|
11/15/2004 2:30 PM
post4506
|
endorsement and comments
I have read this document, and I support its publication by GGF. I have the following comments and suggestions (mostly
just grammar stuff):
Attribute: ".e.g.," --> "e.g.,"
Attribute Assertion: "valid, or may have" --> "valid or may have"
Attribute Authority Domain: "policy with the domain" --> "policy
within the domain"
Attribute Certificate: "IETF RFC" --> just "RFC" for consistency
Attribute Schema: period missing at the end
Authentication Credential: "is typically involves" --> "typically
involves"; also missing final period
Authorization Attribute: final sentence is redundant
Authorization Client: "entity that make" --> "entity that makes" and
"a access" --> "an access"
Authorization Context: missing final period
Authorization Request: "requestor, or may be" --> "requestor or may
be"
Authorization Response: "assertion, or by using" --> "assertion or by
using"
Authorization Service: "server, or as a" --> "server or as a"
Authorization Subject: "is requesting, or has been granted" --> "is
requesting, or has been granted,"
Authorization System: replace "One particular implementation" with "An
implementation"?
Authorization Token: "right, or reference" --> "right or reference"
Certification Authority: "RFC3280" --> "RFC 3280" for consistency
Enforcement of access rights: term should be capitalized and
definition should start with "The limitation of operations" for
consistency; also, is this related to AEF?
Environmental Authority: "usage, or machine load" --> "usage or
machine load"
Identity Token: "reference to provide proof" --> "reference to a
proof"? also, "entity, or a token" --> "entity or a token"
Initiator: "e.g." --> "e.g.,"
Privilege: "typically has a lifetime explicitly associated" -->
"typically with an explicitly associated lifetime"
Privilege Assertion: "assertion, see" --> "assertion. See"
Privilege Authority: "has been delegated the authority" by whom?
perhaps "An entity with the authority to issue" is better.
Relying party: "party" --> "Party"; "assertions, or" --> "assertions
or"
Source of Authority: missing final period
Subject: "e.g." --> "e.g.,"; "as to" --> "to"
Trust: "risk associated with" what? actions? how about "The
willingness to accept the risk associated with actions expecting
beneficial outcomes, based on assertions by other parties."
Personally I would remove "expecting beneficial outcomes".
Trust Authorities: how does this relate to other authorities, like the
Assertion Authority? also, should probably be "Trust Authority"
instead of "Trust Authorities" for consistency.
Wire Format: uses both "wire" and "format" in the definition. how
about "The specified data organization for network messages for
interoperability between systems and domains."
X.509 Certificate: "IETF RFC2459" --> "RFC 2459" for consistency; "as
End Entity Certificate," --> "as an End Entity Certificate."
Expansion of Acronyms: This section appears to contain acronyms that
are not used elsewhere in the document. Is this intentional?
References: Add references for RFC 3281, SAML, Internet Protocol,
Kerberos, and ITU-T Recommendation X.509 to this section? Also, why
do you reference both RFC2459 and RFC3280 when 2459 is obsoleted by
3280?
|
|
|
|
|
