[gnso-rds-pdp-wg] One Way Gated Access to Data Might Work

[Carlton Samuels]

Way to go Scott!

-Carlton


==============================
*Carlton A Samuels*

*Mobile: 876-818-1799Strategy, Planning, Governance, Assessment &
Turnaround*
=============================

On Fri, Dec 9, 2016 at 7:25 AM, Hollenbeck, Scott <shollenbeck at verisign.com>
wrote:

> I like to explore how systems might work by putting thoughts into action
> with running code. I have a working implementation of RDAP with client
> authentication that might be useful in helping people see how some of our
> data element and data access ideas might actually work in practice. The
> implementation currently includes three levels of client/end user access:
>
> 1. Unauthenticated: a client that does not provide any authentication
> information to the server will receive responses that include very little
> information beyond what is currently available from the DNS.
>
> 2. Authenticated Basic: a client that authenticates using an easily
> acquired, open credential (like a Gmail or Hotmail email account) will
> receive additional information (like registration dates and domain status
> values), but no personally identifiable contact information.
>
> 3. Authenticated Advanced: a client who authenticates using a specialized
> identity provider (we currently support providers implemented by Verisign
> Labs, CZNIC and an interoperability test provider) will receive full access
> to all available data. The purpose of the query can be identified and
> shared with the server operator, who can use the client-supplied identity
> information to make fine-grained access control decisions.
>
> A web-based front-end to the service can be found here:
>
> https://rdap.verisignlabs.com/
>
> We currently support entity (contact), name server, and domain lookup and
> search queries for the .cc and .tv ccTLDs. You can use the nic.tv domain
> for basic exploration. Try it out with your Gmail address using the
> "Authenticate" button to see the difference between authenticated and
> unauthenticated behaviors.
>
> A word of warning: RDAP responses are JSON-encoded and *very*
> character-dense. It may help to have a JSON pretty printer plugin installed
> in your browser.
>
> Anyone who wants a test account from Verisign Labs for advanced
> authenticated access can have one for the asking. Please reply directly to
> me and I'll make sure you get set up.
>
> A logical conclusion should we decide to pursue this line of thinking is
> that there will be a need for identity providers who are able to issue user
> credentials to people who belong to specific communities of interest.
> Policies will need to be developed to determine which communities of
> interest get access to which data elements.
>
> Scott
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20161210/85b2b295/attachment.html>