comments on wss-v1.1-spec-pr-UsernameTokenProfile-01.pdf

[Jeff Hodges <Jeff.Hodges@neustar.biz>]

a couple of quick, arguably nit-level, editorial comments..

1. RFC 2119 is referenced in the para at line 231, but is not formally cited 
there (ie "RFC 2119" is used rather than, say, "[RFC2119]"), nor is it listed 
in the section "16 References". Since this is  the basis of the normative MUST, 
SHOULD, MAY, etc language, it probably should be fixed up.

2. Although "Appendix D: SecurityTokenReference Model" is clearly claimed as 
non-normative in the introductory sentence at line 2319, and again in its final 
line (2418), it contains capitalized instances of MUST (line 2362), MAY (line 
2366), RECOMMENDED (line 2383), and RECOMMENDS (line 2408; and technically not 
a rfc2119 term).


Given this excerpt of rfc2119..

   6. Guidance in the use of these Imperatives

      Imperatives of the type defined in this memo must be used with care
      and sparingly.  In particular, they MUST only be used where it is
      actually required for interoperation or to limit behavior which has
      potential for causing harm (e.g., limiting retransmisssions)  For
      example, they must not be used to try to impose a particular method
      on implementors where the method is not required for
      interoperability.


..I suggest that if we do indeed intend Appendix D to be non-normative, that we 
lowercase the 4 words cited above. Else, we consider making appendix D 
normative (and leave the words as-is).


JeffH