I know a little bit about YANG (having helped with the cryptographic keys definitions for SSH, TLS) and almost nothing about ALTO (but I stayed at a XXXX I mean I read the RFC 7285).

I read the security considerations carefully. It did a nice job pointing out that some of the data could be sensitive so be careful about exposing it to everyone. The opening sentence "Both of these protocols have mandatory-to-implement secure transport layers (e.g., SSH, TLS) with mutual authentication." Should probably be followed with some kind of advice about SHOULD use mutual authentication when any sensitive data is being retrieved or modified.

A started to read some of the YANG definitions, but I defer to the YANG Doctors.

From a security perspective, this is definitely READY.