[gnso-rds-pdp-wg] authoritative
Paul Keating
Paul at law.es
Tue May 2 10:29:00 UTC 2017
Greg,
I want to make sure I am not confused.
By ³Authoritative² are we meaning that
the data is most accurate (closest to the source)
OR
That it is the one to be relied upon regardless of how close it is/was to
the originating source.
If it is the former, then (a) it will originate at the registrar and (b) we
must accept that it may or may not remember the truth (e.g. Be actually
correct info as opposed to whatever the registrant provided).
If the registries are to one the authoritative source then there must be
some verification process as between the registry and registrars. It is my
understanding that this already exists and that we were historically dealing
with thin WHOIS as a result of historical structure of the original registry
(which was at the time also a registrar). The other registrars did not want
Verisign to have information about their customers for competitive reasons.
And, of course for the purposes of the various privacy rules, it is the
registrar as the collecting agent that must deal with the consent/permission
issues relative to collection and use.
My thoughts anyway.
Paul Keating
From: <gnso-rds-pdp-wg-bounces at icann.org> on behalf of Greg Aaron
<gca at icginc.com>
Date: Monday, May 1, 2017 at 6:42 PM
To: David Cake <dave at davecake.net>, Sam Lanfranco <sam at lanfranco.net>
Cc: "gnso-rds-pdp-wg at icann.org" <gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] authoritative
> I think Sam and Scott are saying is that contact (thick) data in registries
> should never be relied upon. And since it can't, the logical conclusion is
> that we might as well return to thin registries, in which contact data is held
> only at registrars. In such a paradigm an RDS system could retrieve contact
> data for you from the distributed registrars, but there's no reason to store
> it in registries.
>
> All that is the opposite of what the GNSO's Thick WHOIS PDP recently reasoned.
>
> That PDP said that gTLD registries must be thick, in order to deliver a
> variety of benefits. That PDP WG also wrote that: "the only authoritative
> data source can be the registry as it holds the ultimate sway over the data. A
> registrar updates the data at customer request and is responsible for its
> accuracy, but such changes would only become authoritative once the registry
> Whois reflects the change."
>
> Below is the relevant section of The Thick WHOIS PDP final report. As always,
> our WG should avail itself of previous work on relevant issues -- so we don't
> reinvent the wheel when we don't have to, and we don't throw out good policy
> when we don't have to. Our WG should examine the Thick WHOIS PDP's reasoning,
> and I suggest that a deviation from it should be compelling.
>
> I have been using the meaning of "authoritative" that the PDP did below.
> David Cake, the below helps explain why the issue is important. As I said
> before, the validation of contact data -- whether it is truthful and accurate
> -- is a related but separate issue.
>
> https://gnso.icann.org/en/issues/whois/thick-final-21oct13-en.pdf
> <https://gnso.icann.org/en/issues/whois/thick-final-21oct13-en.pdf>
> ³Issue Description
> Here is the working definition used by the WG while analysing this issue:
> "Authoritative, with respect to provision of Whois services, shall be
> interpreted as to signify the single database within a hierarchical database
> structure holding the data that is assumed to be the final authority regarding
> the question of which record shall be considered accurate and reliable in case
> of conflicting records; administered by a single administrative [agent] and
> consisting of data provided by the registrants of record through their
> registrars." A proposed shorter version is "the data set to be relied upon in
> case of doubt".
>
> Authoritativeness in a thin Whois environment
> Since the registrar alone holds most Whois data, its data is necessarily
> authoritative as to those data elements (e.g., name of registrant). For that
> data held by both registrar and registry (e.g., name of registrar), it appears
> that registry data is generally treated as authoritative, but the WG is not
> aware of any official ICANN policy statement on this. The WG observes that in
> the case of the Uniform Dispute Resolution Policy (UDRP), UDRP Providers treat
> the registrar Whois information as authoritative, which may be the result of
> the UDRP having been adopted prior to the emergence of thick gTLD registries.
>
> Authoritativeness in a thick Whois environment
> Most comments that addressed this question stated that registry data is
> considered authoritative in the thick environment. Only one stated that the
> registrar data was authoritative. Again, the WG is not aware of any official
> ICANN policy statement on this question. The WG notes that the registrar
> remains responsible for the accuracy of the data under either the thick or
> thin model, as the relationship with the registrant remains with the
> registrar.
>
> Possible advantages for authoritativeness in a thick Whois environment
> Several comments cited efficiency and trust as advantages of treating the
> registry Whois data as authoritative. The WG supports the view that the
> registry will hold the entire data set, and is able to change the data without
> informing the registrar (due to closed court orders or similar events).
> Therefore, the only authoritative data source can be the registry as it holds
> the ultimate sway over the data. A registrar updates the data at customer
> request and is responsible for its accuracy, but such changes would only
> become authoritative once the registry Whois reflects the change.
>
> Possible downsides for authoritativeness in a thick Whois environment
> Several comments noted that registrars remain responsible for collecting the
> data and (to an extent governed by contract with ICANN) for its accuracy. One
> contribution felt this was inconsistent with a conclusion that registry Whois
> would be authoritative in the thick environment. The WG did not agree that
> this inconsistency was problematic (primarily on the grounds stated above that
> the WG that any data collected by the registrar becomes authoritative only
> after it is incorporated in the registry database).
>
> Conclusion
> The WG finds that a transition from thin to thick Whois will have no
> detrimental effect on authoritativeness. The WG reviewed the question as to
> whether it is necessary for this WG to recommend a policy on this issue. Based
> on that review, the WG has concluded that this is not necessary, given that
> thick registries have functioned for many years without requiring a formal
> position on authoritativeness, and the lack of evidence that this created any
> problem during previous thin-to-thick transitions such as .org."
>
> It falls to our RDS WG to create additional policy on this issue. I think
> that the logical policy is for registries to be thick, and the only
> authoritative data source can be the registry as it holds the ultimate sway
> over the data. A registrar updates the data at customer request and is
> responsible for its accuracy, but such changes would only become authoritative
> once the registry Whois reflects the change.
>
> All best,
> --Greg
>
>
>
>
> From: gnso-rds-pdp-wg-bounces at icann.org
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of David Cake
> Sent: Monday, May 1, 2017 11:55 AM
> To: Sam Lanfranco <sam at lanfranco.net>
> Cc: gnso-rds-pdp-wg at icann.org
> Subject: Re: [gnso-rds-pdp-wg] authoritative
>
> While I have no objection in the abstract to authoritative being used on the
> sense of Œaccording to some recognised authority¹, I¹m not sure that is
> relevant to our discussions.
>
> I¹m not aware of any external authority.that are discussing here, mostly it we
> were talking about validation it was validation against a process (such as
> ensuring email was valid) rather than validation
>
> to an external authority.
>
>
>
> I still believe that this sense of authoritative is NOT the same as the sense
> in which we origioonally used the rm within the requirements, and which
> prompted the current discussion, which is the data theoretic sense loosely
> congruent to the way the term is used within the DNS - which is to say, the
> best source of data *internal* to the system. An authoritative data source in
> that sense would be e.g. the registry direct, rather than a cache or by a
> proxy. And the ongoing confusion keeps bringing me back to you wanting to
> avoid the term if we can¹t keep definitions straight for 5 minutes.
>
>
>
> David
>
>
>
>> On 1 May 2017, at 8:56 pm, Sam Lanfranco <sam at lanfranco.net> wrote:
>>
>>
>> From Paul Keating's posting and in terms of my comments:
>> * here the adjective "authoritative" would not not mean "recognized as true,
>> valid"
>> * here the adjective "authoritative" would mean "official, authorized"
>> The best that can be done here is to have official, authorized, Data of
>> Record from a Source of Record.
>> The struggle for data quality is an ongoing struggle, here, everywhere, and
>> always.
>>
>> What the Data of Record data set consists of, and build with a sensitivity to
>> purpose, seems to me to be the main rds-pdp-wg task here.
>>
>> As to who has access to what and under what terms, ICANN might set some terms
>> there, but ultimately ICANN,
>> as a stakeholder there will play an advisory role. National and multilateral
>> policies will rule above ICANN policy.
>> Sam L.
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> _______________________________________________ gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170502/f639bc4a/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list