There is some text that I think could be further improved before publishing this as an RFC.
The following notion appears several times in the document:
However, no authentication framework is provided, which
limits the policy options available when the "Authorization by Access
Control" model is used.
There is other work coming from this working group that supports the authorization
by access control model. Is the point of these phrases to highlight that other documents
are needed to make authorization by access control more useful? Or is it to note that the
current tools deployed for authentication over http make authorization by access
difficult.
As written, I expect readers who have not been following this work closely to interpret
the phrase to mean that the group chose not to provide a framework and thus doesn't
expect people to use authorization by access control much.
RjS
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
