<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi Scott, <br>
</p>
<p>thank you for your clarification. That reaction was based on my
misconception of the proposal then. I am looking forward to seeing
how this evolves further.</p>
<p>Best,</p>
<p>Volker</p>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">Am 12.12.2016 um 15:45 schrieb
Hollenbeck, Scott:<br>
</div>
<blockquote
cite="mid:831693C2CDA2E849A7D7A712B24E257F4A4EE6D1@BRN1WNEXMBX01.vcorp.ad.vrsn.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";
        color:black;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";
        color:black;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";
        color:black;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;
        color:black;}
span.EmailStyle20
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;
        font-weight:normal;
        font-style:normal;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg-bounces@icann.org">gnso-rds-pdp-wg-bounces@icann.org</a>
[<a class="moz-txt-link-freetext" href="mailto:gnso-rds-pdp-wg-bounces@icann.org">mailto:gnso-rds-pdp-wg-bounces@icann.org</a>]
<b>On Behalf Of </b>Volker Greimann<br>
<b>Sent:</b> Monday, December 12, 2016 9:13 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<b>Subject:</b> [EXTERNAL] Re: [gnso-rds-pdp-wg] One Way
Gated Access to Data Might Work<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p>Interesting, but I am not sure this is ultimately what we
should be looking for for one simple reason. This proposed
implementation apparently does not provide for any
differentiation between access levels except for the three
authentification levels.
<o:p></o:p></p>
<p><span
style="font-family:"Calibri","sans-serif";color:#1F497D">[SAH]
No, not true. While this particular experiment includes
three levels of access, the approach is designed to be
tailored to make authorization and access control decisions
based on a number of different factors. What you currently
see in my experiment is just one possibility. It already
includes support for specification of query purpose (for
example), and that information can be used to provide
additional levels of access control based on the policies
implemented by the server operator.<o:p></o:p></span></p>
<p>So once one obtains and advanced authentification, one can
access all data in the database, which I would consider
insufficient differentiation. Access should be further
scecialized on a "need to know" and "right to know" basis. For
example, should a certified and authentificated law
enforcement agency have access to all registrant data or only
to registrant data that applies to their jurisdiction (plus
maybe an identifier that details which jurisdiction applies to
a data set that agency cannot access).<o:p></o:p></p>
<p><span
style="font-family:"Calibri","sans-serif";color:#1F497D">[SAH]
The actual protocol proposal* I’ve developed includes
support for specification of a query purpose that can be
used to make more specific access control decisions. If
other factors are needed, they, too, can be included.<o:p></o:p></span></p>
<p>Similarly, would a IP rights holder have access to all data
or only to just enough data needed to achieve their goal,
which would likely be to contact the registrant?<o:p></o:p></p>
<p>In other words, the access level scheme should differentiate
between levels of access much more and restrict that access to
those with a right to access or a legitimate need to access
without overstepping legal or jurisdictional boundaries.
<o:p></o:p></p>
<p>This proposed implementation it too simplistic.<o:p></o:p></p>
<p><span
style="font-family:"Calibri","sans-serif";color:#1F497D">[SAH]
In no way did I infer that the existing implementation is
“final” or a complete solution. It is just an early proposal
and an early experiment to demonstrate possibilities. I
fully expect to make revisions based on the outputs of this
WG.<o:p></o:p></span></p>
<p><span
style="font-family:"Calibri","sans-serif";color:#1F497D">Scott<o:p></o:p></span></p>
<p><span
style="font-family:"Calibri","sans-serif";color:#1F497D">*
<a class="moz-txt-link-freetext" href="https://datatracker.ietf.org/doc/draft-hollenbeck-regext-rdap-openid/">https://datatracker.ietf.org/doc/draft-hollenbeck-regext-rdap-openid/</a><o:p></o:p></span></p>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</pre>
</body>
</html>