Hello Matt, I'd just like to confirm that you are good with the updates provided as a result of your review.
Thank you for your review. Kathleen On Wed, Sep 7, 2016 at 11:02 AM, Matt Miller <[email protected]> wrote: > Hello Oiwasan, > > Thank you for your response, and look forward to reading the next revision. > > As for that uncompleted thought; my apologies, it should not have been > included! When I had started that thought, I had not yet finished all > of section 5. I think, for an experiment, the interaction of > webform/cookie authentication with this extension is covered as well as > can be done until the experiment is performed. > > > Thanks , > > - m&m > > Matt Miller > Cisco Systems, Inc. > > On 2016-9-2 21:27, 大岩寛 wrote: > > Dear Matt and Jari, > > > > Thank you for giving and forwarding us useful comments. > > > >> On 01 Sep 2016, at 05:15, Matt Miller <[email protected]> wrote: > >> > >>> * There is at least a couple of mentions of the "Authentication-Info" > >>> header, but no reference to RFC 7615 in which it is defined. I think > >>> an informational reference is warranted here. > > > > Thank you for notifying it. We did it on another draft but not on this. > > > >>> * Just reading sections 4.5. "Location-when-logout parameter" and 4.6. > >>> "Logout-timeout parameter", it is unclear how these are meant to > >>> interact to inform a client the user's authentication session. > >>> Frankly, I think the text in section 4.5 is too vague about how a > >>> client can detect termination of a user's authenticated session, and > >>> could use more of a hint on how "logout-timeout" is involved to > >>> accomplish it. At the least, I think both sections 4.5. and 4.6. need > >>> pointers to section 5. to help readers get a sense of how to apply > >>> them. > > > > We'll think about some improvements here, along with other people's > comments on this. > > > >>> * In section 4.7. "Username parameter", I think there should be an > >>> explicit pointer to the Security Considerations to warn about > >>> potential issues this parameter presents. I also recommend separating > >>> that portion of the Security Considerations about "username" into its > >>> own subsection to make such a callout better. > > > > It's a good idea. We'll do. > > > >>> * Since this document is acknowledging that cookies are used for > >>> authentication, and > > > > Could you give me continuation, if possible? > > > >>> Nits/editorial comments: > > > > We'll incorporates these comments. Thank you. > > > > > > -- Best regards, Kathleen
_______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
