Organization Extension for the Extensible Provisioning Protocol (EPP)

Note: This ballot was opened for revision 09 and is now closed.

Adam Roach Yes

Deborah Brungard No Objection

Ben Campbell No Objection

Comment (2018-10-23 for -09)
Thanks for the work on this. I have a few comments:

*** Substantive Comments ***

§1: "An organization mapping object defined in [ID.draft-ietf-regext-org]
SHOULD be created first."

First before what?

*** Editorial Comments ***

- General: 
I'm a little confused by the split in material between draft-ietf-regext-org and draft-ietf-regext-org-ext, especially how the command mapping and related info seems to span both documents. It seems a bit reader-unfriendly. But it's late enough in the process that it's probably not worth changing.

- Abstract: Please expand EPP on first mention both in the abstract and in the body.

§2, 3rd paragraph:  I know we are not consistent about this, but I find the word “conforming” to be a red flag. Standards track RFCs should be about interoperability, not conformance. I suggest striking all after “presented”.

Alissa Cooper No Objection

Spencer Dawkins No Objection

Comment (2018-10-24 for -09)
If "huh?" was a ballot position, I would have used it. I'm actually too confused to ballot Discuss :-)

I see several subsections of the form 

   This extension does not add any elements to the EPP <check> command
   or <check> response described in the EPP object mapping.

I see other subsections in the same section that say what the extension DOES, not just what the extension does not do.

Is there anything that can be included in these sections to tell the reader more about what the effect of using the extension actually is?

Benjamin Kaduk (was Discuss) No Objection

Comment (2018-11-29 for -10)
Thank you for addressing my Discuss points!

[Original Comment section preserved below]

Section 1

   In the business model of domain registration, we usually have 3 roles
   of entities: a registrant, a registrar and a registry.  There may be
   other roles of entities involved in the domain registration process
   which are not formally defined, such as resellers, DNS service
   operators, privacy proxies, etc.

nit: Perhaps I am misreading, but are we not going to formally define these
entities in the next paragraph (in which case "yet" might be worth adding)?

   An organization mapping object defined in [ID.draft-ietf-regext-org]
   SHOULD be created first.  The organization information specified in
   this document MUST reference the existing organization identifier.

What does "first" refer to?  "prior to the use of that object"?

Section 2

   The XML namespace prefix "orgext" is used, but implementations MUST
   NOT depend on it and instead employ a proper namespace-aware XML
   parser and serializer to interpret and output the XML documents.

[This could probably be written more clearly; see my comment on the
companion document]

Section 9

IIRC the authorization model for EPP does not allow arbitrary clients to
retrieve information about arbitrary (unrelated) domains.  If that's not
the case, there would be privacy considerations with respect to exposing
the linkages of the organization mappings (and roles).

Suresh Krishnan No Objection

Mirja Kühlewind No Objection

Alexey Melnikov No Objection

Eric Rescorla No Objection

Comment (2018-10-24 for -09)
Rich version of this review at:

S 4.2.1.
>      C:          <domain:pw>fooBAR</domain:pw>
>      C:        </domain:authInfo>
>      C:      </domain:create>
>      C:    </create>
>      C:    <extension>
>      C:      <orgext:create

FWIW, this would be easier to read if the new fields were decorated in
some way.

Alvaro Retana No Objection

Martin Vigoureux No Objection