[gnso-rds-pdp-wg] authoritative

[Greg Aaron]

I think Sam and Scott are saying is that contact (thick) data in registries should never be relied upon.  And since it can't, the logical conclusion is that we might as well return to thin registries, in which contact data is held only at registrars.  In such a paradigm an RDS system could retrieve contact data for you from the distributed registrars, but there's no reason to store it in registries.

All that is the opposite of what the GNSO's Thick WHOIS PDP recently reasoned.

That PDP said that gTLD registries must be thick, in order to deliver a variety of benefits.  That PDP WG also wrote that: "the only authoritative data source can be the registry as it holds the ultimate sway over the data. A registrar updates the data at customer request and is responsible for its accuracy, but such changes would only become authoritative once the registry Whois reflects the change."

Below is the relevant section of The Thick WHOIS PDP final report.  As always, our WG should avail itself of previous work on relevant issues -- so we don't reinvent the wheel when we don't have to, and we don't throw out good policy when we don't have to.  Our WG should examine the Thick WHOIS PDP's reasoning, and I suggest that a deviation from it should be compelling.

I have been using the meaning of "authoritative" that the PDP did below.  David Cake, the below helps explain why the issue is important.  As I said before, the validation of contact data -- whether it is truthful and accurate -- is a related but separate issue.

https://gnso.icann.org/en/issues/whois/thick-final-21oct13-en.pdf
“Issue Description
Here is the working definition used by the WG while analysing this issue: "Authoritative, with respect to provision of Whois services, shall be interpreted as to signify the single database within a hierarchical database structure holding the data that is assumed to be the final authority regarding the question of which record shall be considered accurate and reliable in case of conflicting records; administered by a single administrative [agent] and consisting of data provided by the registrants of record through their registrars." A proposed shorter version is "the data set to be relied upon in case of doubt".

Authoritativeness in a thin Whois environment
Since the registrar alone holds most Whois data, its data is necessarily authoritative as to those data elements (e.g., name of registrant). For that data held by both registrar and registry (e.g., name of registrar), it appears that registry data is generally treated as authoritative, but the WG is not aware of any official ICANN policy statement on this. The WG observes that in the case of the Uniform Dispute Resolution Policy (UDRP), UDRP Providers treat the registrar Whois information as authoritative, which may be the result of the UDRP having been adopted prior to the emergence of thick gTLD registries.

Authoritativeness in a thick Whois environment
Most comments that addressed this question stated that registry data is considered authoritative in the thick environment. Only one stated that the registrar data was authoritative. Again, the WG is not aware of any official ICANN policy statement on this question. The WG notes that the registrar remains responsible for the accuracy of the data under either the thick or thin model, as the relationship with the registrant remains with the registrar.

Possible advantages for authoritativeness in a thick Whois environment
Several comments cited efficiency and trust as advantages of treating the registry Whois data as authoritative. The WG supports the view that the registry will hold the entire data set, and is able to change the data without informing the registrar (due to closed court orders or similar events). Therefore, the only authoritative data source can be the registry as it holds the ultimate sway over the data. A registrar updates the data at customer request and is responsible for its accuracy, but such changes would only become authoritative once the registry Whois reflects the change.

Possible downsides for authoritativeness in a thick Whois environment
Several comments noted that registrars remain responsible for collecting the data and (to an extent governed by contract with ICANN) for its accuracy. One contribution felt this was inconsistent with a conclusion that registry Whois would be authoritative in the thick environment. The WG did not agree that this inconsistency was problematic (primarily on the grounds stated above that the WG that any data collected by the registrar becomes authoritative only after it is incorporated in the registry database).

Conclusion
The WG finds that a transition from thin to thick Whois will have no detrimental effect on authoritativeness. The WG reviewed the question as to whether it is necessary for this WG to recommend a policy on this issue. Based on that review, the WG has concluded that this is not necessary, given that thick registries have functioned for many years without requiring a formal position on authoritativeness, and the lack of evidence that this created any problem during previous thin-to-thick transitions such as .org."

It falls to our RDS WG to create additional policy on this issue.  I think that the logical policy is for registries to be thick, and the only authoritative data source can be the registry as it holds the ultimate sway over the data. A registrar updates the data at customer request and is responsible for its accuracy, but such changes would only become authoritative once the registry Whois reflects the change.

All best,
--Greg



From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of David Cake
Sent: Monday, May 1, 2017 11:55 AM
To: Sam Lanfranco <sam at lanfranco.net>
Cc: gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] authoritative

While I have no objection in the abstract to authoritative being used on the sense of ‘according to some recognised authority’, I’m not sure that is relevant to our discussions.
I’m not aware of any external authority.that are discussing here, mostly it we were talking about validation it was validation against a process (such as ensuring email was valid) rather than validation
to an external authority.

I still believe that this sense of authoritative is NOT the same as the sense in which we origioonally used the rm within the requirements, and which prompted the current discussion, which is the data theoretic sense loosely congruent to the way the term is used within the DNS - which is to say, the best source of data *internal* to the system. An authoritative data source in that sense would be e.g. the registry direct, rather than a cache or by a proxy. And the ongoing confusion keeps bringing me back to you wanting to avoid the term if we can’t keep definitions straight for 5 minutes.

David

On 1 May 2017, at 8:56 pm, Sam Lanfranco <sam at lanfranco.net<mailto:sam at lanfranco.net>> wrote:

From Paul Keating's posting and in terms of my comments:

  *   here the adjective "authoritative" would not not mean "recognized as true, valid"
  *   here the adjective "authoritative" would mean "official, authorized"
The best that can be done here is to have  official, authorized, Data of Record from a Source of Record.
The struggle for data quality is an ongoing struggle, here, everywhere, and always.

What the Data of Record data set consists of, and build with a sensitivity to purpose, seems to me to be the main rds-pdp-wg task here.

As to who has access to what and under what terms, ICANN might set some terms there, but ultimately ICANN,
as a stakeholder there will play an advisory role. National and multilateral policies will rule above ICANN policy.
Sam L.


_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170501/3e37faeb/attachment-0001.html>