[gnso-rds-pdp-wg] Registrar Data vs RDS Data

Thu Aug 24 23:29:28 UTC 2017

I agree.  I am very glad to have someone else exploring the contours of 
this particular conflation problem, because I have tediously pointed out 
on numerous calls, the differences between collection, use, the 
disclosure instrument(s) and what a registrar might have to manage for 
his own business purpose /not /dictated by ICANN as data controller.  I 
do think that when people imagine the reasons for collecting the data 
they are naturally thinking of what they are going to use it for, and if 
they are not part of the technical chain that makes the domain work, 
then they are third parties accessing the data. I think proceeding to 
uses might help speed things up, exactly as you describe.

Stephanie Perrin

On 2017-08-24 16:38, Andrew Sullivan wrote:
> Hi,
>
> On Tue, Aug 08, 2017 at 10:43:19AM -0400, Andrew Sullivan wrote:
>
>> I _think_ the RDS we are working on is supposed to be the set of
>> common data that is to be collected, or is optionally collected, and
>> is accessible to at least one party through a publicly-specified query
>> mechanism against the registration database(s); this mechanism might
>> restrict the data that a given party is able to retrieve as a result
>> of such a query.
> I am not too sure that we came to any resolution about this, and I
> must say that this week's poll questions make me more confused than
> ever.  The questions ask about things being "in the RDS" that are
> entirely static elements: the abuse contact, and other such things
> that are not the sort of thing that are collected, but rather that are
> configured (probably once) at the time the service is started.
>
> The discussion around contacts that has started on the list is
> similarly conflating data that is collected with that which is
> displayed: there is no double collection of different contact data
> normally, even if the data is displayed in whois today more than one
> time.
>
> This all makes me feel like we are equivocating on what we are
> supposed to be doing: that we are most of the time actually talking
> about what is displayed in an RDDS even though we're talking about the
> wider RDS thing, which includes data collection.
>
> I wouldn't go on about this tediously, except that I think it is
> leading us into ratholes in that people forget about the distinction
> between collection and display.
>
> I'm not sure what to suggest about this.  One thing that occurred to
> me today is that we could stop worrying about collection and start
> worrying about what is going to be published in the RDDS for someone
> to see.  If at least one person under some circumstances can look at
> the data, then we know we can collect it.  If _nobody_ can, then there
> is a live question as to whether the data may be collected at all.
> (As soon as we have a legitimate use for consuming the data, then by
> definition the data is permissible to collect for that purpose, as far
> as I can tell.)
>
> There remains the problem of data that is collectable by the registry
> for its purposes, but not allowed in the RDS.  The reason that's a
> problem is because I know of at least one registry that simply
> connects the RDDS (i.e. whois) and the SRS to different copies of the
> very same database.  In that case, it would seem that all the data in
> the SRS is by definition in the RDS, and if there's some distinction
> then we appear to be getting into specifying implementations rather
> than policy.
>
> Best regards,
>
> A
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170824/b2975878/attachment-0001.html>