Martin Duke has entered the following ballot position for draft-ietf-capport-api-07: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-capport-api/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Unless I am misinterpreting the language here, there is a disconnect between this document and the architecture document. Sec 2.3 of -architecture says: At minimum, the API MUST provide: (1) the state of captivity and (2) a URI for the Captive Portal Server. But in section 5 user-portal-url is an optional field. Is -architecture actually levying a requirement on the api spec, or the api server? I am also confused by this sentence at the end of section 4.1 about failed authentication: “It may still be possible for the user to access the network by being redirected to a web portal.” Who is doing the redirecting here? If authentication has failed, how is this redirect authenticated and secure against theft of credentials? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- This document is otherwise clearly written. Thanks. As I said in the architecture review, the term for the user portal keeps changing. Over there it’s called a “Captive Portal Server” and a “web portal server”. Here it’s a “user-portal.” One nit: s/extenal/external _______________________________________________ Captive-portals mailing list Captive-portals@ietf.org https://www.ietf.org/mailman/listinfo/captive-portals