Last Call Review of draft-ietf-tram-turn-third-party-authz-08
review-ietf-tram-turn-third-party-authz-08-genart-lc-holmberg-2015-02-05-00

Request Review of draft-ietf-tram-turn-third-party-authz
Requested rev. no specific revision (document currently at 16)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2015-02-17
Requested 2015-01-22
Other Reviews Genart Telechat review of -11 by Christer Holmberg (diff)
Secdir Last Call review of -07 by Yaron Sheffer (diff)
Opsdir Last Call review of -08 by Tom Taylor (diff)
Review State Completed
Reviewer Christer Holmberg
Review review-ietf-tram-turn-third-party-authz-08-genart-lc-holmberg-2015-02-05
Posted at http://www.ietf.org/mail-archive/web/gen-art/current/msg11293.html
Reviewed rev. 08 (document currently at 16)
Review result Ready with Nits
Draft last updated 2015-02-05
Review completed: 2015-02-05

Review
review-ietf-tram-turn-third-party-authz-08-genart-lc-holmberg-2015-02-05






I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>




 




Document:                         draft-ietf-tram-turn-third-party-authz-08.txt




 




Reviewer:                           Christer Holmberg




 




Review Date:                     5 February 2015




 




IETF LC End Date:             4 January 2015




 




IETF Telechat Date:         19 February 2015




 




Summary: The document is well written, and almost ready for publication. However, I do have some editorial comments, which I request to authors to address.                        




 




Major Issues: None




 




Minor Issues: None




 




Editorial nits: See below




 




-------------




 




General:




 




QGEN_1: The text says “OAuth”. Should it say “OAuth 2.0”?




 




-------------




 




Section 1:




 




Q1_1: The text says “OAuth”. Should it say “OAuth 2.0”?




 




Q1_2: Please add an OAuth reference on first occurrence.




 




Q1_3: I suggest to add a sentence, saying that the document also defines how to use OAuth with the TURN extension.




 




-------------




 




Section 3:




 




Q3_1: The text says:




 




“In the future STUNbis [I-D.ietf-tram-stunbis] will support hash




agility and accomplish this agility by conveying the HMAC algorithms




supported by the STUN server along with a STUN error message to the




client.”




 




I suggest to remove “In the future STUNbis”.




 




 




Q3_2: The text says:




 




              “The STUN token is returned in JSON”




 




Should the text say “JSON format”, “JSON syntax”, or something similar?




 




 




Q3_3: Please add a reference to JSON on first occurence.




 




Q3_4: Where are the parameter names of the JSON message defined? Are the parameter names identical to the ones listed in section 6.2? Figure 3 does show an example, but there should be normative text.




 




-------------




 




Section 4:




 




Q4_1:    The section gives an example using a TURN server. But, before that TURN has not been mentioned, and TURN usage is not described until section 9.




 




In addition, I don’t think the example even belongs in this section, which is only about obtaining the access token. I suggest to move the example to section 9.




 




-------------




 




Section 7:




 




Q7_1: I suggest to change the section name to “STUN Server Procedures”, or something like that.




 




-------------




 




Section 8:




 




Q8_1: I suggest to change the section name to “STUN Client Procedures”, or something like that.




 




-------------




 




Regards,




 




Christer