Last Call Review of draft-gregorio-uritemplate-
review-gregorio-uritemplate-genart-lc-gurbani-2012-01-02-00
| Request | Review of | draft-gregorio-uritemplate |
|---|---|---|
| Requested revision | No specific revision (document currently at 08) | |
| Type | Last Call Review | |
| Team | General Area Review Team (Gen-ART) (genart) | |
| Deadline | 2012-01-03 | |
| Requested | 2011-11-29 | |
| Authors | Roy T. Fielding , Mark Nottingham , David Orchard , Joe Gregorio , Marc Hadley | |
| I-D last updated | 2012-01-02 | |
| Completed reviews |
Genart Last Call review of -??
by Vijay K. Gurbani
|
|
| Assignment | Reviewer | Vijay K. Gurbani |
| State | Completed | |
| Request | Last Call review on draft-gregorio-uritemplate by General Area Review Team (Gen-ART) Assigned | |
| Completed | 2012-01-02 |
review-gregorio-uritemplate-genart-lc-gurbani-2012-01-02-00
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at < http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Please resolve these comments along with any other Last Call comments you may receive. Document: draft-gregorio-uritemplate-07 Reviewer: Vijay K. Gurbani Review Date: Jan-01-2012 IETF LC End Date: Not known IESG Telechat date: Jan-05-2012 Summary: This draft is ready as an Proposed Standard. Major issues: 0 Minor issues: 2 Nits/editorial comments: 0 Minor issue: - S3.2.1, first paragraph: "A variable defined as an associative array of (name, value) pairs is considered undefined if the array contains zero members or if all member names in the array have undefined values." Here, do you mean "if all member names in the array have no values."? That is, "undefined values" implies that values are present in the template, but are not understood. On the other hand, "no values" implies the absence of any values at all. In my reading of the text, it appears that "no values" conveys more context than "undefined values". - S4, general comment: I am not sure where the template expansion is done --- at the client (browser) or at the origin server (the draft does not enunciate this, and if it does, I may have missed it). If the expansion is done at the origin server, I suspect that one can keep it a bit more busy by asking it to perform unnecessary template expansion for a resource that may be accessed normally even without template expansion. Is it worth documenting this at all in the Security Considerations section? (Clearly, if the expansion is done at the client, then it is the client incurring the expense of expansion. Insofar as the client is malicious, it is best to let it expend as much effort as necessary.) Thanks, - vijay - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60566 (USA) Email: vkg at {bell-labs.com,acm.org} / vijay.gurbani at alcatel-lucent.com Web: http://ect.bell-labs.com/who/vkg/