WHOIS Task Forces 1 and 2 Teleconference 4 November, 2004 - Minutes ATTENDEES:
GNSO Constituency representatives: Registrars constituency - Jordyn Buchanan - Co-Chair gTLD Registries constituency - David Maher Registrars constituency - Tom Keller
Commercial and Business Users constituency - Marilyn Cade
Non Commercial Users Constituency - Milton Mueller
Registrars constituency - Paul Stahura
Liaisons:
At-Large Advisory Committee (ALAC) liaisons - Thomas Roessler
GNSO Secretariat: Glen de Saint Géry
Absent:
ICANN Staff Manager: Barbara Roseman - absent - apologies
Intellectual Property Interests Constituency - Steve Metalitz - apologies
Internet Service and Connectivity Providers constituency: - Antonio Harris - apologies
Non Commercial Users Constituency - Marc Schneiders - apologies
gTLD Registries constituency: - Jeff Neuman - Co-Chair - apologies
Commercial and Business Users constituency - David Fares
Internet Service and Connectivity Providers constituency - Maggie Mansourkia- apologies
Intellectual Property Interests Constituency - Jeremy Banks
Intellectual Property Interests Constituency - Steve Metalitz
Amadeu Abril l Abril
At-Large Advisory Committee (ALAC) liaisons - Wendy Seltzer
MP3 Recording
Agenda:
Tiered access
- Is tiered access feasible?
- Who are the experts that could be invited to address the subject?
Jordyn Buchanan referred to the chart Thomas Roessler supplied as an initial start. Thomas Roessler outlined the proposed approach to identify requesters. ICANN would look at entities who would be data users, provide certificates and identify data user, certificate would be signed with a public key, when data user wanted information, the request would go to the Whois data provider who checks certificate, if nothing had not been revoked data would be returned. It was basically a standard technical way with the idea of avoiding large data bases. Public data bases were certification lists which were much smaller.
High level - same as keeping a lot of lists, on a practical level - scales better Authentication would be enough to get authorization for accessing Whois
When the identity had been verified and user would be able to get the information.
2 elements were required:
- proof of ID
- what kind of entities would provide authentication services.
Jordyn Buchanan commented:
The proposition identified a particular way of identifying, ICANN could accredit authentication providers, to provide users with credentials.
Could be done with passwords etc. but a set of authentication providers was required.
Matched some general principals in the tiered access model that could be included, such as there should be no monopoly on authentication.
Discussion followed on data protection, certificate revocation, and criteria for authentication.
Jordyn Buchanan remarked that how people were identified was the first step
Jordyn Buchanan commented that a general framework had been provided but there were many unanswered questions.
In an attempt to move forward some of the questions to answer: 1. How to identify people
- what information should be gathered: name, address, phone number,
- decide which information is important 2. How is the information verified 3. What sort of credentials would be issued 4. What sort of technical credentials would be supported by technical systems such as by IRIS 5. Who would be allowed to obtain a credential? 6. Once you have been identified and have a certificate, what can you do with it?
- might be part of the credentialing process, could involve agreeing to terms of service.
- have to figure out what goes into that certificate
- ability to revoke the credentials
7. How to go about identifying information?
- different approaches that could be used
8. What does the Whois user need to provide
Action: Jordyn Buchanan proposed:
1. Drawing up an initial list to verify:
Could be included:
Individual versus company, domain name holder, a domain name
name a address phone number
2. Should define the list before going to experts 3. Proposed industry experts:
Verisign, Godaddy, Rick Wesson and other certification companies, 4. What type of technical credentials? Proposed IRIS project
5. Briefing on CRISP /IRIS what sort of credentials useful to identify people
6. Cape Town meeting of task force 1/2
Next call Step by step procedure relating to conflicts with local law by Steve Metalitz
Jordyn Buchanan thanked everyone for their presence and participation.
The call ended at 12:15 EST, 18:10 CET Next Call: 9 November 2004
see: GNSO calendar
|