Hi Rhys, Thanks for making the changes. I have some responses to the open issues.
Rhys Smith wrote: >> * Section 3.7 >> >> The following text is a bit out of date. >> >> "At present, authentication to these applications will be typically >> configured manually by the user on the device (or on a different >> device connected to that device) but inputting their (usually pre- >> provisioned out-of-band) credentials for that application - one per >> application." >> >> With systems such as IMS that have gotten deployed, at least telco >> operator hosted applications can use some form of federated identity >> already. I do not have strong feelings about this but I suggest leaving >> out operator hosted applications from this characterisation. > > This use case came directly from some authors involved in operating mobile > platforms. I think it's still useful to leave it in there as there are a > variety of non-operator hosted applications that may not have such a thing > enabled. The text currently says "could be hosted by the telecoms operator, > or could be any application or system on the internet" which I think means > the point is still valid... My point was that this characterization was no longer widely applicable for the operator hosted applications. I do not have strong feelings about this. I am fine with leaving the text as is. > > > >> * Section 3.9 >> >> I am not sure I understand the following text >> >> "The utility company may wish to >> grant access only to authorized devices; for example, a consortium of >> utility companies and device manufacturers may certify devices to >> connect to power networks." >> >> What does the word certify mean here? I have always understood it to >> mean testing compliance to certain requirements rather than verification >> of identity. Can you please clarify? > > In this case it would be exactly as you say - testing compliance to certain > requirements. In the case of utility networks, it might mean that a > particular device has the "usual" power certifications about how it uses > electricity, but also certification around its "smartness" - what identity > technologies it supports, what levels of assurance it can comply with around > identity assertion, etc. Great. In that case, it would be good to change the word "authorized" to "certified" as it conveys the meaning accurately. Thanks Suresh _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
