One minor clarifying question below...
> > use Device identifiers in this fashion. This contract includes how
> > the request is authenticated and the set of identifiers (and types
> > of identifiers) that the third-party is authorized to use in
> requests.
>
> I think it would make more sense to say "This contract must
> include" (lower case) rather than "This contract includes . . .."
> Otherwise it sounds like a statement of fact.
Sure - it's a fine line to walk.
> > If this IP address matches the source IP address of the HELD
> > location request, the location request can be authorized under the
> > LCP policy (see Section 5.1); otherwise, the request MUST have been
> > authorized as a third-party request.
>
> It seems a bit odd to place a normative requirement on something that
> happened in the past ("MUST have been"). It's not clear that you need
> to be normative at all since you're talking about an authorization
> check that already happened. Here's a suggestion:
>
> If this IP address matches the source IP address of the HELD
> location request, the location request can be authorized under the
> LCP policy (see Section 5.1). Otherwise, the request must be treated
> as a third-party request.
Again, a good point. So few people have the ability to change the past.
Are we back to using lowercase "must" for any particular reason? Is there a particular reason that you didn't choose to use "MUST"?
--Martin
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
