[gnso-rds-pdp-wg] One Way Gated Access to Data Might Work

[Shane Kerr]

Andrew & all,

[ Sorry I have been disconnected from this WG for a while, but am
  trying to catch up and re-engage. Apologies if I am revisiting old
  ground. ]

At 2016-12-09 10:03:28 -0500
Andrew Sullivan <ajs at anvilwalrusden.com> wrote:

> > A logical conclusion should we decide to pursue this line of
> > thinking is that there will be a need for identity providers who are
> > able to issue user credentials to people who belong to specific
> > communities of interest. Policies will need to be developed to
> > determine which communities of interest get access to which data
> > elements.  
> 
> The nice thing, however, is that the demonstration shows how easily
> new policies of that sort could work.  It's probably true that
> thousands of policies would be onerous, but I find it hard to imagine
> the scenario where we come up even with hundreds, so the approach
> ought to scale appropriately.

This is pretty much the kind of capability that I envisioned the whole
time that we have been discussing RDS. It's nice to have a running
example to help us all understand the possibilities. :)

----

I still think we're missing a big piece of the picture, which is how
data about queries is handled by the operator of the RDAP service. Even
though the "terms & conditions" scroll off my high-resolution monitor
with a wall of legalese, the Verisign Labs terms & conditions do not
seem to say anything about what happens to information about the queries
I make.

Presumably Verisign is logging these, but I don't know what they are
logging or how long they keep this information. I don't know who has
access to these logs.

I really think there should be a very few standard models for this, so
that they can be explored in depth. This is in direct contradiction to
the idea of every registry and/or registrar making their own walls of
subtly-different legalese - which we should avoid at all cost. Such a
set of standard "usage agreements" would also mean that a server can
present these as data about the service.

----

Further, do people who have their domain information queried know about
this? Personally I think this is a desirable goal; it would be nice to
know how many spammers and/or LEA have been granted access to my
data. ;)

Again, a small set of standard practices for this seems highly
desirable.

Cheers,

--
Shane
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20161214/fa0d0209/attachment.sig>