Last Call Review of draft-gregorio-uritemplate-
review-gregorio-uritemplate-genart-lc-gurbani-2012-01-02-00

Request Review of draft-gregorio-uritemplate
Requested rev. no specific revision (document currently at 08)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2012-01-03
Requested 2011-11-29
Authors Roy Fielding, Mark Nottingham, David Orchard, Joe Gregorio, Marc Hadley
Draft last updated 2012-01-02
Completed reviews Genart Last Call review of -?? by Vijay Gurbani
Assignment Reviewer Vijay Gurbani
State Completed
Review review-gregorio-uritemplate-genart-lc-gurbani-2012-01-02
Review completed: 2012-01-02

Review
review-gregorio-uritemplate-genart-lc-gurbani-2012-01-02

I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-gregorio-uritemplate-07
Reviewer: Vijay K. Gurbani
Review Date: Jan-01-2012
IETF LC End Date: Not known
IESG Telechat date: Jan-05-2012

Summary: This draft is ready as an Proposed Standard.

Major issues: 0
Minor issues: 2
Nits/editorial comments: 0

Minor issue:

- S3.2.1, first paragraph: "A variable defined as an associative
 array of (name, value) pairs is considered undefined if the
 array contains zero members or if all member names in the array
 have undefined values."

 Here, do you mean "if all member names in the array have no values."?
 That is, "undefined values" implies that values are present in the
 template, but are not understood.  On the other hand, "no values"
 implies the absence of any values at all.  In my reading of the
 text, it appears that "no values" conveys more context than "undefined
 values".

- S4, general comment: I am not sure where the template expansion is
 done --- at the client (browser) or at the origin server (the draft
 does not enunciate this, and if it does, I may have missed it).  If
 the expansion is done at the origin server, I suspect that one can
 keep it a bit more busy by asking it to perform unnecessary
 template expansion for a resource that may be accessed normally
 even without template expansion.  Is it worth documenting this at
 all in the Security Considerations section?  (Clearly, if the expansion
 is done at the client, then it is the client incurring the expense
 of expansion.  Insofar as the client is malicious, it is best to
 let it expend as much effort as necessary.)

Thanks,

- vijay
- vijay
--
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60566 (USA)
Email: vkg at {bell-labs.com,acm.org} / vijay.gurbani at alcatel-lucent.com
Web:   

http://ect.bell-labs.com/who/vkg/