[TSG-Access-RD] Access Control Protocol in the Charter

[Andrew Newton]

On Wed, Dec 12, 2018 at 2:14 PM Murray S. Kucherawy <superuser at gmail.com> wrote:
>
> Would this include delegation?  Someone mentioned a scenario like ICANN approving M3AAWG as a secondary authorizing party, for example.

I think Gavin touched on this, but it might help us to to distinguish
between authentication and authorization. So M3AAWG may authenticate
people (bob is indeed bob, and not alice) who are then authorized to
see non-public data. And though policy may not need it, I believe we
should conceptualize our model with multiple types of authorization...
such as authorization A gets you email addresses only whereas
authorization B gets you telephone numbers and physical/postal
addresses.

Additionally, we may want to define functional roles as that may help
with an understanding of what ICANN may be doing vs a third party vs a
registry.
For example:
* authentication function - identifies the actors accessing the data
* authorization function - determines the rights actors have
* bootstrap function - issues RDAP redirects
* reporting function - there are probably many types of this

Just an idea, but this might help support many models.

>
>> 2. How could access to non-public registration data be granted only to clients that are authorized by ICANN?
>> 3. How could ICANN, in its role as the authorizing party, receive a third-party request for access to non-public registration data?
>> 4. Categorization/prioritization of RDS data fields: Should all the fields be collected in one place? If so, should we design a protocol that allows
>> for the categorization of these fields and the prioritization of the request response?
>
>
> And as you alluded, how can we determine which fields are public vs. non-public at the time of the query, given that those sets can be changed over time by policy action?

I don't think we can, nor should it be within our scope. That said, I
don't think it would be unreasonable for us to provide examples.

-andy