[gtld-tech] ICANN monitoring system API

Dr Eberhard W Lisse el at lisse.na
Sat May 13 10:08:01 UTC 2017 

Jacques,

I was thinking the same thing, or rather, would that not be a good topic for TechDay?

el

-- 
Sent from Dr Lisse's iPad mini 4

> On 13 May 2017, at 11:02, Jacques Latour <jacques.latour at cira.ca> wrote:
> 
> Hi,
> Will this API be available to ccTLD as well?
> Jacques
> 
> 
> On 2017-05-12, 6:12 PM, "Victor Figueroa" <gtld-tech-bounces at icann.org on behalf of victor.figueroa at icann.org> wrote:
> 
> Hello Ron Geens,
>  
> ICANN is currently working on the development of the production version of the Monitoring System API (MoSAPI). There is no date yet for the release of this version. We plan to notify registries in advance of the release.
>  
> In the meantime, the MoSAPI beta version is available. Registries can request access to the MoSAPI beta through ICANN's Global Support Center, please see https://www.icann.org/resources/pages/customer-support-2015-06-22-en.
>  
> Regards,
> Victor Figueroa
> Technical Services Senior Manager
> ICANN
>  
> From: <gtld-tech-bounces at icann.org> on behalf of Ronald Geens <ronald.geens at dnsbelgium.be>
> Date: Thursday, May 4, 2017 at 1:33 AM
> To: "gtld-tech at icann.org" <gtld-tech at icann.org>
> Subject: Re: [gtld-tech] ICANN monitoring system API
>  
> Hi,
>  
>    I am re-opening this thread to inform about any progress that has been made on specifying or even rolling out this API.
> We would be interested in using this as an additional monitoring service but I cannot find a more recent update than this mail thread from February.
>  
> Best regards,
>  
> Ron Geens
> DNS Belgium
>  
> On 25 Feb 2017, at 01:48, Gustavo Lozano <gustavo.lozano at icann.org> wrote:
>  
> Thank you for your feedback, Scott, and Michele,
>  
> @Scott,
>  
> I think it would be helpful to note somewhere that TLS protection is required, and that the credentials are protected using TLS.
>  
> [Gustavo Lozano] - OK, I will add text in this regard.
>  
> Have you thought about using TLS with mutual authentication of both clients and servers? That would add an extra layer of protection to ensure that only authorized clients have access to TLD-specific data.
>  
> [Gustavo Lozano] - Thank you for the suggestion, we have it in our to-do list.
>  
> It would also be helpful to explicitly state that login credentials are provided by ICANN (how are they requested and delivered?), or at least provide a link to some other document that explains the process.
>  
> [Gustavo Lozano] - OK, I will add text in this regard.
>  
> It would also be helpful to note that the client must provide (how?)  ICANN with a list of IP addresses to be added to a per-TLD white list. Are both IPv4 and IPv6 addresses acceptable? If not, why?
>  
> [Gustavo Lozano] - OK, I will add text in this regard. The input mechanism for IP address blocks supports IPv4 and IPv6, however in the beta of the Monitoring System API, we only have IPv4 transport support.
>  
> @Michele,
>  
> Speaking of IPs ..
> Ideally being able to provide blocks, rather than lists of IPs ..
>  
> [Gustavo Lozano] - In the GDD Portal, the Registry Operator can set the list of IP address blocks to be allowed to access the RRI (Registry Reporting Interface). The Monitoring System API uses the same credentials.
>  
> Regards,
> Gustavo
>  
> From: Michele Neylon - Blacknight [mailto:michele at blacknight.com] 
> Sent: Friday, February 17, 2017 5:15 AM
> To: Hollenbeck, Scott <shollenbeck at verisign.com>; Gustavo Lozano <gustavo.lozano at icann.org>; 'gtld-tech at icann.org' <gtld-tech at icann.org>
> Subject: [Ext] Re: [gtld-tech] ICANN monitoring system API
>  
> Speaking of IPs ..
> Ideally being able to provide blocks, rather than lists of IPs ..
>  
> --
> Mr Michele Neylon
> Blacknight Solutions
> Hosting, Colocation & Domains
> https://www.blacknight.com/
> http://blacknight.blog/
> Intl. +353 (0) 59  9183072
> Direct Dial: +353 (0)59 9183090
> Personal blog: https://michele.blog/
> Some thoughts: https://ceo.hosting/
> -------------------------------
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
> Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
>  
> From: <gtld-tech-bounces at icann.org> on behalf of Scott Hollenbeck <shollenbeck at verisign.com>
> Date: Friday 17 February 2017 at 13:05
> To: "'gustavo.lozano at icann.org'" <gustavo.lozano at icann.org>, "'gtld-tech at icann.org'" <gtld-tech at icann.org>
> Subject: Re: [gtld-tech] ICANN monitoring system API
>  
> Thanks for the opportunity to provide comments, Gustavo. It would be helpful to add more introductory text (perhaps in a section titled something like “Operational Assumptions”) to explicitly note several implied functional points. Here are a few that I found:
>  
> In Section 3, the document says that HTTP Basic authentication is used. Without additional information, that means that credentials are exchanged in plaintext form. Encryption service is hidden in the description of the base URL mentioned in Section 2. I think it would be helpful to note somewhere that TLS protection is required, and that the credentials are protected using TLS.
>  
> Have you thought about using TLS with mutual authentication of both clients and servers? That would add an extra layer of protection to ensure that only authorized clients have access to TLD-specific data.
>  
> It would also be helpful to explicitly state that login credentials are provided by ICANN (how are they requested and delivered?), or at least provide a link to some other document that explains the process.
>  
> It would also be helpful to note that the client must provide (how?)  ICANN with a list of IP addresses to be added to a per-TLD white list. Are both IPv4 and IPv6 addresses acceptable? If not, why?
>  
> Scott
>  
> From: gtld-tech-bounces at icann.org [mailto:gtld-tech-bounces at icann.org] On Behalf Of Gustavo Lozano
> Sent: Saturday, February 11, 2017 12:17 AM
> To: gtld-tech at icann.org
> Subject: [EXTERNAL] [gtld-tech] ICANN monitoring system API
>  
> Hello Colleagues,
>  
> Specification 10 of the base registry agreement (https://newgtlds.icann.org/sites/default/files/agreements/agreement-approved-09jan14-en.htm[newgtlds.icann.org]) describes the Service Level Requirements and emergency thresholds that a Registry Operator has to comply related to the Registry Services.
>  
> ICANN has been monitoring compliance of new gTLDs following the algorithms defined in this specification.
>  
> ICANN provides access to Registry Operators to the incident information of its TLDs through an API currently in beta, and we are planning on releasing the production version in the future.
>  
> The Registry Operators using the beta API had provided valuable feedback, and the specification to be implemented in the production version has been modified accordingly.
>  
> Attached you will find the latest draft of this specification. I appreciate your feedback no later than February 24, 2017.
>  
> Regards,
> Gustavo
>  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gtld-tech/attachments/20170513/739919c8/attachment.html>

More information about the gtld-tech mailing list