Hey all:
First, I have some easy editorial remarks:
* Section 6.3.2 mentions provisioning several times, but section 6.3
says that the draft won't be using the term provisioning.
* Section 7.5 contains, "...to identify which the identity is used..."
The word "the" should be removed.
Next, some quick content remarks:
* Section 4 lists that "there are of course two methods that could be
employed to configure identities and associated information." I can
imagine more than that!
* Section 6.3.3, "Fully Automated Addition," discusses that users might
be confused when they can access services without a password prompt.
I disagree - Windows Networking, SPNEGO under Internet Explorer,
browser cookies, and browsers remembering your credentials all offer
access to services without prompting for credentials. I would not be
surprised to discover that access without specific credential
prompting is more common than with.
Now, some topics for discussion:
* The end of Section 6.1 suggests helpful links that might be presented
for each identity, such as a password changing URL and
Helpdesk URL. Where do you suggest that we get these values? Would
that be in the authentication response? Would that just use
conventional paths?
* Section 6.5 talks about verifying the identity, and how there's no
way to verify a NAI and credential tuple. Is that really true?
Couldn't we create one? Maybe set up a do-nothing GSS server on the
machine with the Identity Selector, and then specify that any ABFAB
RADIUS system MUST allow access to that localsystem (say,
localhost.localdomain/test).
* Section 7.3 (Listing Services and Identities) - I'd like to see this
have some more detail. For instance, it could discuss how the nature
of the many-to-many associations between identities and services
creates a need to list out the identities with their associated
servers, and also list out the services, with their associated
identities. I'd be happy to add this.
Cheers,
--Mark
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
