RE: [dow2tf] Tiered Access

["Tim Ruiz" <tim@xxxxxxxxxxx>]

So, can the tiered access model being proposed be summarized as:

Tier 1: Anonymous access to limited data.

Tier 2: Access to full data by anyone whose identity can be authenticated.
That identity (of the data user) can then be communicated to the
registrant/others as desired or required by local laws.

And that there is no recommendation at this time to try and determine
*groups* of data users who would qualify for more or less data access,
except of course for those already identified through contractual
obligations (registrars' for transfers, UDRP), or those with legal authority
obtained through due process.

See Thomas Roessler's comments/clarification dated 5/6/04, subject:
Notification, Accountability, and Balance.

Tim


-----Original Message-----
From: owner-dow2tf@xxxxxxxxxxxxxx [mailto:owner-dow2tf@xxxxxxxxxxxxxx] On
Behalf Of Jordyn A. Buchanan
Sent: Monday, May 17, 2004 8:59 AM
To: 2DOW2tf
Subject: [dow2tf] Tiered Access

As promised, here is some text trying to summarize where we are on the 
tiered access issue:

--

The task force believes that a system which provides different data 
sets to different users (also known as "tiered access") may serve as a 
useful mechanism to balance the privacy interests of registrants with 
the ongoing need to contact those registrants by other members of the 
Internet community.  The task force believes that such a system should 
be based on the following principles:

1) Technical and operational details about the domain name, along with 
the name and country for both the registrant and administrative 
contact, should continue to be displayed to the public.  Further 
contact details for the registrant and administrative contact would 
only be available in one or more protected tiers.
2) Registrants can direct that some or all of their protected data be 
displayed to the public.
3) Those seeking access to protected information should be able to 
obtain it in a timely manner.
4) The credentials used to obtain access to protected information 
should be issued in a centralized manner, rather than on a 
registrar-by-registrar (or even registry-by-registry) basis.
5) The  system should be affordable, both for implementers and users.

However, the task force also identified several questions that still 
must be answered before a tiered access system can be implemented.  
Specifically:

1) What are the mechanisms available for identifying and authorizing 
those requesting access to protected information?  Are those mechanisms 
fast?  Are they affordable?  Are they online?
2) What contact data should be shown in the protected tier?
3) Should registrants be notified when their protected data is accessed 
other than in circumstances required by law or contract?