<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">thx<o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></a></p>
<span style="mso-bookmark:_MailEndCompose"></span>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Lisa Phifer [mailto:lisa@corecom.com]
<br>
<b>Sent:</b> Wednesday, July 20, 2016 2:11 PM<br>
<b>To:</b> Mark Svancarek <marksv@microsoft.com>; gnso-rds-pdp-wg@icann.org<br>
<b>Subject:</b> Re: [gnso-rds-pdp-wg] Taxonomy: Authorization and Authentication<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mark,<br>
<br>
One more "A" term to add to the mix: Accreditation. <br>
<br>
The EWG recommended authentication based on credentials issued to <i>accredited RDS users</i>. While basic registration data would remain publicly available, the rest would become accessible only to users who authenticated themselves, stated a purpose, and
agreed to be held accountable for appropriate use. Only the requested data elements which policy authorized for that user+purpose would then be disclosed (for example, in an RDAP response).<br>
<br>
This raised very tough questions around how RDS users might be accredited, who could realistically accredit them, and (for each purpose and type of user) which data elements they might be authorized to access. You can find thinking on this in Section IV(c)
of the EWG's report and in the EWG's <a href="https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fcommunity.icann.org%2fdownload%2fattachments%2f45744698%2fEWG%2520USER%2520ACCREDITATION%2520RFI%2520SUMMARY%252013%2520March%25202014.pdf&data=01%7c01%7cmarksv%40microsoft.com%7caccf9fb2e08b4cc242cc08d3b0e2729f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ZYwP36JTkSCP0RFbHcaNkzWdyESaL7HIplvbLoJI78U%3d">
Registration Directory Service User Accreditation RF</a>I which gathered technical input. Ultimately, the EWG flagged "accreditation bodies and policies for RDS user communities" as an issue needing to be more fully addressed (pg 121).<br>
<br>
I thought you might find this past work of interest - in particular, the notion that RDS authorization might depend on more than who you are, including factors such as stated purpose, whether you have been accredited for that purpose, and access policies for
each data element you request.<br>
<br>
Best, Lisa<br>
<br>
<br>
<br>
At 12:19 PM 7/20/2016, Mark Svancarek via gnso-rds-pdp-wg wrote:<br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Content-Language: en-US<br>
Content-Type: multipart/alternative;<br>
boundary="_000_CO2PR03MB2135BFFF802A5C6DC446A4ECD1080CO2PR03MB2135namp_"<br>
<br>
We use these terms a lot and we also use phrases which mean things similar to these terms. I’d like to explicitly define them and I encourage all to use them as defined so as to be clear and concise. I think it will help.<br>
<br>
· <b>Authentication</b> = based on the credentials you have shared (e.g. user name, password, SMS response, smart card, etc.), we know<b>
<u>who you are<br>
</u></b>· <b>Authorization</b> = based on who you are, you are allowed to access specific resources and those resources only, i.e. we define
<b><u>what you can do<br>
</u></b> <br>
If you want to be extra-nerdy:<br>
<br>
· Authentication can be abbreviated “<b>authN</b>”<br>
· Authorization can be abbreviated “<b>authZ</b>”<br>
· Authentication and Authorization together can be referenced as “<b>authX</b>”<br>
<br>
I hope that’s useful.<br>
<br>
/marksv<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7caccf9fb2e08b4cc242cc08d3b0e2729f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=FnD1xYr1ocHWLdN%2f58YU9NiNKeJ4VyzSadE5QMKprKU%3d">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></p>
</blockquote>
</div>
</body>
</html>