[gnso-rds-pdp-wg] Authorizing specific usages such as warrants or credit checks

Wed Aug 3 12:31:07 UTC 2016

> -----Original Message-----
> From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-
> bounces at icann.org] On Behalf Of Shane Kerr
> Sent: Tuesday, August 02, 2016 3:57 PM
> To: gnso-rds-pdp-wg at icann.org
> Subject: [gnso-rds-pdp-wg] Authorizing specific usages such as warrants
> or credit checks
> 
> Hello,
> 
> I briefly previously in an e-mail that there was no way to handle
> warrants or other court orders via RDAP. Someone on the recent WG
> call said that this was covered in RDAP.
> 
> I had a quick look through 4 RDAP RFC's (RFC 7480, RFC 7481, RFC
> 7482, and RFC 7483) and didn't see anything that seemed to match.
> 
> Warrant Example
> ===============
> For a warrant, ideally the RDS would support a system like that which
> we have in place in every other part of the universe today. That is, if
> a court or some other authorized legal authority (this varies widely
> per jurisdiction, I know) issues a statement approving a search, then
> someone can be forced to turn over information.
> 
> So, if the police get a warrant they can go to the company where you
> bought airline tickets and find out when and where you traveled. I
> think we all agree that this makes sense, although of course the
> details can be delightfully complicated.
> 
> What I do not see in RDAP is any way for a registry or registrar to be
> served a warrant or other equivalent document. It IS possible for the
> police to have authorization to view private data, but I don't see any
> way for them to ONLY have authorization for this data if it is approved
> by a court on a case-by-case basis.
> 
> I may have missed this! Please point me in the right direction so I can
> have a look at how RDAP proposes handling this. :)

Core RDAP can't do this, but I've described a possible approach in an Internet-Draft:

https://datatracker.ietf.org/doc/draft-hollenbeck-regext-rdap-openid/

Look at Section 3.1.4.1, "Claims", and Section 6. It is possible to associate information with an end-user identity that can be shared with a server operator as part of an RDAP query. I haven't thought through the warrant situation completely, but let's imagine that it's possible to create a "warrant" claim. A law enforcement identity provider would associate a warrant claim to an end user identity, and the end user would share that claim with the replying party (the RDAP server) as part of an authenticated RDAP query. The server operator receives the claim(s) and makes authorization and access control decisions based on the identity and associated claims, returning whatever information is dictated by some "respond to warrant request" policy. There would probably need to be an out-of-band mechanism to serve the warrant that allows the server operator to validate a warrant claim.

Scott