Skip to main content

Early Review of draft-ietf-gnap-resource-servers-05
review-ietf-gnap-resource-servers-05-artart-early-salz-2024-06-24-00

Request Review of draft-ietf-gnap-resource-servers
Requested revision No specific revision (document currently at 09)
Type Early Review
Team ART Area Review Team (artart)
Deadline 2024-07-02
Requested 2024-06-11
Requested by Deb Cooley
Authors Justin Richer , Fabien Imbault
I-D last updated 2024-06-24
Completed reviews Artart Early review of -05 by Rich Salz (diff)
Intdir Early review of -05 by Tommy Pauly (diff)
Secdir Early review of -07 by Alexey Melnikov (diff)
Genart Early review of -06 by Lars Eggert (diff)
Secdir Last Call review of -08 by Alexey Melnikov (diff)
Tsvart Last Call review of -08 by Martin Duke (diff)
Assignment Reviewer Rich Salz
State Completed
Request Early review on draft-ietf-gnap-resource-servers by ART Area Review Team Assigned
Posted at https://mailarchive.ietf.org/arch/msg/art/3MDWjRaXCKwSKzEZ1-eNL6Wa66U
Reviewed revision 05 (document currently at 09)
Result Ready w/nits
Completed 2024-06-24
review-ietf-gnap-resource-servers-05-artart-early-salz-2024-06-24-00
This doc is well-written. It explains an API for GNAP parties to talk with each
other, view and dissect access tokens, and the like. The security
considerations seem well-considered.  I am not a GNAP expert. A few nits follow

Abstract: should spell out GNAP.  Is the "AS" in the second sentence the same
as the "piece of software" mentioned the first sentence?

Introduction: the RS doesn't answer important questions, it gets answer to
them, right?

2.1.3 "ensure that the token is not receiving". Do you mean the RS is not
receiving?

2.1.4 "if such information is not stored, an atacker". s/stored/included/
s/stored/presented/?

How much of 2.1.* is a restatement of the core GNAP document? How much of 2.1.*
is different, soley for the purposes here -- i.e., how much of 2.1.* would more
properly belong in a GNAP-CORE-bis document?

3.1 What is the point of the grant_request_endpoint field, since the first
paragraph of that section implies you have to know it to add the well-known
suffix?

I was surprised to see the Acknowledgements appearing before several things,
and not last just-before-references.