Last Call Review of draft-wilde-service-link-rel-06
review-wilde-service-link-rel-06-secdir-lc-santesson-2018-11-20-00

Request Review of draft-wilde-service-link-rel
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-11-20
Requested 2018-10-23
Draft last updated 2018-11-20
Completed reviews Genart Last Call review of -06 by Peter Yee (diff)
Secdir Last Call review of -06 by Stefan Santesson (diff)
Opsdir Last Call review of -10 by Tim Chown
Genart Telechat review of -08 by Peter Yee (diff)
Secdir Telechat review of -10 by Stefan Santesson
Assignment Reviewer Stefan Santesson
State Completed
Review review-wilde-service-link-rel-06-secdir-lc-santesson-2018-11-20
Reviewed rev. 06 (document currently at 10)
Review result Has Issues
Review completed: 2018-11-20

Review
review-wilde-service-link-rel-06-secdir-lc-santesson-2018-11-20

Even though this document is quite repetitive when describing its fundamental concepts, I still had a problem figuring out whether the link relations defined are applicable to any web resource, or just to "web services" in the context of "service provided to another service".

I have no issues with the fundamental concept, but the document lacks security considerations. The content of the section is "..." indicating that something eventually is intended to go here, but has not yet been written.
If there are absolutely no security considerations, then the section should say so.

I do however think that there are some useful security considerations to document. At least it may be useful to have a small discussion to consider what information about a service that is helpful to a user, and which could be used by an attacker, and find a good balance.

As a nit I would suggest shortening some of the fundamental description in the early introduction that is being repeated in the document. The document is rather short and therefore does not benefit from saying the same things many times.