Last Call Review of draft-ietf-abfab-arch-10
review-ietf-abfab-arch-10-secdir-lc-yu-2014-01-23-00

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

Summary: ready with issues

The Security Considerations (section 5) appears incomplete.  The
next-to-last paragraph of the Security Considerations text is:

   Partial list of issues to be addressed in this section: Privacy,
   SAML, Trust Anchors, EAP Algorithm Selection, Diameter/RADIUS/AAA
   Issues, Naming of Entities, Protection of passwords, Channel Binding,
   End-point-connections (TLS), Proxy problems

The bulk of the Security Considerations adequately describes the
security properties of the different communication channels.  Section
4 is Privacy Considerations, so maybe just make a cross-reference to
it in Security Considerations?  If the other listed "to be addressed"
security considerations are already described elsewhere in the
document, possibly summarize them in section 5 and provide
cross-references?

The final paragraph of section 5 describes privacy considerations
related to reverse engineering of pseudonyms, but this text seems to
be logically disconnected from the rest of the section.  Maybe it
belongs in section 4?