[gnso-rds-pdp-wg] One Way Gated Access to Data Might Work

[Farell Folly]

Hello Scott,

Great, I like the three levels model and it copes/align well with our need
regarding this requirement.

Best Regards
@__f_f__
about.me/farell
________________________________.
Mail sent from my mobile phone. Excuse for brievety.
Le 9 déc. 2016 12:25, "Hollenbeck, Scott" <shollenbeck at verisign.com> a
écrit :

> I like to explore how systems might work by putting thoughts into action
> with running code. I have a working implementation of RDAP with client
> authentication that might be useful in helping people see how some of our
> data element and data access ideas might actually work in practice. The
> implementation currently includes three levels of client/end user access:
>
> 1. Unauthenticated: a client that does not provide any authentication
> information to the server will receive responses that include very little
> information beyond what is currently available from the DNS.
>
> 2. Authenticated Basic: a client that authenticates using an easily
> acquired, open credential (like a Gmail or Hotmail email account) will
> receive additional information (like registration dates and domain status
> values), but no personally identifiable contact information.
>
> 3. Authenticated Advanced: a client who authenticates using a specialized
> identity provider (we currently support providers implemented by Verisign
> Labs, CZNIC and an interoperability test provider) will receive full access
> to all available data. The purpose of the query can be identified and
> shared with the server operator, who can use the client-supplied identity
> information to make fine-grained access control decisions.
>
> A web-based front-end to the service can be found here:
>
> https://rdap.verisignlabs.com/
>
> We currently support entity (contact), name server, and domain lookup and
> search queries for the .cc and .tv ccTLDs. You can use the nic.tv domain
> for basic exploration. Try it out with your Gmail address using the
> "Authenticate" button to see the difference between authenticated and
> unauthenticated behaviors.
>
> A word of warning: RDAP responses are JSON-encoded and *very*
> character-dense. It may help to have a JSON pretty printer plugin installed
> in your browser.
>
> Anyone who wants a test account from Verisign Labs for advanced
> authenticated access can have one for the asking. Please reply directly to
> me and I'll make sure you get set up.
>
> A logical conclusion should we decide to pursue this line of thinking is
> that there will be a need for identity providers who are able to issue user
> credentials to people who belong to specific communities of interest.
> Policies will need to be developed to determine which communities of
> interest get access to which data elements.
>
> Scott
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20161209/d8e4af63/attachment.html>