Dear Matt and Jari, Thank you for giving and forwarding us useful comments.
> On 01 Sep 2016, at 05:15, Matt Miller <[email protected]> wrote: > > > * There is at least a couple of mentions of the "Authentication-Info" > > header, but no reference to RFC 7615 in which it is defined. I think > > an informational reference is warranted here. Thank you for notifying it. We did it on another draft but not on this. > > * Just reading sections 4.5. "Location-when-logout parameter" and 4.6. > > "Logout-timeout parameter", it is unclear how these are meant to > > interact to inform a client the user's authentication session. > > Frankly, I think the text in section 4.5 is too vague about how a > > client can detect termination of a user's authenticated session, and > > could use more of a hint on how "logout-timeout" is involved to > > accomplish it. At the least, I think both sections 4.5. and 4.6. need > > pointers to section 5. to help readers get a sense of how to apply > > them. We'll think about some improvements here, along with other people's comments on this. > > * In section 4.7. "Username parameter", I think there should be an > > explicit pointer to the Security Considerations to warn about > > potential issues this parameter presents. I also recommend separating > > that portion of the Security Considerations about "username" into its > > own subsection to make such a callout better. It's a good idea. We'll do. > > * Since this document is acknowledging that cookies are used for > > authentication, and Could you give me continuation, if possible? > > Nits/editorial comments: We'll incorporates these comments. Thank you. -- Yutaka OIWA, Ph.D. Leader, Cyber Physical Architecture Research Group Information Technology Research Institute National Institute of Advanced Industrial Science and Technology (AIST) Mail addresses: <[email protected]>, <[email protected]> OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D 3139 8677 9BD2 4405 46B5] _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
