[gnso-rds-pdp-wg] [renamed] Key early questions

[Andrew Sullivan]

On Wed, May 11, 2016 at 01:28:33PM -0500, Denny Watson wrote:
> Let me simply this; There is a wealth of data that needs to be provided
> in the public interest.

Even granting that, it doesn't mean that (1) the data has to be
collected in one place or (2) that all the data has to be available
always to everyone under the same terms.  As I've now said it seems
several times, an awful lot of the discussion appears to assume the
basic data-gathering and data-publication model of the RDS we have
(whois).  But that system, in its basic technology, has been unfit for
purpose since at least the late 1990s.

Just to pick on ways the world could be different using RDAP, to
address (1) registries need not collect (for instance) billing contact
data from registrars.  That data can continue to live inside the
registrar systems, because RDAP provides a mechanism in which a
request to the registry database will provide a correct referral to
the appropriate registrar system, too; the client can assemble this
data into a single displayed answer, but only the registrar (and the
presumably-authorized client) get the data.

To address (2), some kinds of data could be provided only in case of
certain authorizations.  For instance, it seems like we could create a
mechanism for a registrant to establish a token known to the relevant
RDDS operator(s) so that a CA could do its fancy, data-rich lookups
correctly authorized by that token, while not exposing that data to
everyone on the Internet.

I know that we were going to collect the requirements and then look at
possible solutions, but our knowledge of possible solutions may be
affecting what we think of as "requirements".

Best regards,

A

-- 
Andrew Sullivan
ajs at anvilwalrusden.com