[gnso-rds-pdp-wg] One Way Gated Access to Data Might Work

Gomes, Chuck cgomes at verisign.com
Wed Dec 14 14:42:12 UTC 2016 

Thanks for jumping back into the fray Shane.  The issues you raise are all ones that we will need to confront later in Phase 1 when we talk further about privacy and risks and also when we get into policy and implementation discussions in Phases 2 & 3.

Chuck

-----Original Message-----
From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Shane Kerr
Sent: Wednesday, December 14, 2016 9:31 AM
To: Andrew Sullivan <ajs at anvilwalrusden.com>
Cc: gnso-rds-pdp-wg at icann.org
Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] One Way Gated Access to Data Might Work

Andrew & all,

[ Sorry I have been disconnected from this WG for a while, but am
  trying to catch up and re-engage. Apologies if I am revisiting old
  ground. ]

At 2016-12-09 10:03:28 -0500
Andrew Sullivan <ajs at anvilwalrusden.com> wrote:

> > A logical conclusion should we decide to pursue this line of
> > thinking is that there will be a need for identity providers who are
> > able to issue user credentials to people who belong to specific
> > communities of interest. Policies will need to be developed to
> > determine which communities of interest get access to which data
> > elements.
>
> The nice thing, however, is that the demonstration shows how easily
> new policies of that sort could work.  It's probably true that
> thousands of policies would be onerous, but I find it hard to imagine
> the scenario where we come up even with hundreds, so the approach
> ought to scale appropriately.

This is pretty much the kind of capability that I envisioned the whole time that we have been discussing RDS. It's nice to have a running example to help us all understand the possibilities. :)

----

I still think we're missing a big piece of the picture, which is how data about queries is handled by the operator of the RDAP service. Even though the "terms & conditions" scroll off my high-resolution monitor with a wall of legalese, the Verisign Labs terms & conditions do not seem to say anything about what happens to information about the queries I make.

Presumably Verisign is logging these, but I don't know what they are logging or how long they keep this information. I don't know who has access to these logs.

I really think there should be a very few standard models for this, so that they can be explored in depth. This is in direct contradiction to the idea of every registry and/or registrar making their own walls of subtly-different legalese - which we should avoid at all cost. Such a set of standard "usage agreements" would also mean that a server can present these as data about the service.

----

Further, do people who have their domain information queried know about this? Personally I think this is a desirable goal; it would be nice to know how many spammers and/or LEA have been granted access to my data. ;)

Again, a small set of standard practices for this seems highly desirable.

Cheers,

--
Shane

More information about the gnso-rds-pdp-wg mailing list