[CPWG] Readout from ICANN79 ALAC Plenary Session #2 - Building Trust on the Internet Through Registrant Verification

[mike palage.com]

Hello All,

Below please find a readout in connection with the ALAC Plenary Session that Avri and I co-moderated during ICANN79.

Best regards,

Michael


On 6-March-2024, the ICANN At Large Advisory Committee (ALAC) held a plenary session entitled “Building Trust on the Internet Through Registrant Verification” at the ICANN79 Community Forum in San Juan Puerto, Rico that Michael Palage and Avri Doria co-moderated. This session was inspired in part by a recent World Economic Forum report entitled “Reimagining Digital ID” that noted “[d]espite a sustained focus on ID, the increasingly widespread use of digital technologies, and the rapid development of AI, the internet lacks an ID layer.” This session focused on innovations by TLD registry operators (both gTLD and ccTLD) that are increasing trust in their respective namespace using enhanced registrant verification, and how this innovation can have an impact beyond the domain name marketplace.

Listed below is a summary of each speaker’s comments along with a link to their respective presentation in the order they presented.

Finn Petersen, the Danish Director of International ICT Relations Agency for Digital Government, provided a presentation<https://community.icann.org/download/attachments/292978838/Presentation%20-%20NIS%20CG%20%20-%20WS%20WHOIS%20-%20ALAC%20Plenary-%20Verification%20-%2029.02.24%20-%20FPT%20%20-%20%20Read-Only.pdf?version=1&modificationDate=1709668949000&api=v2> on the recently enacted European Network and Information Security Directive 2 (NIS 2.0) and its potential impact on domain registration authorities. Finn specifically addressed Article 28 and its requirements regarding the collection, verification, and publication of domain name registrant data. Finn is uniquely qualified to provide insight on Article 28 as he is the Chair of Work Stream (WS) on WHOIS that currently encompasses a Task Force on Verification and Legitimate Access.

Karla McKenna, Managing Director/Head of Standards at the Global Legal Entity Identifier Foundation (GLEIF) provided a presentation<https://community.icann.org/download/attachments/292978838/2024-03-06_Organizational-Identity-LEI-vLEI-ICANN_v1.0_final.pdf?version=1&modificationDate=1709653690000&api=v2> on the establishment of GLIEF in 2011 to create global unique Legal Entity Identifiers (LEIs) to identify parties in financial transactions. Karla explained how GLIEF has used 38 global partners to issue over 2 million LEIs and the recent innovation of verifiable LEIs (vLEIs). vLEIs enable Zero Trust Architecture for Organizational Identifiers through Verifiable Provenance and Instate Revocation State Verification.

Avri Doria, a research consultant, then spoke on the various standards (some complimentary and some competitive) surrounding digital identity and why it is so hard to find a universal solution. Avri produced a readout of her presentation via a short blog<https://medium.com/@doriavr/why-is-it-so-hard-8f55ef531913> available where she included a compilation of current and evolving standards in various standard bodies to help educate those attempting to navigate the digital identity landscape.

Lucas Prêtre, Telecommunication Engineer at the Swiss Federal Office of Communications OFCOM provided a presentation<https://community.icann.org/download/attachments/292978838/ICANN79_ALAC_dotSwiss_registrant_verif.pdf?version=1&modificationDate=1709668635000&api=v2> about how OFCOM has historically handled registrant verification of legal entities through the use of an UID (Enterprise Identification Number) corresponding to the Swiss corporate identifier. Lucas also spoke about how OFCOM intends to expand registration of .SWISS domains to natural persons through the use of a UPI (Unique Person Identification) in 2024. Another unique aspect of the .SWISS TLD that Lucas discussed is how they have integrated the UID and UPI into the registry via the “publicID” in the WHOIS/RDAP protocol.

Niamh Lewis, Senior Digital Health & Policy Expert at the National Association of Boards of Pharmacy (NABP) gave a presentation<https://community.icann.org/download/attachments/292978838/NABP-deck%5B1%5D.pdf?version=1&modificationDate=1709728975000&api=v2> on how a 120 old US-based non-profit organization dedicated to protecting public health has leveraged its skill set in licensing and accreditation to vet registrants in the .pharmacy TLD. Niamh also shared how domain name registrants in .pharmacy can use their registration as a fraud-proof seal that is recognized by third-party stakeholders, such as Google, Bing, TikTok, Twitter/X, Reddit, Visa and Mastercard.

Craig Schwartz, Managing Director, fTLD Registry Services spoke<https://community.icann.org/download/attachments/292978838/ICANN79-ALAC-Plenary-fTLD%20%28f%29%5B3%5D%20%20-%20%20Read-Only.pdf?version=1&modificationDate=1709730479000&api=v2> about the importance of security in the operation of the .Bank and .Insurance domains and the various security innovations they have implemented. Craig also spoke about fTLD’s continued enhancements regarding registrant verification and how 80% of .Bank registrants already have an existing GLEIF LEI.

Thomas Keller, Executive Board Member DENIC presented<https://community.icann.org/download/attachments/292978838/DENIC_Verification%5B1%5D%20%20-%20%20Read-Only.pdf?version=2&modificationDate=1709731659000&api=v2> on how DENIC has worked in collaboration with its 290 Members to implement appropriate safeguards they believe comply with the requirements of NIS 2.0 before the end of the year. As one of the world’s largest TLDs with over 17 million domain names under management, DENIC was looking for an approach that would not only meet its immediate needs but also provide a future-oriented, scalable, and risk-based approach. The solution presented proposes a Traffic Light Risk Assessment (red, yellow, green) toward domain name registrant verification that relies heavily upon close coordination with its Registrar Members.

Bruce Tonkin, Chief Operating Officer at .au Domain Administrator (auDA), spoke<https://community.icann.org/download/attachments/292978838/alac-session-registrant-verification-6March2024.pdf?version=1&modificationDate=1709741326000&api=v2> about auDA has incorporated Registrant verification of natural and legal persons into their normal business operations to comply with Australian nexus requirements. Bruce also spoke to how .au has had low volumes of malicious registrants with those instances generally associated with stolen identities.

Jaromir Talíř, Technical Fellow at CZ.NIC, provided<https://community.icann.org/download/attachments/292978838/Jaromir%20ICANN79-ALAC-CZ.pdf?version=1&modificationDate=1709729364000&api=v2> a historical overview of the pioneering work that CZ.NIC has been engaged in the area of registrant verification over the past 18 years. These innovations include, but are not limited to: the rollout of MojeID (digital identity service) in 2010; participation in RegeID, a joint EU project involving 4 ccTLD exploring the use of eIDs; and their current active participation in one of the four Large-Scale eIDAS 2.0 pilots involving the European Digital Identity Wallet.

Timo Võhmar,  Head of Business and IT Development at the Estonia Internet Foundation, spoke<https://community.icann.org/download/attachments/292978838/ICANN%2079%20-%20ALAC%20eeID%20panel.pdf?version=2&modificationDate=1709732440000&api=v2> about .EE’s commitment to registrant verification since 2010, and spoke of some of the challenges they have faced with foreign registrants. Timo also shared a new eeID initiative leveraging FIDO and passkeys to promote the use of federated user-centric identifiers and enhanced multi-factor authentication.

Jacques Latour, Chief Technology & Security Officer at CIRA presented<https://community.icann.org/download/attachments/292978838/Latour-CA-ALAC.pdf?version=1&modificationDate=1709653331000&api=v2> on CIRA’s involvement in various IETF working groups and a recent report that he co-authored entitled A trust Layer for the Internet is Emerging<https://www.cira.ca/uploads/2023/12/2023_A-trust-layer-for-the-internet-is-emerging_-report-%E2%80%93-Continuum_CIRA.pdf>. Jacques also spoke about various CIRA pilots involving verified registrant credentials. Some of the additional work that Jacques and CIRA have been involved in was also discussed during two other ICANN79 sessions: DNS Trust Panel<https://icann79.sched.com/event/1a1CA/dnssec-and-security-workshop-1-of-3> and eID Panel Discussion<https://icann79.sched.com/event/1a1DU/tech-day-3-of-4>.

A Zoom recording from this ALAC Plenary session is available from the ICANN website at https://icann.zoom.us/rec/share/RHdhIaT_AQ94rO49u1LbU0HxjSZKdx_Z8KlHL-bm5kG_3dx_eJr9wQgUF_oKyJxl.BLiD6CxPZzXCSPXc?startTime=1709756148000
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/cpwg/attachments/20240322/e1538732/attachment-0001.html>