Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications
RFC 3881

Note: This ballot was opened for revision 12 and is now closed.

(Scott Hollenbeck) Yes

(Harald Alvestrand) No Objection

Comment (2004-05-13 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
This document is still really unclear about who "owns" the specification.
The standard IESG note seems appropriate here.....

(Bill Fenner) No Objection

(Ted Hardie) No Objection

(Russ Housley) No Objection

Comment (2004-05-11 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
  The security considerations seem quite weak to me.  In section 2.1, the
  document touches on many area that ought to be discussed in the security
  considerations.  The topics include:
  
  - security policy definitions - where do they come from?
  
  - role definitions and user definitions - where do they come from?
    how do they impact the overall security?
    
  - cryptographic operations - which ones?  using what keys?

(David Kessens) No Objection

(Jon Peterson) No Objection

(Bert Wijnen) No Record

Comment (2004-05-13 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
What are all these "^M" things in the section headers?

On page 20:

      Network Access Point ID: 10.10.203.42
      Network Access Point Type: 2 = IP address

That is not an IP address in the range (192.0.2.0/24) that has been
set aside for examples (RFC3330)