[gnso-rds-pdp-wg] Proposed Definition/Background for Authoritative

John Bambenek jcb at bambenekconsulting.com
Wed Apr 5 17:30:06 UTC 2017 

Isn't the question of WHAT is authoritative the question here?  WHO is
authoritative is another discussion.

My view is that authoritative means what is either what is entered by
the domain owner (or given via proxy for whois privacy, which should be
free to all entities) or an identical copy of it kept in sync with any
changes made by the owner as they are made.  In so far as "accurate"
data is required, it should be after verification of the data by the
consumer for whatever fields have to go through verification.

On 4/5/2017 9:05 AM, Stephanie Perrin wrote:
>
> +1
>
> It is not every day that I quote the EWG conclusions, as there are
> quite a few with which I disagree.  In this case though, it does seem
> to me we discussed this exhaustively, and reached the conclusion that
> the registrars were the authoritative source.  From a data protection
> perspective, this is consistent.  I believe it would be the common
> view that the entity closest to the individual on the data map would
> be the authority on the data, not the entity further down the chain of
> control, and not the data controller (in this case ICANN).  I realize
> I am mixing technical perspectives with legal perspectives here but I
> believe it is useful to flesh out how the matter is analyzed from each
> point of view.
>
> cheers Stephanie P
>
>
> On 2017-04-05 07:10, Hollenbeck, Scott via gnso-rds-pdp-wg wrote:
>>
>> *From:* gnso-rds-pdp-wg-bounces at icann.org
>> [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Greg Aaron
>> *Sent:* Tuesday, April 04, 2017 5:18 PM
>> *To:* Michael D. Palage <michael at palage.com>; 'RDS PDP WG'
>> <gnso-rds-pdp-wg at icann.org>
>> *Subject:* [EXTERNAL] Re: [gnso-rds-pdp-wg] Proposed
>> Definition/Background for Authoritative
>>
>>  
>>
>> Thanks, Mike.  A few notes to contribute as people consider
>> “authoritative”:
>>
>>  
>>
>> Registries exist to be authoritative repositories of data; that’s
>> what they are designed to do.  (So, for example, two different people
>> can’t register the same domain name, or so a domain won’t resolve to
>> the wrong nameservers.)  Domain registries are generally considered
>> authoritative for at least the thin data.  (Domain, sponsoring
>> registrar, dates, statuses, nameservers.)  The registry creates or is
>> the original recorder of record for most of those fields (domain,
>> sponsoring registrar, dates).  And the registry is authoritative for
>> status and nameserver data, using them to enable and control
>> resolution, or to prevent certain actions from taking place in the
>> registry (such as deletions, and registrar-to-registrar transfers).
>>
>>  
>>
>> The Thick WHOIS PDP decided that all gTLD registries should be
>> thick.  One reason was to ensure that there won’t be any more
>> disagreements (discrepancies)  between what the registrar says the
>> data is and what the registry says it is (and as seen via WHOIS or a
>> successor system).  Another reason was to hold contact data in one
>> place reliably, so it could be served from one (authoritative) place;
>> as a consequence registrar port 43 service will eventually go away.  
>> In other words, all registries should become authoritative for all
>> the data we see in WHOIS, if they are not already.  That was the
>> desired policy and operational outcome.
>>
>>  
>>
>> So the current situation seems to be pretty simple, and is on the
>> path to getting even simpler:
>>
>>  1. If the registry is thick, the registry is authoritative for all
>>     data we see in WHOIS today.
>>
>> */ /*
>>
>> I can’t agree with the conclusion that thick registries are
>> authoritative for all the data they possess. Being the last holder in
>> a chain of custody makes them a **convenient** source of access to
>> certain data elements, but they are not the original, authoritative*
>> (able to be trusted as being accurate or true; reliable) source. An
>> example:
>>
>>  
>>
>> A registrar creates an agreement with a registrant. That agreement
>> has an expiration date. The registrar pushes this expiration date to
>> the registry for publication in an RDDS. The registry has no direct
>> contact or relationship with the registrant or the agreement between
>> the registrant and the registrar.
>>
>>  
>>
>> In this and similar indirect data collection situations, the registry
>> is just the last holder in the chain of custody. The registrar is the
>> original source of the data, and is thus a more accurate and reliable
>> source of information.
>>
>>  
>>
>> Scott
>>
>>  
>>
>> * I think it’s very important for us to agree on a definition of
>> “authoritative”, and that doesn’t mean that we get to make one up.
>> I’ve included mine (taken from the Oxford English dictionary) here.
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170405/732b380f/attachment.html>

More information about the gnso-rds-pdp-wg mailing list