[gnso-rds-pdp-wg] an abstract on the blog "Some Thoughts on the ICANN EWG Recommended Registration Directory Service (RDS)" by Rod Rasmussen.
qichao at teleinfo.cn
Tue Jun 7 15:48:11 UTC 2016
Hello, eveyone, there is my abstract on the blog "Some Thoughts on the ICANN EWG Recommended Registration Directory Service (RDS)" by Rod Rasmussen.
Mr. Rod list some thought on the final report of RDS in his own opinion.
The RDS is a synchronized model recommended by EWG, which will provide a single point of uniformly-controlled and logged access to domain or contact/registrant data from registries, registrars and validators.
The Synchronized RDS will receive registration data via EPP from thick registry or validator in real time.
The SRDS does NOT require a centralized database containing all gTLD registration data. It may be deployed diverse data centers for robustness and high performance.
Compared to another FRDS, the SRDS model provides "one stop shopping", which is an uniformed service and reduces confusion for user. And the SRDS reduces costs especially for Reverse Queries or WhoWas data. It reasonable that the SRDS provide no greater security risk of attack, abuse or exposure of sensitive data.
And there is also a comment to express respectfully disagree on the feasibility of the SRDS.
The Synchronized RDS (SRDS) model would provide a single point of uniformly-controlled and logged access to data that is continually pulled from a globally-distributed set of validators, registries and registrars, each of which is responsible for collecting data from contacts and registrants.
In the SRDS model, data is not centrally collected or stored. Rather, the SRDS model provides a single conceptual point of access, policy enforcement, and logging for gTLD registration data, spanning domain names issued by all gTLD registries.
The SRDS would, in near real time, receive registration data updates from thick registries and validators, pushed to the SRDS over EPP. Synchronized data would be readily available to the SRDS to speed queries and searches, but data collection and validation would still be performed by a large, distributed network of entities (registrars/resellers and validators) interacting with their customers (registrants and contact holders).
Even the "core SRDS" — the conceptual component that provides access, enforcement, and logging — would be deployed using engineering best practices to achieve fault tolerance, high availability, and load balancing, including geographically-diverse data centers, robust diverse connectivity, and redundant infrastructure at each data center.
The SRDS does NOT require a single centralized database containing all gTLD registration data, and the EWG did not recommend that such a database be created. Rather, the EWG recommended a synchronized architecture as the most effective and efficient way to deliver proposed RDS benefits. Although choosing an RDS operator or locations for RDS data centers was beyond the EWG's remit, our final report recommended that data be stored in multiple places in a consistent, coordinated way.
The SRDS model also provides the most efficient support for Reverse Query and WhoWas search capabilities.
Finally, based on a detailed study of costs performed by IBM, the SRDS model minimizes many costs. First, WhoWas and Reverse Query costs would grow exponentially as the number of Reverse Queries rises. More importantly, the FRDS model would require much more from every registry operator — including handling of high-volume, time-sensitive transactions and significant storage for WhoWas data. This affects not only implementation costs, but ongoing costs associated with operations, support, maintenance, and testing. Simply put, the SRDS is less complex than the FRDS.
As a "Big Data" source of highly valuable data, there is clearly potential for attack or abuse if not properly secured, audited and maintained. However, this risk may be no greater than risk posed by a highly distributed model with inconsistent and less easily-audited security measures. In fact, both the SRDS and FRDS models evaluated by the EWG produced similar results when evaluated against their impact on security. There are always security risks when increasing distribution of data — but these risks are necessary in order to achieve a goal of dispersing data so that only a portion of it may be exposed to a breach.
Further, there are many mechanisms built into the process to allow for domain registrants and their designated contacts to protect this personal data using privacy or proxy services or other third-party representatives. The argument that the RDS would create a giant database of extremely sensitive data that would be heavily attacked simply doesn't hold much water when examined with these real-world, risk-based factors in mind.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the gnso-rds-pdp-wg