Hello Mario, Please find below my comments on this draft: - Title: Would it be better to re-title the doc as simply "Registration Data Access Protocol (RDAP) Reverse Search" since we tend to mention it in discussions as "reverse search" and not "reverse search capabilities"? - Section 3: Typo "resorce" in "triple <searchable resorce type, related resource type, property>". - Section 3: "Servers MUST NOT provide or implement unregistered reverse searches or unregistered reverse search mappings." ... Does "unregistering" entries from these IANA registries mean removing them, or simply marking them as deprecated? If the latter, do we need a status field in these registries to differentiate the active entries from the deprecated ones? Not clear about it. - Section 8: "The presence of a predicate on the reverse search property "role" means that the RDAP response property "roles" must contain at least the specified role." ... Should "must" be changed to "MUST"? - Section 12.1: "Intended usage: This extension identifier is used for reverse search URI path segments." ... Should we elaborate here that this extension identifier is also used as a prefix in the "reverse_search_properties" and "reverse_search_properties_mapping" data members' names? - Section 13: "Since reverse search requests and responses could contain Personally Identifiable Information (PII), reverse search functionality SHOULD be available over HTTPS only." ... Should "SHOULD" be changed to "MUST"? IIRC, we strongly discourage using HTTP (versus HTTPS) in RDAP. - Appendix A: Just curious if the reason why the "Federated Authentication for the Registration Data Access Protocol (RDAP) using OpenID Connect" draft is not mentioned in this draft is because we think that the latter would be on the standards track before the former?
Overall, this work has evolved pretty well. :) Thanks, Jasdip _______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
