[Gnso-epdp-team] Accreditation Homework
Hadia Abdelsalam Mokhtar EL miniawi
Hadia at tra.gov.eg
Thu Sep 26 12:27:15 UTC 2019
Thank you Milton and Alex for your work on this, based on which I put together some points in relation to accreditation, authentication and authorization
· Accrediting bodies authenticate the requestor for the purpose of identifying the identity of the requestor and confirming that it is a trusted body
· Authentication information is used to verify the identity claimed, this information may be in the form of password, token, biometrics, etc..
· Authorization is an approval to the authenticated requestor to access certain data elements
· An authenticated requestor can have multiple identities each of which relates to a different task or role.
· The SSAD must be able to process both authenticated and non-authenticated requestors
· The SSAD must be able to attribute each query to its requestor, where a user to query pairing is unique. (For logging and auditing purposes)
From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces at icann.org] On Behalf Of Alex Deacon
Sent: Thursday, September 26, 2019 7:34 AM
Subject: [Gnso-epdp-team] Accreditation Homework
You can view the current state of the Accreditation details Milton and I have been working on in the following Google Doc -
A summary of where we ended up is listed below. We can discuss these (and other) details on our Thursday call.
1) Single Accreditation Body or Multiple?
· Alex believes that there will be multiple Accreditation Bodies and a framework to accredit the accreditors is required.
· Milton is not convinced we will need such a complex policy and there should be a single uniform general accreditation process that ICANN is responsible for.
2) Code of Conduct
· Alex believes that a properly crafted Accreditation Body Baseline Policy, Trusted Accreditation Body Program Policy and an Accreditation Body Practice Statement (as described in his framework) will result in a uniform code of conduct for all sector based Accreditation Bodies. (Note that sector specific accreditation requirements would be added on top of this uniform code of conduct.)
· Milton agrees, but thinks the Code of Conduct should be uniform for all SSAD users and should not vary by sector or accreditation body.
3) Authentication vs. Authorization
· I think there is agreement between Alex and Milton here.
· The framework doc now defines a set of terms, including authentication, authorization and their related credentials. Accrediting Bodies assist in the creation of both authentication credentials and authorization credentials.
· The ultimate decision to authorize disclosure of registration data, based on validation of the authentication credential, authorization credentials, and any other data contained in the request, will reside with the registrar, ICANN, or whatever party we ultimately agree on.
4) Individual Users
· Both Alex and Milton agree that any accreditation framework must not rule out individual users from accessing non-public RDS data.
· Three options have been proposed and how to best accomplish this is still TBD.
5) Accreditation and User Group
· This is the largest ares of disagreement.
· NCSG is opposed to relying on accreditation bodies that emerge from user groups that benefit from easy access to the data and that Accreditation Bodies should not be responsible for auditing and enforcing accreditation of their own users, as this creates a conflict of interest.
· Alex does not agree. The proposed framework (with the safeguards, auditing, monitoring, complaints process, de-accreditation, etc.) is sufficient to address Milton's concerns.
· Having said that both Milton and Alex agree that auditing entities must be independent.
6) Accreditation and Financial sustainability
· Alex/IPC believes more detail is needed before we can have a constructive conversation on fees.
· Milton states that his and NCSG's views were articulated in LA.
Cole Valley Consulting
alex at colevalleyconsulting.com<mailto:alex at colevalleyconsulting.com>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnso-epdp-team