From yuko.green at icann.org Fri Jul 2 23:03:24 2021 From: yuko.green at icann.org (Yuko Green) Date: Fri, 2 Jul 2021 23:03:24 +0000 Subject: [ODP-SSAD] Request for verification/feedback on SSAD recommendations Message-ID: <714FDFAF-0FAD-4819-BBFF-344CBEAE750F@icann.org> Dear Janis, The SSAD ODP Project Team has been closely analyzing the applicable recommendations within the Final Report to ensure we have a clear understanding. We have identified several recommendations that we would like clarification on to ensure the Operational Design Phase assessment is based on the correct understanding of the recommendations. As the GNSO Council Liaison, we ask that you please relay our understanding to obtain the Council?s verification and/or feedback and provide a response when available. 1. Recommendation 1.4.3 states that the Accreditation Authority ?MUST validate Identity Credentials and Signed Assertions, in addition to the information contained in the request, facilitate the decision to accept or reject the Authorization of an SSAD request.? ICANN org interprets it to mean that the ?request? mentioned in this recommendation refers to the accreditation request, and not the nonpublic registration data request. Please confirm that our understanding is correct. 1. Recommendation 13.1.4 states that the Central Gateway Manager ?MUST respond only to requests for a specific domain name?? whereas the Recommendation 13.3.2 states that the CGM ?MUST support the ability of a Requestor to submit multiple domain names in a single request.? Implementation Guidance 13.5 also states ?it must be possible for Requestors to submit multiple requests at the same time.? Recommendation 13.1.4 could be interpreted to be in conflict with Recommendation 13.3.2 and Implementation Guidance 13.5 in terms of how many disclosure requests can be included in a single request. ICANN org?s interpretation is that a single request can contain disclosure requests for multiple domain names as long as all the domain names are individually specified in a fully qualified format. In other words, the Central Gateway Manager should not allow any sort of ?catch all? requests, such as a request concerning all domain names that have ?apple? in the name, or that are owned by a particular registrant. Please confirm that our understanding is correct. 1. Recommendation 10.14 states that ?Response Targets and Compliance Targets MUST be reviewed, at a minimum, after every six months in the first year, thereafter annually (depending on the outcome of the first review).? ICANAN org?s interpretation of this recommendation is that such a review is expected to be done across all contracted parties and not review individual contracted parties. This review is meant to be conducted by the GNSO Standing Committee. 1. Recommendations 13.3.6 states that the ?SSAD MUST be able to save the history of the different disclosure requests?? ICANN org?s interpretation is that this recommendation applies to not only the Central Gateway Manager, but also to other parties, such as the Accreditation Authorities and the Contracted Parties. Please confirm that our understanding is correct. 1. Recommendation 13.2 states that ?Requestors of the SSAD data should primarily bear the costs of maintaining this system,? whereas the Recommendation 14.4 states that the ?SSAD SHOULD NOT be considered a profit-generating platform for ICANN or the contracted parties. Funding for the SSAD should be sufficient to cover costs?? ICANN org?s interpretation of these recommendations is that the SSAD user fees should cover the operating cost of only the Accreditation Authorities, Identity Providers, and Central Gateway Manager, and does not cover any costs that contracted parties may incur. Please confirm that our understanding is correct. 1. Recommendation 2 lays out the requirements for governmental accreditation authorities, but it does not indicate whether government entities requiring access to non-public gTLD registration data may only be accredited via these governmental accreditation authorities. Footnote 13 seems to limit the Intergovernmental Organizations (IGOs) to only use the hosting country?s Accreditation Authority. ICANN org?s interpretation is that governmental entities are required to use an Accreditation Authority from their country/territory. This means, if there are no such Accreditation Authorities established within their country/territory, those entities cannot be accredited via the Accreditation Authority that is to be established for non-governmental entities. Please confirm that our understanding is correct. 1. Recommendations 7.1.1 states that ?Requestors MAY also submit data verification requests on the basis of Registered Name Holder (RNH) consent that has been obtained by the Requestor (and is at the sole responsibility of that Requestor), for example to validate the RNH?s claim of ownership of a domain name registration, or contract with the Requestor.? ICANN org?s interpretation is that the request on the basis of RNH consent is automatically approved given the parenthetical of ?and is at the sole responsibility of that Requestor.? Please confirm that our understanding is correct. Regards, Yuko Green Program Director Strategic Initiatives, Global Domains & Strategy Internet Corporation for Assigned Names and Numbers (ICANN) E-mail: yuko.green at icann.org www.icann.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From yuko.green at icann.org Thu Jul 8 22:17:01 2021 From: yuko.green at icann.org (Yuko Green) Date: Thu, 8 Jul 2021 22:17:01 +0000 Subject: [ODP-SSAD] Community Surveys now open Message-ID: Dear Janis, Today, ICANN org published an announcement to solicit community input with regards to the SSAD ODP. This survey will help determine how many potential users are expected to use the SSAD and the anticipated volume of requests if it is implemented. This survey is open to public, and I?d appreciate if you could encourage your colleague to participate. Separately, ICANN also reached out to ICANN?s contracted parties today with a different survey. This survey is catered specifically to registries and registrars, which will help determine how many nonpublic registration data disclosure requests they are receiving. Together between these 2 surveys, the org will be able to better assess the following questions from the Scoping Document: ? 3.1.5.2: What is the expected volume the SSAD operational process flow will be able to manage? ? 3.1.5.5: How many potential users may be expected to use the System? Both surveys are open for 2 weeks, and will close on 22 July at 23:59 UTC. Regards, Yuko Green Program Director Strategic Initiatives, Global Domains & Strategy Internet Corporation for Assigned Names and Numbers (ICANN) E-mail: yuko.green at icann.org www.icann.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From chanor at hanor.com Wed Jul 14 13:49:32 2021 From: chanor at hanor.com (Charles Hanor) Date: Wed, 14 Jul 2021 13:49:32 +0000 Subject: [ODP-SSAD] Standardized Acesss Message-ID: Scammers and other thieves use he privacy to avoid apprehension. The information is not a trade secret, lots of companies have it already and should be publicly available. Charles W. Hanor Hanor Law Firm PC 750 Rittiman Road San Antonio, TX 78209 210-829-2002 Direct 210-842-9500 Mobile 210-829-2001 Fax chanor at hanor.com http://www.hanor.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From eleeza.agopian at icann.org Thu Jul 15 22:39:24 2021 From: eleeza.agopian at icann.org (Eleeza Agopian) Date: Thu, 15 Jul 2021 22:39:24 +0000 Subject: [ODP-SSAD] SSAD ODP survey for GAC members Message-ID: Dear Manal and GAC Members, We are interested in the views of individual GAC members and observers, as well as the GAC as a whole, if you so wish, on the questions included in this survey to help inform the work of the SSAD Operational Design Phase as it relates to the accreditation of governmental entities and requests for disclosure of nonpublic gTLD registration data by governmental entities. We would appreciate your help in sharing this information with your GAC colleagues. The Expedited Policy Development Process (EPDP) on the Temporary Specification for gTLD Registration Data Phase 2 work began in April 2019. Ultimately, the EPDP Phase 2 Team recommended the creation of a System for Standardized Access/Disclosure (SSAD) in its Final Report, which was submitted to the Generic Names Supporting Organization (GNSO) Council on 31 July 2020. The GNSO Council adopted the Final Recommendations from the Phase 2 Final Report by a GNSO supermajority, and transmitted the Recommendations Report to the ICANN Board on 29 October 2020. Subsequently, on 25 March 2021, the Board directed the ICANN CEO to conduct an Operational Design Phase (ODP) for the GNSO Council-approved recommendations #1 through #18 which relate to the SSAD, to help the Board?s consideration of the consensus policy recommendations. The SSAD ODP team is contacting you today in relation to recommendation #2 of the EPDP Phase 2 Final Report, which refers to ?Accreditation of governmental entities.? The scoping document created for the SSAD ODP covers Country/Territory/Governmental Accreditation in Section 3.1.2 under Operational Readiness. As described in the EPDP Phase 2 Final Report, an ?Accreditation Authority'' would confirm and verify the identity of a user (represented by an Identifier Credential). Accreditation by a country or territory?s government body or its authorized body would be available to various eligible government entities that require access to nonpublic generic top-level domain (gTLD) registration data for the exercise of their public policy tasks. In essence, the governmental accreditation authorities will be charged with verifying that entities that have a legitimate interest and/or legal basis in requesting access to nonpublic gTLD registration data via the SSAD as a government representative/agent from their jurisdiction are who they claim to be (identity verification) and that the entities themselves have met the criteria for SSAD accreditation. We respectfully request responses on any or all of the questions in the survey, as well as any further input the GAC deems relevant to the accreditation of governmental entities and requests for disclosure of nonpublic registration data by governmental entities, by 17 September This timeline helps give us enough time to analyze and inform the work of the ODP. Please note, individual survey submissions by GAC members and observers will remain anonymous. They will however be aggregated and used in the SSAD Operational Design Assessment (ODA) document which will summarize the SSAD ODP findings and be presented to the ICANN Board. More information on the SSAD ODP is available at https://www.icann.org/ssadodp. We appreciate your attention to this request. If you or any GAC members have questions about this survey or anything else regarding the SSAD ODP, please contact us by sending an email to ODP-SSAD at icann.org. Please note, the full text of your email, including your comment, name, and email address, will be published in the archive on ICANN org?s website. Note: The publication of emails may be delayed until after a mailing list moderator reviews the email in order to reduce off-topic messages and unsolicited commercial advertisements. Sincerely, Eleeza Agopian Senior Director Strategic Initiatives, Global Domains and Strategy ICANN -------------- next part -------------- An HTML attachment was scrubbed... URL: From manal at tra.gov.eg Fri Jul 16 02:37:06 2021 From: manal at tra.gov.eg (Manal Ismail) Date: Fri, 16 Jul 2021 02:37:06 +0000 Subject: [ODP-SSAD] SSAD ODP survey for GAC members In-Reply-To: References: Message-ID: Many thanks Eleeza .. Confirming receipt .. Kind Regards --Manal From: Eleeza Agopian Sent: Friday, July 16, 2021 12:39 AM To: Manal Ismail Cc: ODP-SSAD at icann.org Subject: SSAD ODP survey for GAC members Dear Manal and GAC Members, We are interested in the views of individual GAC members and observers, as well as the GAC as a whole, if you so wish, on the questions included in this survey to help inform the work of the SSAD Operational Design Phase as it relates to the accreditation of governmental entities and requests for disclosure of nonpublic gTLD registration data by governmental entities. We would appreciate your help in sharing this information with your GAC colleagues. The Expedited Policy Development Process (EPDP) on the Temporary Specification for gTLD Registration Data Phase 2 work began in April 2019. Ultimately, the EPDP Phase 2 Team recommended the creation of a System for Standardized Access/Disclosure (SSAD) in its Final Report, which was submitted to the Generic Names Supporting Organization (GNSO) Council on 31 July 2020. The GNSO Council adopted the Final Recommendations from the Phase 2 Final Report by a GNSO supermajority, and transmitted the Recommendations Report to the ICANN Board on 29 October 2020. Subsequently, on 25 March 2021, the Board directed the ICANN CEO to conduct an Operational Design Phase (ODP) for the GNSO Council-approved recommendations #1 through #18 which relate to the SSAD, to help the Board?s consideration of the consensus policy recommendations. The SSAD ODP team is contacting you today in relation to recommendation #2 of the EPDP Phase 2 Final Report, which refers to ?Accreditation of governmental entities.? The scoping document created for the SSAD ODP covers Country/Territory/Governmental Accreditation in Section 3.1.2 under Operational Readiness. As described in the EPDP Phase 2 Final Report, an ?Accreditation Authority'' would confirm and verify the identity of a user (represented by an Identifier Credential). Accreditation by a country or territory?s government body or its authorized body would be available to various eligible government entities that require access to nonpublic generic top-level domain (gTLD) registration data for the exercise of their public policy tasks. In essence, the governmental accreditation authorities will be charged with verifying that entities that have a legitimate interest and/or legal basis in requesting access to nonpublic gTLD registration data via the SSAD as a government representative/agent from their jurisdiction are who they claim to be (identity verification) and that the entities themselves have met the criteria for SSAD accreditation. We respectfully request responses on any or all of the questions in the survey, as well as any further input the GAC deems relevant to the accreditation of governmental entities and requests for disclosure of nonpublic registration data by governmental entities, by 17 September This timeline helps give us enough time to analyze and inform the work of the ODP. Please note, individual survey submissions by GAC members and observers will remain anonymous. They will however be aggregated and used in the SSAD Operational Design Assessment (ODA) document which will summarize the SSAD ODP findings and be presented to the ICANN Board. More information on the SSAD ODP is available at https://www.icann.org/ssadodp. We appreciate your attention to this request. If you or any GAC members have questions about this survey or anything else regarding the SSAD ODP, please contact us by sending an email to ODP-SSAD at icann.org. Please note, the full text of your email, including your comment, name, and email address, will be published in the archive on ICANN org?s website. Note: The publication of emails may be delayed until after a mailing list moderator reviews the email in order to reduce off-topic messages and unsolicited commercial advertisements. Sincerely, Eleeza Agopian Senior Director Strategic Initiatives, Global Domains and Strategy ICANN -------------- next part -------------- An HTML attachment was scrubbed... URL: