Shepherd writeup
rfc6448-03

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated September 17, 2008.

  (1.a) Who is the Document Shepherd for this document? Has the
        Document Shepherd personally reviewed this version of the 
        document and, in particular, does he or she believe this 
        version is ready for forwarding to the IESG for publication? 

Sam hartman; yes.

  (1.b) Has the document had adequate review both from key WG members 
        and from key non-WG members? Does the Document Shepherd have 
        any concerns about the depth or breadth of the reviews that 
        have been performed?  

yes

  (1.c) Does the Document Shepherd have concerns that the document 
        needs more review from a particular or broader perspective, 
        e.g., security, operational complexity, someone familiar with 
        AAA, internationalization or XML? 
no

  (1.d) Does the Document Shepherd have any specific concerns or 
        issues with this document that the Responsible Area Director
        and/or the IESG should be aware of? For example, perhaps he 
        or she is uncomfortable with certain parts of the document, or 
        has concerns whether there really is a need for it. In any 
        event, if the WG has discussed those issues and has indicated 
        that it still wishes to advance the document, detail those 
        concerns here. Has an IPR disclosure related to this document 
        been filed? If so, please include a reference to the 
        disclosure and summarize the WG discussion and conclusion on 
        this issue. 
no concerns

  (1.e) How solid is the WG consensus behind this document? Does it 
        represent the strong concurrence of a few individuals, with 
        others being silent, or does the WG as a whole understand and 
        agree with it?   

When this work was originally proposed, it was out of charter for the
  working group. There was strong support for the work, although for
  reasons unclear to the chairs, several WG participants wanted to see
  the work go forward as a WG draft even though that meant
  rechartering, rather than going forward immediately as an
  AD-sponsored proposed standard. The author updated the draft based
  on the discussion, the WG was rechartered and the document was
  adopted and last called. Two individuals expressed support in last
  call; no other comments were made. This plus the strong support
  expressed prior to adoption suggests a fairly strong consensus.

  (1.f) Has anyone threatened an appeal or otherwise indicated extreme 
        discontent? If so, please summarise the areas of conflict in 
        separate email messages to the Responsible Area Director. (It 
        should be in a separate email because this questionnaire is 
        entered into the ID Tracker.) 
no

  (1.g) Has the Document Shepherd personally verified that the 
        document satisfies all ID nits? (See the Internet-Drafts Checklist 
        and http://tools.ietf.org/tools/idnits/). Boilerplate checks are 
        not enough; this check needs to be thorough. Has the document 
        met all formal review criteria it needs to, such as the MIB 
        Doctor, media type and URI type reviews? 

I've reviewed, yes. Looks good. There are some typos and usage
  errors. I've asked for some editorial corrections if a new version
  is required later in the process. However, this is well within the
  sort of thing the rfc-editor routinely corrects and I believe the
  technical content is clear now and will remain clear if the rfc
  editor corrects these issues. So, if we need another version
  editorial fixes before rfc-editor would be good, but they are not
  blocking.


  (1.h) Has the document split its references into normative and 
        informative? Are there normative references to documents that 
        are not ready for advancement or are otherwise in an unclear 
        state? If such normative references exist, what is the 
        strategy for their completion? Are there normative references 
        that are downward references, as described in [RFC3967]? If 
        so, list these downward references to support the Area 
        Director in the Last Call procedure for them [RFC3967]. 

The references are split. There are a couple of normative references
  that probably could be informative, but none of them are downward
  references or references to IDs so I don't see a point in being
  ultra picky about this.

  (1.i) Has the Document Shepherd verified that the document IANA 
        consideration section exists and is consistent with the body 
        of the document? If the document specifies protocol 
        extensions, are reservations requested in appropriate IANA 
        registries? Are the IANA registries clearly identified? If 
        the document creates a new registry, does it define the 
        proposed initial contents of the registry and an allocation 
        procedure for future registrations? Does it suggest a 
        reasonable name for the new registry? See [RFC5226]. If the 
        document describes an Expert Review process has Shepherd 
        conferred with the Responsible Area Director so that the IESG 
        can appoint the needed Expert during the IESG Evaluation? 

The document accurately states no IANA actions. No new message types
  are introduces; this document simply describes additional semantics
  for an existing message.


  (1.j) Has the Document Shepherd verified that sections of the 
        document that are written in a formal language, such as XML 
        code, BNF rules, MIB definitions, etc., validate correctly in 
        an automated checker? 

NA

  (1.k) The IESG approval announcement includes a Document 
        Announcement Write-Up. Please provide such a Document 
        Announcement Write-Up? Recent examples can be found in the
        "Action" announcements for approved documents. The approval 
        announcement contains the following sections: 

     Technical Summary 
	The Kerberos 5 KRB-CRED message is used to transfer Kerberos
	credentials between applications.  When used with a secure transport
	the unencrypted form of the KRB-CRED message may be desirable.  This
	document describes the unencrypted form of the KRB-CRED message.




     Working Group Summary 

        The Kerberos Working group had consensus to publish this document as a
        proposed standard.

     Document Quality 

	The OASIS Security Services TC received a request for a mechanism to
	transport a Kerberos ticket and associated credential information in
	the Security Assertion Markup Language. This will be transported over
	a confidentiality and integrity protected channel. The intent is for a
	SAML IDP to be able to permit a SAML service to use Kerberos acting on
	behalf of some subject. As such, the service may have no existing
	Kerberos keying material but will have SAML keying material. As an
	implementation accident, at least three Kerberos implementations
	already had a facility for transporting Kerberos credentials without a
	key. Previously this was thought to be an unneeded facility that at
	best was yet another corner case to test. This document standardizes
	that already widely implemented facility because it happened to meet
	the needs of the WG in this area.
Back