Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)
Note: This ballot was opened for revision 13 and is now closed.
(Dan Romascanu) Yes
(Jari Arkko) No Objection
(Ron Bonica) No Objection
(Ross Callon) No Objection
(Lisa Dusseault) No Objection
(Lars Eggert) No Objection
(Russ Housley) (was Discuss) No Objection
From Gen-ART Review by Ben Campbell. In Section 3.2, It would be helpful to mention how Authorize Only is used to ease mapping to Diameter, and reference the Diameter Considerations section. As it is, the reader wonders what the semantic effect of the resulting Access-Request message is supposed to be. Section 6.2, 4th paragraph, raises a question. Can a proxy be expected to easily know if it is one-hop away from the NAS? Is the mechanism for determining this well-known or documented somewhere that could be referenced here?
(Cullen Jennings) No Objection
(Chris Newman) No Objection
(Tim Polk) (was No Record, Discuss) No Objection
The figures in sections 2.1 and 2.2 use Disconnect-Response and CoA-Response as shorthand for "Disconnect-ACK or Disconnect-NAK" and "CoA-ACK or CoA-NAK" respectively. These terms are never defined, and in fact are never used again. I can't claim it was too hard to figure out, but it might be better if the meaning was explicitly stated. Perhaps the terms could be introduced in the text following the figures and implicitly defined in a parenthetical, in the same way that "Response packet" was introduced in section 2.3: The Authenticator field in a Response Packet (e.g. Disconnect-ACK, Disconnect-NAK, CoA-ACK, or CoA-NAK).
(Mark Townsley) No Objection
(David Ward) No Objection
(Magnus Westerlund) No Objection
(Sam Hartman) (was Discuss) Abstain
Getting my discuss addressed would likely take more time with this set of authors and chairs than is worthwhile.