Last Call Review of draft-martin-urn-globus-02
review-martin-urn-globus-02-secdir-lc-meadows-2016-02-25-00

Request Review of draft-martin-urn-globus
Requested rev. no specific revision (document currently at 03)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-03-09
Requested 2016-02-11
Authors Stuart Martin, Steve Tuecke, Brendan McCollam, Mattias Lidman
Draft last updated 2016-02-25
Completed reviews Genart Last Call review of -02 by Joel Halpern (diff)
Secdir Last Call review of -02 by Catherine Meadows (diff)
Opsdir Last Call review of -02 by Stefan Winter (diff)
Assignment Reviewer Catherine Meadows
State Completed
Review review-martin-urn-globus-02-secdir-lc-meadows-2016-02-25
Reviewed rev. 02 (document currently at 03)
Review result Has Nits
Review completed: 2016-02-25

Review
review-martin-urn-globus-02-secdir-lc-meadows-2016-02-25

I have reviewed this document as part of the security directorate's

ongoing effort to review all IETF documents being processed by the IESG.

These comments were written primarily for the benefit of the security

area directors. Document editors and WG chairs should treat these

comments just like any other last call comments.

This draftt describes a Uniform Resource Name (URN) namespace that is used by the Globus software-as-a-service provider

for naming persistent resources.  The main requirement is that these identifiers which will persist in external systems, and which must

be identifiable as references to Globus entities.  The draft specifies the syntax, and describes mechanisms for enforcing uniqueness.  In particular, URNs

may not be reassigned.  

In the Security Considerations section, the authors refer the reader to RFC’s 1737 and 2141.  The security considerations in RFC 1737 refer to authentication mechanisms

which are outside the scope of the document.  The recommendations of RFC 1737, however, may require more attention.  Its Security Considerations section runs as follows:

 

This document specifies the syntax for URNs.  While some namespaces

   resolvers may assign special meaning to certain of the characters of

   the Namespace Specific String, any security consideration resulting

   from such assignment are outside the scope of this document.  It is

   strongly recommended that the process of registering a namespace

   identifier include any such considerations.

The draft does not propose any special meanings for characters in the Namespace Specific String,

but I think it would be good to add a sentence in the Security Considerations Section mentioning this stipulation,

and pointing out that it does not apply in your case because no such spacial meaning is proposed.

I consider this document Ready With Nits.

Cathy

is being proposed, 




Catherine Meadows

Naval Research Laboratory

Code 5543

4555 Overlook Ave., S.W.

Washington DC, 20375

phone: 202-767-3490

fax: 202-404-7942

email: 

catherine.meadows at nrl.navy.mil