Last Call Review of draft-ietf-tram-turn-third-party-authz-08

Request Review of draft-ietf-tram-turn-third-party-authz
Requested rev. no specific revision (document currently at 16)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2015-02-17
Requested 2015-01-22
Authors Tirumaleswar Reddy.K, Prashanth Patil, Ram R, Justin Uberti
Draft last updated 2015-02-05
Completed reviews Genart Last Call review of -08 by Christer Holmberg (diff)
Genart Telechat review of -11 by Christer Holmberg (diff)
Secdir Last Call review of -07 by Yaron Sheffer (diff)
Opsdir Last Call review of -08 by Tom Taylor (diff)
Assignment Reviewer Christer Holmberg
State Completed
Review review-ietf-tram-turn-third-party-authz-08-genart-lc-holmberg-2015-02-05
Reviewed rev. 08 (document currently at 16)
Review result Ready with Nits
Review completed: 2015-02-05


I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <>


Document:                         draft-ietf-tram-turn-third-party-authz-08.txt


Reviewer:                           Christer Holmberg


Review Date:                     5 February 2015


IETF LC End Date:             4 January 2015


IETF Telechat Date:         19 February 2015


Summary: The document is well written, and almost ready for publication. However, I do have some editorial comments, which I request to authors to address.                        


Major Issues: None


Minor Issues: None


Editorial nits: See below






QGEN_1: The text says “OAuth”. Should it say “OAuth 2.0”?




Section 1:


Q1_1: The text says “OAuth”. Should it say “OAuth 2.0”?


Q1_2: Please add an OAuth reference on first occurrence.


Q1_3: I suggest to add a sentence, saying that the document also defines how to use OAuth with the TURN extension.




Section 3:


Q3_1: The text says:


“In the future STUNbis [I-D.ietf-tram-stunbis] will support hash

agility and accomplish this agility by conveying the HMAC algorithms

supported by the STUN server along with a STUN error message to the



I suggest to remove “In the future STUNbis”.



Q3_2: The text says:


              “The STUN token is returned in JSON”


Should the text say “JSON format”, “JSON syntax”, or something similar?



Q3_3: Please add a reference to JSON on first occurence.


Q3_4: Where are the parameter names of the JSON message defined? Are the parameter names identical to the ones listed in section 6.2? Figure 3 does show an example, but there should be normative text.




Section 4:


Q4_1:    The section gives an example using a TURN server. But, before that TURN has not been mentioned, and TURN usage is not described until section 9.


In addition, I don’t think the example even belongs in this section, which is only about obtaining the access token. I suggest to move the example to section 9.




Section 7:


Q7_1: I suggest to change the section name to “STUN Server Procedures”, or something like that.




Section 8:


Q8_1: I suggest to change the section name to “STUN Client Procedures”, or something like that.