Early Review of draft-ietf-opsawg-ucl-acl-10
review-ietf-opsawg-ucl-acl-09-intdir-early-pelov-2025-12-13-01
| Request | Review of | draft-ietf-opsawg-ucl-acl |
|---|---|---|
| Requested revision | No specific revision (document currently at 12) | |
| Type | Early Review | |
| Team | Internet Area Directorate (intdir) | |
| Deadline | 2026-01-03 | |
| Requested | 2025-12-12 | |
| Requested by | Joe Clarke | |
| Authors | Qiufang Ma , Qin Wu , Mohamed Boucadair , Daniel King | |
| I-D last updated | 2026-02-28 (Latest revision 2026-02-03) | |
| Completed reviews |
Opsdir Early review of -08
by Dhruv Dhody
(diff)
Intdir Early review of -10 by Alexander Pelov (diff) Secdir IETF Last Call review of -11 by Valery Smyslov (diff) Yangdoctors IETF Last Call review of -12 by Acee Lindem Opsdir IETF Last Call review of -11 by Dhruv Dhody (diff) |
|
| Assignment | Reviewer | Alexander Pelov |
| State | Completed | |
| Request | Early review on draft-ietf-opsawg-ucl-acl by Internet Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/int-dir/YztCtma59QP9OOXeH6f5fo6mErw | |
| Reviewed revision | 10 (document currently at 12) | |
| Result | Ready w/nits | |
| Completed | 2025-12-22 |
review-ietf-opsawg-ucl-acl-09-intdir-early-pelov-2025-12-13-01
I previously reviewed version -09 of this draft and raised concerns regarding inconsistent terminology and the scope of the group definitions. The authors have significantly improved the document in version -10. All questions and issues I identified in my previous review were addressed or answered. Thanks to the authors for the rapid reaction! The restructuring of the Terminology section and the clarification of the relationship between the generic "Endpoint Group" and its specific subtypes (User, Device, Application) has resolved the architectural ambiguity I previously noted. Furthermore, the added examples clarify that the defined RADIUS attribute (User-Access-Group-ID) is intended specifically for user-centric authentication scenarios, while other group types are provisioned differently. This distinction makes the attribute naming logical and clarify the indented use for the different group types. The choice of 'group-id' being a string has been discussed on github and in the WG, so I don't see any issue with it. Minor nits: In the terminology section, there are leading spaces missing before the bullets "* device group:" and "* Application group:"