Re: Hybrid Tiered Access Proposal (was Re: [gnso-dow123] Alternative proposal re Whois)

["Jordyn Buchanan" <jordyn.buchanan@xxxxxxxxx>]

On 11/1/06, Metalitz, Steven <met@xxxxxxx> wrote:
> Our concerns with tiered access (which is your point 2) center on
> scalability. What may work for .name, a thick registry which holds all the
> Whois data (data for which there is very little demand, by the way), would
> be much harder to apply to 800 + registrars (or even 200+ if that is the
> "real" number).   Similarly, a need for .name Whois data occurs so rarely
> that it may not be a major problem to stop and "enter into a contract"
> before accessing it. We have not been able to figure out a way this could
> possibly work in .com without major delays.

I think there are solutions here.  The main stumbling block I've perceived
for tiered access proposals in the past is "who gets access?".  Here I'm
proposing a fairly low bar for that--everyone who agrees (by contract) to
play nice gets access.  In previous iterations of the task force, we've
discussed some possible approaches, and I'll speculate about some other
options as well:

1) Have the contract actually be with a third party "certifier".  This
entity would actually issue digital certificates to the requester, which the
requester could use to identify him/herself to the various registrars.

2) Same as above, except the central authority would issue a
username/password.  Registrars could do some backend query to the central
authority to verify the username/password before displaying the full
information.

3) Probably the least work for registrars and maybe the most convenient for
the requester:  requesters contract with a third party, which operates a
Whois proxy that only contracting parties can interact with.  The requester
would go to one website for all requests, login, and then they would be able
to perform queries against any registrar's full DNS using the proxy.
Registrars would identify the third party proxy by IP address, which is a
common mechanism for distinguishing Whois behavior today.


> The problem occurs on the other side of the transaction too; there are a
> limited number of entities interested in bulk access so managing contracts
> with them is not a problem in principle, but potentially millions of Whois
> requesters would want access to the higher tier of data, and that could be
> problematic even if the data, or even just the contractual mechanism, were
> centralized on the data provider side.

Presumably there would have to be some funding mechanism to deal with this
problem, but it seems to be purely one of resources.

Point 3 is sort of the flip-side of our proposal, and as I read it would
> lead to a situation in which accurate contact data could not be obtained at
> all.  Or would there be a Tier #3 of requesters who would be able to access
> data under these circumstances?

Your proposal doesn't currently deal with "how to get access to data that's
not published in the Whois", and this proposal doesn't either.  Some sort of
mechanism would have to be worked out in both cases--I've proposed my idea
in a separate e-mail thread.  Ross has suggested another idea for this
problem space, which I hope to fairly summarize as "work with the registrar
to get the data".  There may be other ideas as well...

Jordyn