New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nits/Typos/References #65
Comments
Change: To: Cigdem: Removed that statement, Added: The AS informs the client that selected profile is "mqtt_tls" From: "The AS uses JSON in the payload of its responses to both to the To: "The AS uses JSON in the payload of its responses to the Cigdem: Fixed. |
"The MQTT session state is identified by the Client identifier and Duplicate have. Cigdem: Fixed |
"AIF-Generic<topic_filter, permissions> = [* [topic_filter,permissions]]" Cigdem:Fixed |
As in MQTT v5.0, The Token MAY either be transported before by The Token - wrongly capitalised. Cigdem: Fixed |
"CONNECT without a token: It is not possible to support AS Finish last sentence wit Tokenless CONNECT attempt MUST fail. Cigdem: Fixed |
This document registers 'EXPORTER-ACE-MQTT-Sign-Challenge' from -> Section number should be 12. Cigdem:Fixed to this: This document registers 'EXPORTER-ACE-MQTT-Sign-Challenge' (introduced in Section 2.2.4.1 |
General comments from Marco:
Fixed |
[Section 1]
Cigdem:Fixed |
Section 2.2.4.1
Fixed |
Section 2.2.4.2
|
[Section 2.2.5]
Cited RFC6234, and RFC8032, respectively - but noticed HS256 is not usually provided with a citation in other RFCs using it. [Section 3]
Fixed |
[Section 6.1]
Fixed |
The response includes the The fact that the profile parameter with value "mqtt_tls" is included in this response must be specified here. Fixed: Added: "and specifically, the "ace_profile" parameter is set to "mqtt_tls" at the end of the sentence. |
When CBOR is used, the must ->MUST Fixed |
Need to reference CDDL. Fixed: Added RFC8610 |
Nits: framework to enable s/an/a -- add a reference to rfc7519 -- |
Similarly, the server MUST NOT process add "from that client" Fixed |
-- which have have not been completely acknowledged or pending In case of an invalid This is in the section about success, while there is a separate section for unauthorized request, where imo this would fit better. Sentence removed. |
Francesca: No, what I meant is that for example when publishing to authz-info the client MUST use TLS:Anon-MQTT:None, as described in 2.2.2, so the "RECOMMENDED that the Client follows TLS:Anon-MQTT:ace" does not apply to that particular communication. I was just hoping you could add some context about when it is recommended to use TLS:Anon-MQTT:ace (this is basically just an editorial/clarification) Added: It is RECOMMENDED that the Client uses "TLS:Anon-MQTT:ace" as a first choice when working with protected topics. However, depending on the Client capability, Client MAY use "TLS:Known(RPK/PSK)-MQTT:none", and consequently "TLS:Anon-MQTT:None" to submit its token to "authz-info". |
In this profile, the Broker SHOULD always start with a clean session regardless of how these parameters are set. Francesca: > Does this mean that when the Broker recognizes that this spec is used, it SHOULD disregard the parameters value and start a clean session? What are the cases where this is not done ("If necessary" in the next paragraph)? [CS: Yes, if it does not want to support session continuation, it always starts clean session. If necessary was added due to providing potentially support for better QoS, but it may be other reasons. So, instead of prescribing a reason, I opted for "If necessary", where the need is determined by the Broker provider. FP: Ok, thanks for the clarification. Changing "If necessary" to "If the Broker provider requires it" (or something of the sort) would have helped me in this case, as that removes the vagueness of "necessary". Added: The Broker MAY support session continuation e.g., if the Broker requires it for QoS reasons. |
includes state on client subscriptions, QoS 1 and QoS 2 messages Changed to: messages with QoS levels 1 and 2 |
If the Client does not provide a valid token or omits the Authentication Data field, the Broker triggers AS discovery. FP: This comment comes from my interpretation of "valid token", which to me comes from the framework, where the token is validated to make sure that it is integrity protected, comes from the AS and covers the resource requested (that also includes not expired). What I was asking you to add is the case where the token cannot be validated, because it is malformed so it cannot be parsed or validated, and same for the Authentication data. This is covered in the text but re-emphasize. Reworded as: If the Client does not provide a valid token or omits the Authentication Data field, or the token or Authentication data are malformed, authentication fails. |
Section 3:
permissions?] FP: I was just noting that the empty array is a possible option according to the draft's CDDL (i.e. a Broker would not reject with error such an empty array), and I was wondering how that would be interpreted. If it's no permission, it would be good to clarify. Otherwise you could add a requirement to the AS that it MUST NOT be the empty array. Added: If the scope is empty i.e., the JSON array is empty, the RS records no permissions for the client for any topic. In this case, the client is not able to publish or subscribe to any protected topics. |
Scope appears in section 2.1 for the first time, but its encoding is only
[CS: Do you suggest doing a forward reference to section 3 from section 2.1?] FP: Yes. Done |
Section 4 talks about reauthentication. What described for
Changed the title of the section:Token Expiration, Update and Reauthentication, and reworded slightly. |
[CS: Client Authorisation Server was defined in the old actors draft - Daniel made a similar comment. Not sure what terminology the group settled on after the draft expired.] FP: I see. I suggest using "Client-Authorisation Server interface", which to me is more intuitive. |
Fixed the first two comments in the issue #65
Fixing nits and missing references. #65
A compilation of all nits:
== Line 497 has weird spacing: '...rotocol name ...'
== Line 901 has weird spacing: '...rotocol name ...'
== The document seems to lack the recommended RFC 2119 boilerplate, even if
it appears to use RFC 2119 keywords. ( I think that is an error as I can see the section 1.1.)
== Unused Reference: 'RFC7250' is defined on line 1135, but no explicit
reference was found in the text
-- Unexpected draft version: The latest known version of
draft-ietf-ace-oauth-authz is -34, but you're referring to -35.
-- Unexpected draft version: The latest known version of
draft-ietf-ace-oauth-params is -12, but you're referring to -13.
-- Unexpected draft version: The latest known version of
draft-ietf-ace-pubsub-profile is -00, but you're referring to -01.
Cigdem: Could not find the weird spacing; RFC 2119 boilerplate error seems to be bug; cited RFC7250 for raw public keys; the rest of draft versions are correct (it seems like the nits are not updated).
The text was updated successfully, but these errors were encountered: