Last Call Review of draft-wilde-service-link-rel-06
review-wilde-service-link-rel-06-secdir-lc-santesson-2018-11-20-00

Request Review of draft-wilde-service-link-rel
Requested revision No specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-11-20
Requested 2018-10-23
Authors Erik Wilde
Draft last updated 2018-11-20
Completed reviews Genart Last Call review of -06 by Peter E. Yee (diff)
Secdir Last Call review of -06 by Stefan Santesson (diff)
Opsdir Last Call review of -10 by Tim Chown
Genart Telechat review of -08 by Peter E. Yee (diff)
Secdir Telechat review of -10 by Stefan Santesson
Assignment Reviewer Stefan Santesson
State Completed Snapshot
Review review-wilde-service-link-rel-06-secdir-lc-santesson-2018-11-20
Reviewed revision 06 (document currently at 10)
Result Has Issues
Completed 2018-11-20
review-wilde-service-link-rel-06-secdir-lc-santesson-2018-11-20-00
Even though this document is quite repetitive when describing its fundamental
concepts, I still had a problem figuring out whether the link relations defined
are applicable to any web resource, or just to "web services" in the context of
"service provided to another service".

I have no issues with the fundamental concept, but the document lacks security
considerations. The content of the section is "..." indicating that something
eventually is intended to go here, but has not yet been written. If there are
absolutely no security considerations, then the section should say so.

I do however think that there are some useful security considerations to
document. At least it may be useful to have a small discussion to consider what
information about a service that is helpful to a user, and which could be used
by an attacker, and find a good balance.

As a nit I would suggest shortening some of the fundamental description in the
early introduction that is being repeated in the document. The document is
rather short and therefore does not benefit from saying the same things many
times.