Hi Margaret,
Some feedback, as requested:
- Section 1
Sorry if this seems trivial! The term 'federation' is quite overloaded and
means different things to different people. I suggest explicitly calling
out what I think you mean, which is a 'multihop AAA fabric'. It's an ugly
circumlocution, but at least it can't be misunderstood or (worse)
misinterpreted.
- Section 1.1
Step 3. Substitute 'does not have direct access' with 'does not share a
relationship with'? 'Access' is perhaps too ambiguous.
Steps 4-6. I think it would be useful to explain why the RP is using an
identity to "contact" the trust routers in the consecutive realms. It
might not be obvious to the reader that the RP is building a transitive
chain of trust by walking the trust path. I suggest explaining this right
at the start of section 1.1.
Obviously an understanding of KNP is an essential part of this. I wonder
if it's worth including some discussion of KNP. On a more general note,
what is your opinion as to how this draft and KNP inter-relate - should
they remain distinct documents, or be combined somehow?
(Great ASCII art in that figure BTW)
- Section 4
Why can't realm names be hierarchal? It's true that the NAI has no concept
of a hierarchal realm component, but couldn't we choose to interpret a
hierarchy here? Trust Path aggregation could be useful.
- Section 5
Why query (pull) rather than push? One drawback with pull, perhaps, is
that nervous relying parties will tend towards polling as fast as they
can, rather than as regularly as the upstream trust router itself receives
updates from its peers (which would be more efficient).
Hope that helps, Josh.
JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG
|