Last Call Review of draft-ietf-regext-rdap-openid-25
review-ietf-regext-rdap-openid-25-intdir-lc-von-hugo-2023-09-08-00

I am an assigned INT directorate reviewer for
draft-ietf-regext-rdap-openid. These comments were written primarily for
the benefit of the Internet Area Directors. Document editors and shepherd(s)
should treat these comments just like they would treat comments from any other
IETF contributors and resolve them along with any other Last Call comments that
have been received. For more details on the INT Directorate, see
<https://datatracker.ietf.org/group/intdir/about/>.

In Registration Data Access Protocol (RDAP) completed in 2015 a federated
authentication service was up to now still undefined/unspecified - as already
stated in RFC7481 on RDAP security services pointinhg already to OAuth
authorization framework and OpenID as single sign-on authentication system. The
mechanism proposed in this draft fills the gap and refers to 3 PoC
implementations based on earlier versions. It would be great if also a
reference implementation to a more recent version could be provided IMO.

Overall the document seems quite complete and elaborated in version 25 to me
and even only few very minor nits have been found: - mentioned "out-of-band"
source, method, mechanism refers to entities outside the described RDAP system
here, right? Not sure whether this usage of the term might be clarified... -
re-using vs. reused: this should be used consistently IMO - (e.g. xyz => (e.g.,
xyz

Thanks to the author and all contributors!
Best regards
Dirk