Document: draft-zeilenga-ldap-authzid-08.txt
Date: Mach 15, 2004
Reviewer: John Loughney

Harald

For the most part, this looks OK. I would probably put a discuss on the
draft for the 1st two points I raise below. The rest of my comments could
probably be updated at the same. time.

Dated 1 November 2002 - I guess this is one of the drafts that has been
in queue for awhile ...


Serious, requires a re-write:
=============================
1) Section 3, 2nd sentence:

						  ....  If the server is treating
  the client as an anonymous entity, the response field is present but
  empty. 

-> Define what empty is, all zeros - or something else?

2) Section 5, security considerations:

  Identities associated with users may be sensitive information.  

-> I woulk imagine these authorized identities are sensitive information,
   so that the next sentence:

  ..... When
  so, security layers [RFC2829][RFC2830] should be established to
  protect this information. 

-> The 'should' in the above sentence needs to be 'MUST.'

Editorial:
==========
1) Title: LDAP "Who am I?" Operation - want to expand LDAP.

2) Broilerplate, etc. needs updating (obviously!).

3) Abstract contains the exact same text as the 1st paragraph of section
   1.  Either re-write the abstract, or delete the repeated paragraph in
   section 1.

4) Abstract talks about 'the authorized identity' and this terms is used 
   several times before it is defined in 4th paragraph of section 1.  An
   earlier defination (perhaps in the abstract) would be nice.

5) Section 3, paragrph 3:

  If the server is unwilling or unable to provide the authorization
  identity it associates with the client, the server SHALL return a
  whoami Response with an appropriate non-success resultCode ...

-> a reference to where these resultCodes are defined is needed.

6) Needs IPR text.