[TSG-Access-RD] [Ext] RE: RDAP Operational Models

Hollenbeck, Scott shollenbeck at verisign.com
Tue Feb 5 17:28:01 UTC 2019 

Not at all. They can, in fact, be separated. The pictures don't describe functions (that can be dealt with in text), only roles and interactions.

Scott

> -----Original Message-----
> From: Francisco Arias <francisco.arias at icann.org>
> Sent: Tuesday, February 5, 2019 12:03 PM
> To: Hollenbeck, Scott <shollenbeck at verisign.com>
> Cc: tsg-access-rd at icann.org
> Subject: [EXTERNAL] Re: [Ext] RE: [TSG-Access-RD] RDAP Operational Models
>
> Are you saying there is no way to separate the function of identity provider
> from authorizing body?
>
> --
> Francisco
>
> On 2/5/19, 4:34 AM, "Hollenbeck, Scott" <shollenbeck at verisign.com> wrote:
>
>     No, that's what the identity providers do. In the pictures where there's no
> identity provider, authentication would be done by the RDAP server
> operator.
>
>     Scott
>
>     > -----Original Message-----
>     > From: Francisco Arias <francisco.arias at icann.org>
>     > Sent: Monday, February 4, 2019 8:19 PM
>     > To: Hollenbeck, Scott <shollenbeck at verisign.com>; tsg-access-
> rd at icann.org
>     > Subject: [EXTERNAL] Re: [TSG-Access-RD] RDAP Operational Models
>     >
>     > Hi Scott,
>     >
>     > Aren't we missing the authenticators in the models?
>     >
>     > --
>     > Francisco
>     >
>     > On 2/1/19, 11:18 AM, "TSG-Access-RD on behalf of Hollenbeck, Scott via
> TSG-
>     > Access-RD" <tsg-access-rd-bounces at icann.org on behalf of tsg-access-
>     > rd at icann.org> wrote:
>     >
>     >     I just uploaded three documents to the Google Drive as part of the
> effort
>     > Andy and I volunteered for to develop background material for our final
>     > output. They're named "RDAP Model X", and each document contains a
>     > drawing of interactions between players in different operational
> scenarios.
>     > I'm suggesting that we should describe as many of these models as we
> can
>     > identify to better document available options.
>     >
>     >     RDAP Model 1: AN ICANN-run proxy service with client
>     > identification/authentication responsibilities delegated to identity
> providers.
>     >
>     >     RDAP Model 2: AN ICANN-run proxy service with client
>     > identification/authentication responsibilities held within ICANN.
>     >
>     >     RDAP Model 3: Direct client-to-registry/registrar services with client
>     > identification/authentication responsibilities delegated to identity
> providers.
>     >
>     >     Are there any other models worth capturing? I didn't mention "Direct
>     > client-to-registry/registrar services with client
> identification/authentication
>     > responsibilities held by the registries/registrars" because we've already
>     > discussed how that model doesn't scale well. It would be worth
> mentioning
>     > in the text only to note that it was discussed and dismissed.
>     >
>     >     Scott
>     >
>     >
>
>

More information about the TSG-Access-RD mailing list