[gnso-rds-pdp-wg] Registrar Data vs RDS Data

Andrew Sullivan ajs at anvilwalrusden.com
Tue Aug 8 14:43:19 UTC 2017 

Hi,

On Tue, Aug 08, 2017 at 01:53:35PM +0000, Michele Neylon - Blacknight wrote:
> 
> On one of our recent calls there was some discussion around the difference between the data that a registrar would have versus which data could end up in RDS.
> 

I think I was probably the one at fault for this, so let me try to
explain in more detail what I was trying to ask.  I'm tempted to
apologise for opening this rathole, but as a practical matter I did so
because I'm a little worried about a possible equivocation in our
charter interpretation.

The reason all of this got started was, I think we all agree, because
of whois.  Many want to replace it, but some are reliant on parts of
the current work flow and the existing policies.  But the whois is an
RDDS -- registration data directory service (a term that was
introduced by SSAC, I think).  I don't know exactly how RDDS got
changed into RDS, but I suspect there was a change in meaning when it
happened.  RDDS is very clearly only about the publication of data:
how, and who can access is, and under what conditions.

Our charter asks about "the fundamental requirements for gTLD
registration data", which means that we are not constrained to data
publication.  This is in part I think because it is important to
constrain collection of data partly due to the problem of unplanned
disclosure.  So we have ended up discussing whether data might be
collected as well.  Traditionally, we have separated that data
collection question from the RDDS -- it was instead often discussed in
the context of the SRS (shared registration system).  The SRS is the
thing usually operated by the "registry", and the systems feeding the
SRS are normally operated by the "registrars".

I _think_ the RDS we are working on is supposed to be the set of
common data that is to be collected, or is optionally collected, and
is accessible to at least one party through a publicly-specified query
mechanism against the registration database(s); this mechanism might
restrict the data that a given party is able to retrieve as a result
of such a query.

The RDDS as I envision it is a distributed database.  Different
sources of data can be controlled by different authorities, very much
the way the DNS is designed.  Whois has worked this way for many
years, though it was not originally designed so.  That whois doesn't
work too well under this distributed model is mostly a consequence of
it not having been designed for that purpose in the first place.
Nevertheless, modern whois clients sometimes (even often) fetch data
from more than one place and present all of that to the user.  I can't
tell whether this is also true of the RDS, and I don't find that
people are always being clear about this.  I _think_ it is, and
certainly any candidate protocols we have are designed such that it
could be a distributed system.

On last week's call, people started talking about data that registrars
would be required to collect, but that "wouldn't be part of the RDS".
But given that we are talking about data that the RDS specification
would require, and that would be available to at least one party under
some conditions, the only question is whether it is data that might be
available via the publicly-specified mechanism under authenticated and
authorised conditions.  So,

> As I mentioned on the call registrars have access to a lot of data that is beyond anything that is required for whois or its replacements. 

while I understand perfectly well that this is the case, I think it's
irrelevant.  Certainly things that would never be available outside
the registrar are not included in the RDS, because they're never to be
available by the aforementioned query mechanism.  But we seemed last
week to be talking about something that the registrar is _required_ to
collect but that is normally not available, but that might be
available under the right circumstances.  I'm trying to understand how
that is data that is not "in the RDS".  It requires some sort of
modification of the meaning of "the RDS" as I have conceived it, but I
can't come up with one that makes any sense to me.

The example last week was an alternative contact method that was "not
in the RDS" but that someone could get under the right circumstances.
It seems obvious that, if there is no way to get that contact method,
then there is no point at all in requiring the collection.  Therefore,
the contact method _is_ in the RDS with a lot of restrictions on who
can get it, I think.

I hope this makes plainer what I was trying to ask about.

Best regards,

A


-- 
Andrew Sullivan
ajs at anvilwalrusden.com

More information about the gnso-rds-pdp-wg mailing list