[IRT.RegDataPolicy] Followup on the definition of RDDS...

[Alex Deacon]

IRT colleagues,

On our last call we discussed the current definition of RDDS in the OneDoc.


“Registration Data Directory Services” (“RDDS”) refers to online services
> that Registrars and Registry Operators of top-level domains are required to
> provide for publication of  to enable access to Domain Name Registration
> Data pursuant to applicable Registry Agreements, Registrar Accreditation
> Agreement, and ICANN Consensus Policies.”


To test that this definition was sound, I asked a simple question:  "Does
this definition include the concept of requests for the disclosure of
non-public registration data as currently defined in the Temp Spec, EPDP
Phase 1 Rec 18 and even any future SSAD that may appear."    The responses
both on the call and off list were all over the map.

   - Some answered that those concepts are not included in an RDDS, stating
   that RDDS only applies to public registration data.
   - Some (like myself) believe that it is absurd to remove the important
   and fundamental concepts of access/disclosure from the definition
of *services
   related to Registration Data*.
   - Some argued that these concepts *may* be included in the definition,
   sometimes, but not always.
   - And then there was the argument that it is more elegant to keep the
   definition vague and unclear, to allow for future policies to apply without
   having to update the definition.

If we were all in agreement about how to interpret this definition I'd be
happy to start the process of using it in our RedDoc exercise.   However
given the numerous and varied answers to my question it is plain to me, and
should be plain to all, that the definition in the OneDoc is far from
sound.

Narrowing the definition of RDDS to only apply to publication at this late
stage in the game is unacceptable.  Similarly, further broadening the
definition as suggested in a recent email by Sarah without defining what
services are covered makes the issues of vagueness and un-clarity even
worse.

In an attempt to address this issue, we suggest the following definitions,
based on the OneDoc definition and also leveraging some of the wording from
SSAC 051.

   - *Registration Data Directory Services (*RDDS) – refers to the set of
   required services associated with Registration Data offered by Registries
   and Registrars, pursuant to applicable Registry Agreements, Registrar
   Accreditation Agreements, and ICANN Consensus Policies.  These services
   include activities associated with collection, publication and disclosure
   of Registration Data.
   - Registration Data Directory Services are implemented and
      operationalized using one or more Registration Data Access Protocols
      (RDAP).
      - Policies related to Registration Data Directory Services (RDDS
      Policy)  include: 1) disclosure processes and procedures associated with
      Non-Public Registration Data, 2) acceptable terms of use, and 3)
others as
      defined by current or future Consensus Policies.


   - *Registration Data* (RD) - refers to contact information of natural or
   legal persons collected from a Registered Name Holder or generated by
   Registrar or Registry Operators when registering a domain name, pursuant to
   applicable Registry Agreements, Registrar Accreditation Agreements, and
   ICANN Consensus Policies.
   - Registration Data (RD) is composed of different elements. We refer to
      them as Registration Data Elements (RD Elements).
      - Some Registration Data is made publically available (Public
      Registration Data) and some is kept private (Non-Public
Registration Data)
      and only disclosed when a legal basis and legitimate interest exists.
      - Registration Data refers to the entire data collected from the
      registrant, however only a subset of this data may be made available
      through the Registration Data Directory Services (RDDS).
      - Policies related to the Registration Data itself (RD Policy)
      include 1) data to be included in the RDDS output, 2) annual WHOIS data
      reminder policy, 3) policy that requires Registrars to
investigate reports
      of inaccuracy (e.g. ARS), and 4) others as defined by current or
      future Consensus Policies.


   - *Registration Data Access Protocols *(RDAP) – refers to the elements
   of one or more (standard) communications exchange—queries and
   responses—that make publication and disclosure of Registration Data
   possible. For example, the WHOIS protocol (RFC 3912), The RDAP Protocol
   (RFC 7480 et al.) and Hypertext Transfer Protocol (HTTP) (RFC 2616 and its
   updates) can be used to provide publication of Public Registration Data and
   disclosure of Non-Public Registration Data.  In some cases Non-Public
   Registration Data may be disclosed via other methods, such as over the
   phone or via an email exchange.
   - Policies related to Registration Data Access Protocols include:  1)
      service levels (e.g., availability, update frequency, response time and
      SLAs),  2) query rate limits, and 3) others as defined by
current or future
      Consensus Policies.
      - Note: The fact that one such protocol is literally named “RDAP”
      should not be construed as indication that it is now or ever will be the
      only mechanism for publication and/or disclosure of RD.

Thanks.

Alex
___________
*Alex Deacon*
Cole Valley Consulting
alex at colevalleyconsulting.com
+1.415.488.6009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/irt.regdatapolicy/attachments/20201130/a38b4afb/attachment.html>