Last Call Review of draft-santesson-auth-context-extension-09
review-santesson-auth-context-extension-09-genart-lc-korhonen-2015-10-15-00

Request Review of draft-santesson-auth-context-extension
Requested rev. no specific revision (document currently at 12)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2015-10-27
Requested 2015-10-01
Authors Stefan Santesson
Draft last updated 2015-10-15
Completed reviews Genart Last Call review of -09 by Jouni Korhonen (diff)
Genart Last Call review of -11 by Jouni Korhonen (diff)
Secdir Last Call review of -09 by Matthew Miller (diff)
Opsdir Last Call review of -09 by Éric Vyncke (diff)
Opsdir Telechat review of -11 by Éric Vyncke (diff)
Assignment Reviewer Jouni Korhonen 
State Completed
Review review-santesson-auth-context-extension-09-genart-lc-korhonen-2015-10-15
Reviewed rev. 09 (document currently at 12)
Review result Ready with Nits
Review completed: 2015-10-15

Review
review-santesson-auth-context-extension-09-genart-lc-korhonen-2015-10-15

I am the assigned Gen-ART reviewer for this draft. For background on


Gen-ART, please see the FAQ at


<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.





Please resolve these comments along with any other Last Call comments


you may receive.





Document:draft-santesson-auth-context-extension-10


Reviewer: Jouni Korhonen

Review Date: 

Oct-15-2015


IETF LC End Date: Oct-27-2015


IESG Telechat date: 

not yet




Summary: 

--------

Ready for publication as an Informational RFC.

Comments:

---------

I do not have deep expertise on the area this I-D covers. Having read it through and knowing the solution is already deployed for few years I have no technical comments.

Minor issues/nits:

------------------

1) IDNits result that need to be addressed:

   ** The abstract seems to contain references ([RFC5280], [SAML]), which it
      shouldn't.  Please replace those with straight textual mentions of the
      documents in question.

2) == Unused Reference: 'RFC5322' is defined on line 416, but no explicit
      reference was found in the text

3) Since this targets Informational RFC I wouldn't mind seeing all references

   except RFC2119 as informational references and not normative. We could argue

   whether RFC2119 language is needed at all (but no strong opinion here).

4) Introduction third paragraph:

   * expand SAML on the first occurrence

   * I would welcome a reference for "SAML federation"

5) Introduction eight paragraph:

   * expand CA on the first occurrence

6) Section 3.1.2:

   * expand OID on the first occurrence (now it comes after the paragraph

     explaining "Ref")

   * three times  s/REF/Ref