ICANN ICANN Email List Archives

[gnso-dow123]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: Hybrid Tiered Access Proposal (was Re: [gnso-dow123] Alternative proposal re Whois)

  • To: "Metalitz, Steven" <met@xxxxxxx>
  • Subject: Re: Hybrid Tiered Access Proposal (was Re: [gnso-dow123] Alternative proposal re Whois)
  • From: "Jordyn Buchanan" <jordyn.buchanan@xxxxxxxxx>
  • Date: Wed, 1 Nov 2006 18:00:40 -0500

On 11/1/06, Metalitz, Steven <met@xxxxxxx> wrote:


Our concerns with tiered access (which is your point 2) center on
scalability. What may work for .name, a thick registry which holds all the
Whois data (data for which there is very little demand, by the way), would
be much harder to apply to 800 + registrars (or even 200+ if that is the
"real" number).   Similarly, a need for .name Whois data occurs so rarely
that it may not be a major problem to stop and "enter into a contract"
before accessing it. We have not been able to figure out a way this could
possibly work in .com without major delays.


I think there are solutions here. The main stumbling block I've perceived for tiered access proposals in the past is "who gets access?". Here I'm proposing a fairly low bar for that--everyone who agrees (by contract) to play nice gets access. In previous iterations of the task force, we've discussed some possible approaches, and I'll speculate about some other options as well:

1) Have the contract actually be with a third party "certifier".  This
entity would actually issue digital certificates to the requester, which the
requester could use to identify him/herself to the various registrars.

2) Same as above, except the central authority would issue a
username/password.  Registrars could do some backend query to the central
authority to verify the username/password before displaying the full
information.

3) Probably the least work for registrars and maybe the most convenient for
the requester:  requesters contract with a third party, which operates a
Whois proxy that only contracting parties can interact with.  The requester
would go to one website for all requests, login, and then they would be able
to perform queries against any registrar's full DNS using the proxy.
Registrars would identify the third party proxy by IP address, which is a
common mechanism for distinguishing Whois behavior today.


The problem occurs on the other side of the transaction too; there are a
limited number of entities interested in bulk access so managing contracts
with them is not a problem in principle, but potentially millions of Whois
requesters would want access to the higher tier of data, and that could be
problematic even if the data, or even just the contractual mechanism, were
centralized on the data provider side.


Presumably there would have to be some funding mechanism to deal with this problem, but it seems to be purely one of resources.

Point 3 is sort of the flip-side of our proposal, and as I read it would
lead to a situation in which accurate contact data could not be obtained at
all.  Or would there be a Tier #3 of requesters who would be able to access
data under these circumstances?


Your proposal doesn't currently deal with "how to get access to data that's not published in the Whois", and this proposal doesn't either. Some sort of mechanism would have to be worked out in both cases--I've proposed my idea in a separate e-mail thread. Ross has suggested another idea for this problem space, which I hope to fairly summarize as "work with the registrar to get the data". There may be other ideas as well...

Jordyn

<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy