[Gnso-epdp-team] For your review - accreditation building block by Friday 25 Oct COB
mcanderson at verisign.com
Sat Oct 26 00:59:20 UTC 2019
I’m submitting the following on behalf of the RySG representatives.
The RySG has the following general feedback on Building Blocks F and J (Authentication / Authorization / Accreditation). Where applicable specific feedback/suggested edits will be made directly to the google document.
We would like to express our appreciation for the recent contributions by Alex Deacon. His input captures many areas of agreement and provides a useful basis for moving forward our deliberations on authentication. We do note that for some sections the text is more principle based, rather than clearly a policy recommendation. While this is useful at our current stage of deliberation, these principles should be converted to implementable recommendations before they are final.
We note Marika’s clarification text that accreditation in this document does not refer to accreditation/certification as discussed in GDPR Article 42/43. That said, our internal review of this building block revealed that there is still a good deal of confusion around definitions, particularly Accreditation, Authentication and Authorization. We intend to provide separate feedback to those definitions to help clarify.
On revocation of credentials, the RySG feels that graduated penalties should only apply to an Accreditation Authority. Suspension of an Accreditation Authority would adversely affect everyone that entity has accredited. This may negatively impact legitimate accredited users so a graduated approach to suspension makes sense here. In cases of abuse by an individual user though, suspension should be immediate and absolute.
The RySG recognizes that the charter specifically asks the working group to consider how RDAP (that is technically capable) applies to accreditation. We are supportive of this charter question and the importance of making sure the policy recommendations are “implementable”. While RDAP is the current technology of choice we feel it’s best for the policy recommendations to be technology agnostic referencing the generic Registration Data Directory Services (RDDS) instead of the technology specific RDAP.
The RYSG strongly disagrees with the manner in which point (P) is structured. It is accepted that nothing in the SSAD should prevent, nor in truth, shall it prevent, a 3rd party from requesting disclosure directly from a controller (be that a registry or registrar). Should, however, a requester have been deemed to have misused, or abused the SSAD / accreditation process such that their access to the SSAD and their accreditation has been revoked, this is of vital importance to the Controller, and in fact would also be certainly considered to be a disqualifying factor for any subsequent disclosure of data to that user by that Controller. In isolated systems of disclosure, a controller would not ordinarily know of such an issue; however, the EPDP must be clear that in such an interconnected system, there can be no built-in legal back doors, or ‘second bites of the apple’ for such ‘users’. Allowing such would be encouraging data breach.
From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> On Behalf Of Marika Konings
Sent: Thursday, October 24, 2019 2:42 PM
To: gnso-epdp-team at icann.org
Subject: [EXTERNAL] [Gnso-epdp-team] For your review - accreditation building block by Friday 25 Oct COB
Dear EPDP Team,
Please note that staff has gone ahead and cleaned up the accreditation building block per today’s discussion for your review and input: https://docs.google.com/document/d/1-90NgBnkZt8mRL2acJUPOwoIkx5clvXlCaCC3RAOGWU/edit#<https://docs.google.com/document/d/1-90NgBnkZt8mRL2acJUPOwoIkx5clvXlCaCC3RAOGWU/edit>.
As per the action items from today’s meeting, please provide any further edits or comments by Friday 25 October COB in the google doc.
Caitlin, Berry and Marika
Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN)
Email: marika.konings at icann.org<mailto:marika.konings at icann.org>
Follow the GNSO via Twitter @ICANN_GNSO
Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnso-epdp-team