Hello Oiwasan, Thank you for your response, and look forward to reading the next revision.
As for that uncompleted thought; my apologies, it should not have been included! When I had started that thought, I had not yet finished all of section 5. I think, for an experiment, the interaction of webform/cookie authentication with this extension is covered as well as can be done until the experiment is performed. Thanks , - m&m Matt Miller Cisco Systems, Inc. On 2016-9-2 21:27, 大岩寛 wrote: > Dear Matt and Jari, > > Thank you for giving and forwarding us useful comments. > >> On 01 Sep 2016, at 05:15, Matt Miller <[email protected]> wrote: >> >>> * There is at least a couple of mentions of the "Authentication-Info" >>> header, but no reference to RFC 7615 in which it is defined. I think >>> an informational reference is warranted here. > > Thank you for notifying it. We did it on another draft but not on this. > >>> * Just reading sections 4.5. "Location-when-logout parameter" and 4.6. >>> "Logout-timeout parameter", it is unclear how these are meant to >>> interact to inform a client the user's authentication session. >>> Frankly, I think the text in section 4.5 is too vague about how a >>> client can detect termination of a user's authenticated session, and >>> could use more of a hint on how "logout-timeout" is involved to >>> accomplish it. At the least, I think both sections 4.5. and 4.6. need >>> pointers to section 5. to help readers get a sense of how to apply >>> them. > > We'll think about some improvements here, along with other people's comments > on this. > >>> * In section 4.7. "Username parameter", I think there should be an >>> explicit pointer to the Security Considerations to warn about >>> potential issues this parameter presents. I also recommend separating >>> that portion of the Security Considerations about "username" into its >>> own subsection to make such a callout better. > > It's a good idea. We'll do. > >>> * Since this document is acknowledging that cookies are used for >>> authentication, and > > Could you give me continuation, if possible? > >>> Nits/editorial comments: > > We'll incorporates these comments. Thank you. > >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
