Hello Kathleen (et al), Reviewing the latest revision (-09), I think all of my concerns were addressed.
Thanks, - m&m Matt Miller Cisco Systems, Inc. On 2016-11-15 14:15, Kathleen Moriarty wrote: > Hello Matt, > > I'd just like to confirm that you are good with the updates provided as a > result of your review. > > Thank you for your review. > Kathleen > > On Wed, Sep 7, 2016 at 11:02 AM, Matt Miller <[email protected]> wrote: > >> Hello Oiwasan, >> >> Thank you for your response, and look forward to reading the next revision. >> >> As for that uncompleted thought; my apologies, it should not have been >> included! When I had started that thought, I had not yet finished all >> of section 5. I think, for an experiment, the interaction of >> webform/cookie authentication with this extension is covered as well as >> can be done until the experiment is performed. >> >> >> Thanks , >> >> - m&m >> >> Matt Miller >> Cisco Systems, Inc. >> >> On 2016-9-2 21:27, 大岩寛 wrote: >>> Dear Matt and Jari, >>> >>> Thank you for giving and forwarding us useful comments. >>> >>>> On 01 Sep 2016, at 05:15, Matt Miller <[email protected]> wrote: >>>> >>>>> * There is at least a couple of mentions of the "Authentication-Info" >>>>> header, but no reference to RFC 7615 in which it is defined. I think >>>>> an informational reference is warranted here. >>> >>> Thank you for notifying it. We did it on another draft but not on this. >>> >>>>> * Just reading sections 4.5. "Location-when-logout parameter" and 4.6. >>>>> "Logout-timeout parameter", it is unclear how these are meant to >>>>> interact to inform a client the user's authentication session. >>>>> Frankly, I think the text in section 4.5 is too vague about how a >>>>> client can detect termination of a user's authenticated session, and >>>>> could use more of a hint on how "logout-timeout" is involved to >>>>> accomplish it. At the least, I think both sections 4.5. and 4.6. need >>>>> pointers to section 5. to help readers get a sense of how to apply >>>>> them. >>> >>> We'll think about some improvements here, along with other people's >> comments on this. >>> >>>>> * In section 4.7. "Username parameter", I think there should be an >>>>> explicit pointer to the Security Considerations to warn about >>>>> potential issues this parameter presents. I also recommend separating >>>>> that portion of the Security Considerations about "username" into its >>>>> own subsection to make such a callout better. >>> >>> It's a good idea. We'll do. >>> >>>>> * Since this document is acknowledging that cookies are used for >>>>> authentication, and >>> >>> Could you give me continuation, if possible? >>> >>>>> Nits/editorial comments: >>> >>> We'll incorporates these comments. Thank you. >>> >>> >> >> > >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
