So, can the tiered access model being proposed be summarized as:
Tier 1: Anonymous access to limited data.
Tier 2: Access to full data by anyone whose identity can be
authenticated.
That identity (of the data user) can then be communicated to the
registrant/others as desired or required by local laws.
And that there is no recommendation at this time to try and determine
*groups* of data users who would qualify for more or less data access,
except of course for those already identified through contractual
obligations (registrars' for transfers, UDRP), or those with legal
authority
obtained through due process.
See Thomas Roessler's comments/clarification dated 5/6/04, subject:
Notification, Accountability, and Balance.
Tim
-----Original Message-----
From: owner-dow2tf@xxxxxxxxxxxxxx [mailto:owner-dow2tf@xxxxxxxxxxxxxx]
On
Behalf Of Jordyn A. Buchanan
Sent: Monday, May 17, 2004 8:59 AM
To: 2DOW2tf
Subject: [dow2tf] Tiered Access
As promised, here is some text trying to summarize where we are on the
tiered access issue:
--
The task force believes that a system which provides different data
sets to different users (also known as "tiered access") may serve as a
useful mechanism to balance the privacy interests of registrants with
the ongoing need to contact those registrants by other members of the
Internet community. The task force believes that such a system should
be based on the following principles:
1) Technical and operational details about the domain name, along with
the name and country for both the registrant and administrative
contact, should continue to be displayed to the public. Further
contact details for the registrant and administrative contact would
only be available in one or more protected tiers.
2) Registrants can direct that some or all of their protected data be
displayed to the public.
3) Those seeking access to protected information should be able to
obtain it in a timely manner.
4) The credentials used to obtain access to protected information
should be issued in a centralized manner, rather than on a
registrar-by-registrar (or even registry-by-registry) basis.
5) The system should be affordable, both for implementers and users.
However, the task force also identified several questions that still
must be answered before a tiered access system can be implemented.
Specifically:
1) What are the mechanisms available for identifying and authorizing
those requesting access to protected information? Are those mechanisms
fast? Are they affordable? Are they online?
2) What contact data should be shown in the protected tier?
3) Should registrants be notified when their protected data is accessed
other than in circumstances required by law or contract?