goeran ** YES * 5/7/19
** Ludwig ** YES * 4/29/19
(8) An IPR disclosure has been filed on this by Ericsson. This was
initially disclosed in a F2F meeting. No WG discussion has occurred
on this disclosure.
(9) Most of the input and discussions on this draft has come from the
authors and the shepherd rather than the WG as a whole.
(10) There has been no serious dissension on this draft.
(11) No known ID nits exist.
(12) No formal review is required.
(13) All references are appropriately identified
(14) All normative references are either in the same state as this
document or already finished.
(15) There are no downward normative references.
(16) This document indirectly updates draft-ace-oauth-authz as it
describes and defines a profile for use with that document.
(17) Read the document looking for any and all new things defined by
the text of he document checking against the text of the IANA considerations
section. Only the one item to be registered needs to be done. The majority
of all registrations are in the ACE OAuth Framework document.
(18) No new registries are created.
(19) There are no sections of the document that need automated validation.