I am the assigned Gen-ART reviewer for draft-ietf-abfab-usecases-03.txt For background on Gen-ART, please see the FAQ at <http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html>.
Please resolve these comments along with any other Last Call comments you may receive. Summary: This draft is ready for publication as an Informational RFC, but I do have some minor comments that you may like to address. Minor ===== * This document references obsolete versions of IMAP and SMTP. Is there any specific reason for referring to the older versions? If not, I recommend replacing references to -> RFC2060 with RFC3501 -> RFC2821 with RFC5321 * Section 3.7 The following text is a bit out of date. "At present, authentication to these applications will be typically configured manually by the user on the device (or on a different device connected to that device) but inputting their (usually pre- provisioned out-of-band) credentials for that application - one per application." With systems such as IMS that have gotten deployed, at least telco operator hosted applications can use some form of federated identity already. I do not have strong feelings about this but I suggest leaving out operator hosted applications from this characterization. * Section 3.9 I am not sure I understand the following text "The utility company may wish to grant access only to authorized devices; for example, a consortium of utility companies and device manufacturers may certify devices to connect to power networks." What does the word certify mean here? I have always understood it to mean testing compliance to certain requirements rather than verification of identity. Can you please clarify? Thanks Suresh _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art