Expert Working Group on gTLD Directory Services (EWG) Final Report Overview Expert Working Group on gTLD Directory Services (EWG) 23 June, 2014
Session Agenda • About the EWG • Overview of the EWG’s Final Report • Next Steps • Extended Q&A Opportunities o EWG Final Report Discussion Session 1 Monday, 23 June, 1700 - 1900 o EWG Final Report Discussion Session 2 Wednesday, 25 June, 0800 – 1000 #ICANN50 Page 2
About the EWG • Formed to overcome decade-long deadlock o Bring together a diverse group of volunteers o Apply wide range of expertise and experiences o Discuss issues frankly, participate individually o Strike compromises to find a path forward • ICANN Board’s mandate to EWG o Reexamine purpose & provision of gTLD registration data o Envision a next-generation solution to better serve global Internet community needs o Create a foundation to help the ICANN community (through the GNSO) create a new policy for gTLD directory services #ICANN50 Page 3
EWG Members Jean-Francois Baril (Lead Facilitator) Pekka Ala-Pietilä Michele Neylon Lanre Ajayi Michael Niebel Steve Crocker Stephanie Perrin Chris Disspain Rod Rasmussen Scott Hollenbeck Carlton Samuels Jin Jian Faisal Shah Susan Kawaguchi Fabricio Vayra Nora Nanayakkara #ICANN50 Page 4
EWG Approach • Final Report reflects 15+ month effort o Thousands of hours on in-depth research o 2600+ pages of comments, responses, results o 19 public community consultations o 35 EWG meeting days o 42 EWG calls o More than 200 subteam calls • To answer a simple question about a very complex problem… Is there an alternative to today’s WHOIS to better serve the global Internet community? #ICANN50 Page 5
EWG’s Answer • Today's WHOIS model of giving every user the same entirely anonymous public access to often-inaccurate data should be abandoned. WHOIS #ICANN50 Page 6
EWG’s Final Report • Details a proposed next-generation Registration Directory Service (RDS) • Strikes a balance between accuracy, access, and accountability • Collects, validates and discloses gTLD data for permissible purposes only • Leaves minimum data publicly available • Safeguards the rest through a new paradigm: purpose-driven gated access • Introduces new contracted parties to o Validate Contact Data o Accredit RDS Users #ICANN50 Page 7
Overview of Final Report #ICANN50 Page 8
Why create a new RDS? • WHOIS provides one-size-fits-all public access to anonymous users o Little accountability or abuse remedies o Limited individual privacy protection or ability to conform to differing laws o Limited ability to ensure data integrity o Lack of security and auditing capabilities o Cumbersome contact management o Inefficient communication #ICANN50 Page 9
Solution: Purpose-Driven Access • Some registration data would remain public to promote Internet stability and meet basic DNS needs • This minimum public data would still be accessible by anyone, for any permissible purpose, without authentication… All gTLD All gTLD Registries All gTLD Registries Registries RDS Query (Unauthenticated, DN) RDS portal RDS Response (Public Data Only) All gTLD All gTLD Any Requestor Registries All gTLD Registries Returns only public data Validators available to anyone, for any purpose. #ICANN50 Page 10
Today’s WHOIS WHOIS Existing • Entirely Public Data Existing Admin, Tech Existing Registrant Contact Data • Entirely Anonymous Access Domain Name Contact Data Data Collected from • Registrants Cannot Provide Registrant Collected from Contemporary/Alternate Data Supplied by Registrant Registrar and • Contacts Cannot Prevent Registry Inaccurate or Fraudulent Use Registrant ID PBC IDs Purpose-Driven RDS RDS • Minimum Public Data – Admin, Tech Existing Contact Data Most Data Gated By Default! Domain Name Existing • Contact Data is Validated Data Registrant Contact Data • IDs link Contact Data to Abuse, Legal, Proxy & Business Registered Domain Names Contact Data • Purpose-Based Contacts (PBCs) Collected from New Optional Manage Their Own Data each Contact Data Elements #ICANN50 Page 11
Minimum Public Data Overview Domain Name: MYDOMAIN.TLD Registration Status: x DNSSEC Delegation: signedDelegation Name Server: NS01.EXAMPLE-REGISTRAR.TLD Client Status: DeleteProhibited, RenewProhibited, TransferProhibited Registrant Registrant Type: UNDECLARED Server Status: DeleteProhibited, RenewProhibited, TransferProhibited Contact ID Registrant Contact ID: xxxx-xxxx Registrar: EXAMPLE REGISTRAR LLC Reseller: EXAMPLE RESELLER Registrant Contact Validation Status: Operationally-Validated Minimum Public Registrar Jurisdiction: EXAMPLE JURISDICTION Registrant Contact Last Validated Timestamp: x Registry Jurisdiction: EXAMPLE JURISDICTION Registrant Contact Data Domain Name Data Registration Agreement Language: ENGLISH Registrant Email: MAILBOX@MYDOMAIN.TLD Supplied by Creation Date: 2000-10-08T00:45:00Z Registrant Country : AA Original Registration Date: 2000-10-08T00:45:00Z Registrar and Registry Administrator Contact ID: xxxx-xxxx Registrar Registration Expiration Date: 2010-10-08T00:44:59Z Updated Date: 2009-05-29T20:13:00Z Tech Contact ID: xxxx-xxxx Purpose-Based Registrar URL: http://www.example-registrar.tld Legal Contact ID: xxxx-xxxx Contact IDs Registrar IANA Number: 5555555 Abuse Contact ID: xxxx-xxxx Registrar Abuse Contact Email: email@registrar.tld Business Contact ID: xxxx-xxxx (but NOT their Data) Registrar Abuse Contact Phone: +1.1235551234 URL of the Internic Complaint Site: http://wdprs.internic.net/ Privacy/Proxy Contact ID: xxxx-xxxx Minimum registration data that is publicly available to anyone, for any permissible purpose, without authentication #ICANN50 Page 12
Minimum Public Data Example Domain Name: MY_DOMAIN.TLD Registration Status: x DNSSEC Delegation: signedDelegation Name Server: NS01.MY_REGISTRAR.TLD Client Status: DeleteProhibited, RenewProhibited, TransferProhibited Registrant Type: UNDECLARED Server Status: DeleteProhibited, RenewProhibited, TransferProhibited Registrant Contact ID: xxxx-xxxx Registrar: MY_REGISTRAR LLC Reseller: MY_RESELLER Registrant Contact Validation Status: Operationally-Validated Registrar Jurisdiction: RR_JURISDICTION Registrant Contact Last Validated Timestamp: x Registry Jurisdiction: RY_JURISDICTION Registration Agreement Language: ENGLISH Registrant Email: EMAIL@MY_DOMAIN.TLD Creation Date: 2000-10-08T00:45:00Z Registrant Country : AA Original Registration Date: 2000-10-08T00:45:00Z Administrator Contact ID: xxxx-xxxx Registrar Registration Expiration Date: 2010-10-08T00:44:59Z Updated Date: 2009-05-29T20:13:00Z Tech Contact ID: xxxx-xxxx Registrar URL: http://www.registrar.tld Legal Contact ID: xxxx-xxxx Registrar IANA Number: 5555555 Abuse Contact ID: xxxx-xxxx Registrar Abuse Contact Email: email@registrar.tld Business Contact ID: xxxx-xxxx Registrar Abuse Contact Phone: +1.1235551234 URL of the Internic Complaint Site: http://wdprs.internic.net/ Privacy/Proxy Contact ID: xxxx-xxxx Minimum ¥ registration data that is publicly available to anyone, for any permissible purpose, without authentication* (grey = not applicable for every domain name) * Except where prohibited by data protection laws #ICANN50 ¥ Gated Registrant Data can also be made public at the Registrant’s discretion Page 13
When is Public Requestor queries RDS (User, Purpose, DN) Data returned? Y N Requestor Identiified? N Y Purpose Declared? Return Only PUBLIC Purpose = ? DATA Apply GATED ACCESS policy for declared purpose… Domain Name Personal Data Technical Domain Name Individual Business DN Control Protection Issue Certification Internet Use Sale or Resolution Purchase Academic Legal Actions Regulatory Criminal DNS DNS Research Contractual Investigation & Transparency Enforcement Abuse Mitigation #ICANN50 Page 14
What is the RDS “gate”? There is no single RDS “gate” • Requestors and their data needs vary; so would RDS gated access policies • Like most on-line services that hold private data, the RDS would o Apply policy-defined permissions o Driven by requestor identity + purpose o Uniformly enforce terms of service o Apply measures to deter and mitigate abuse #ICANN50 Page 15
What is Gated Access? • In the RDS, data is collected and disclosed for permissible purposes Prior to 1 st GATED query: All gTLD Requestor must be All gTLD accredited and Registries All gTLD obtain a Requestor ID Registries Registries RDS Query (Requestor ID,Purpose,DN) methods RDS RDS Response (Public + Gated Data) All gTLD All gTLD Registries Authenticated All gTLD Registries Requestor Validators Returns only requested data available and accessible to authenticated requestor for declared purpose. #ICANN50 Page 16
Accredited Users and Purposes • RDS must be able to support existing and future permissible purposes DNS Domain Name Transparency Control Personal Data Technical Issue Protection Resolution Domain Name Individual Certification Internet Use gTLD Registration Data Permissible Purposes Domain Name Domain Name Purchase/Sale Research Regulatory/ Legal Actions Contractual Enforcement Abuse Mitigation #ICANN50 Page 17
Recommend
More recommend