ICANN, profile picture
Uploaded byICANN
598 views

Thick whois policy implementation meeting with the irt icann53

1) The document discusses the transition from thin to thick WHOIS for .COM, .NET, and .JOBS domains as well as implementing consistent labeling and display of WHOIS output for all gTLDs. 2) A legal review was conducted on applicable laws regarding transitioning from a thin to thick WHOIS model. 3) The timeline assumes legal review completion in 2015, design and public comment on implementation plans in 2015-2016, and implementation by affected parties starting in 2017.

Embed presentation

Downloaded 10 times
Thick Whois Implementation Meeting with the IRT | ICANN 53 | 24 June 2015
| 2 Background and Status of Implementation Transition from thin to thick for .COM, .NET and .JOBS Incl. Legal Review Consistent Labeling and Display of Whois Output for all gTLDs 1 2 33 Agenda 30 min50 min10 min
Background and Status of Implementation
| 4 ¤  Thick Whois Policy Development Process (Mar. 2012 – Oct. 2013) http://gnso.icann.org/en/group-activities/active/thick-whois ¤  Policy Recommendations adopted by the ICANN Board in Feb. 2014 http://www.icann.org/en/groups/board/documents/resolutions-07feb14- en.htm#2.c ¤  Two expected outcomes (policy recommendation #1) -  Transition from thin to thick WHOIS for .COM, .NET and .JOBS -  Consistent labeling and display for all gTLDs per Spec 3 RAA 2013 ¤  Decoupling of implementation of the two outcomes in line with Implementation Considerations (Final Report of Thick WHOIS PDP) Background
| 5 Policy Recommendations vs. Outcomes 1 The provision of thick Whois services, with a consistent labeling and display as per the model outlined in specification 3 of the 2013 RAA, should become a requirement for all gTLD registries, both existing and future Explain the first summary point here Explain the third summary point here Transition from thin to thick for .COM, .NET and .JOBS Consistent Labeling and Display of Whois Output for all gTLDs as per Spec 3 of 2013 RAA 2 Consideration of input provided in Public Comments before Board Resolution 3 As part of the implementation process, a legal review of law applicable to the transition of data from a thin to thick model not already been considered in the EWG memo is undertaken Outcomes
| 6 Thick Whois, Consistent Labeling & Display ¤  Domain Name Registrations include two sets of data -  Data associated with the domain name -  Data associated with the registrant and its contacts ¤  Thin vs. Thick Registration Model -  Thin model: the Registry manages the domain data only -  Thick model: the Registry manages the domain data & stores the registrant data -  The Consistent Labeling & Display part of the Thick Whois Policy adds the registrar-specifc data to the Thick Registration Model Domain  Name:  ICANN.COM   Registrar:  GODADDY.COM,  LLC   Sponsoring  Registrar  IANA  ID:  146   Whois  Server:  whois.godaddy.com   Referral  URL:  hIp://registrar.godaddy.com   Name  Server:  A.IANA-­‐SERVERS.NET   Name  Server:  B.IANA-­‐SERVERS.NET   Name  Server:  C.IANA-­‐SERVERS.NET   Name  Server:  NS.ICANN.ORG   Status:  clientDeleteProhibited     Status:  clientRenewProhibited   Status:  clientTransferProhibited   Status:  clientUpdateProhibited     Updated  Date:  19-­‐oct-­‐2014   CreaVon  Date:  14-­‐sep-­‐1998   ExpiraVon  Date:  19-­‐oct-­‐2023   Domain  Name:  ICANN.COM   Registry  Domain  ID:  2346839_DOMAIN_COM-­‐VRSN   Registrar  WHOIS  Server:  whois.godaddy.com   Registrar  URL:  hIp://www.godaddy.com   Update  Date:  2014-­‐10-­‐19T17:48:11Z   CreaVon  Date:  1998-­‐09-­‐14T04:00:00Z   Registrar  RegistraVon  ExpiraVon  Date:  2023-­‐10-­‐19T03:59:59Z   Registrar:  GoDaddy.com,  LLC   Registrar  IANA  ID:  146   Registrar  Abuse  Contact  Email:  email@godaddy.com   Registrar  Abuse  Contact  Phone:  +1.480-­‐624-­‐2505   Domain  Status:  clientTransferProhibited     Domain  Status:  clientUpdateProhibited     Domain  Status:  clientRenewProhibited     Domain  Status:  clientDeleteProhibited     Registry  Registrant  ID:     Registrant  Contact  InformaVon  (+)   Registry  Admin  ID:     Admin  Contact  InformaVon    (+)   Registry  Tech  ID:     Tech  Contact  InformaVon    (+)   Name  Server:  NS.ICANN.ORG   Name  Server:  A.IANA-­‐SERVERS.NET   Name  Server:  B.IANA-­‐SERVERS.NET   Name  Server:  C.IANA-­‐SERVERS.NET   DNSSEC:  unsigned   .COMRegistryWhoisOutput .COMRegistarWhoisOutput
| 7 On balance, the Thick Whois Final Report concluded that there are more benefits than disadvantages to requiring thick Whois for all gTLDs, such as: ¤  Improved response consistency ¤  Improved access to Whois data (registry vs. registrars accessibility) ¤  Improved stability (increased availability in case of failure) ¤  More copies of escrowed data in the event of a failure ¤  No overly burdensome cost impact on providers of Whois data ¤  More level playing field for competition between registry provider (Selected from the PDP Working Group deliberations available in the final report http://gnso.icann.org/en/issues/whois/thick-final-21oct13-en.pdf) The Value of Thick Whois
| 8 ¤  Release of Legal Review Memo on June 8 (Review of Law Applicable to the Transition of Data from a Thin to Thick Whois Model as per Policy Recommentation #3) Recent Activity Transition from thin to thick WHOIS for .COM, .NET, .JOBS ¤  Revised Impact Impact Assessment released and discussed with IRT at ICANN 52. No subsequent feedback received from IRT. ¤  IPT development of implementation plan (synchronized with other relevant initiatives) delayed due to impact of RDAP on RDDS landscape Consistent Labeling and Display of WHOIS Ouput for all gTLDs Current documentation available at: https://community.icann.org/display/TWCPI/Documentation
| 9 Current Timeline Assumptions 2015 Apr Aug DecOctJun Jul Sep NovMar May 2016 Feb AprJan Aug DecOctJun Jul Sep NovMar May Legal Review Design of implementation plan with experts from affected parties (Incl. Public Comment period) Implementation of transition by affected parties Transition from thin to thick Whois of .COM, .NET, .JOBS Consistent labeling & display of Whois output for all gTLDs as per RAA 2013 Design of Implementation plan (incl. Public Comment period) 2017 Feb AprJan Mar May Implementation of policy by affected parties
Transition from thin to thick for .COM, .NET and .JOBS
| 11 Legal Review: Policy Recommendation #3 ¤  Recommendation #3 of the GNSO Council Consensus Policy Recommendations on Thick Whois adopted by the Board on 7 February 2014 (the “Thick Whois Policy”) required: “As part of the implementation process, a legal review of law applicable to the transition of data from a thin to thick model not already been considered in the EWG memo is undertaken, and due consideration is given to potential privacy issues that may arise from the discussions on the transition from thin to thick Whois, including, for example, guidance on how the long-standing contractual requirement that registrars give notice to, and obtain consent from, each registrant for uses of any personally identifiable data submitted by the registrant should apply to registrations involved in the transition. Should any privacy issues emerge from these transition discussions that were not anticipated by the WG and which would require additional policy consideration, the Implementation Review Team is expected to notify the GNSO Council of these so that appropriate action can be taken”
| 12 Legal Review: Scope ¤  General survey of EU data protection laws which serve as a basis for many data protection laws around the world ¤  Survey to examine whether there are any significant concerns not already identified or addressed in the EWG Memo or the Thick Whois Final Report ¤  Implementation considerations about the transition to thick Whois for discussion by the IRT
| 13 Legal Review: Legal Considerations(1) ¤  In some countries, Registrars may need to establish a ‘lawful basis’ for: -  Disclosure of Registrants’ personal data to the Registry -  Transfer of such data to another country ¤  Registrant Consent may constitute a lawful basis, and may be the most suitable approach, despite some possible implementation challenges: -  In certain jurisdiction there exist the right to revoke consent -  The validity of consent as “freely given” may be challenged ¤  Legitimate Interests can be an alternative basis, if with greater challenges : -  Security, stability and resiliency of the Internet would be legitimate -  However, additional steps would need to be taken to address data transfer requirements. These may require DPA approval and have other constraints ¤  Additional options to address transfer of data could be: -  Privacy/proxy services -  Thick Whois with data localized in region subject to restrictions (1) To assist with the legal analysis, ICANN engaged Bird & Bird, a Leading international law firm with a highly regarded International Privacy & Data Protection Group
| 14 Legal Review: Implementation Considerations ¤  Registrant Consent is likely to be the most expedient way of addressing the transition to thick Whois ¤  Where conflict exists between local privacy laws and thick Whois requirements, ICANN’s Procedure for Handling WHOIS Conflicts with Privacy Laws is available to contracted parties ¤  Contracted parties may wish also to consider requesting amendments to or waivers from specific contractual requirements ¤  Registration Data Access Protocol (RDAP) could be a means of mitigating conflicts, in particular thanks to its redirection feature: -  Whois look up would appear thick even if all data is not stored with the Registry -  Consistency with Policy Recommendation #1 may be questioned
| 15 Legal Review: RDAP redirection RegistryRegistrar Registrar Jurisdiction Allowing Transfer of Registration Data Jurisdiction Not Allowing Transfer of Registration Data RDDS End-User RDAP-based RDDS All Registration Data Transferred at time of Registration (or as part of transition) All Registration Data Not Transferred at time of Registration (or as part of transition) RDAP-based RDDS (1) Requests Registration Data (2) Returns Full Registration Data (2) Returns Redirection and/or Domain Data + Reference to Registar RDAP Server (3) Request Additional Registration Data (4) Returns Registrant + Registrar Data
| 16 ¤  Discuss Implementation considerations and open questions -  Registrant Consent requirements applicable to transfer of data -  Handling of conflicts with Privacy laws -  Consistency with Policy recommendation of RDAP to mitigate conflicts -  Channel for transfer of data for existing registrations -  Timeline for transfer of data -  Supporting measure to assist stakeholders with the transition ¤  Work out implementation details with Group of experts from affected Partes -  12 volunteers representing 10 registrars joined the IRT in dec. 2014 -  Potential bi-weekly meetings if appropriate ¤  Aim to deliver : -  Initial Draft Implementation Plan by September 2015 -  Final implementation Plan by end of 2015 including public comments Next Steps
Consistent Labeling and Display of Whois Output for all gTLDs
| 18 ¤  Revised Impact Assesment -  Interpretation of “consistent labeling and display” as requiring the consistent display of all the required Output fields, including: -  Registrar Abuse Contact -  Reseller Information -  Distinction of High and Low Impacts (distributed vs. local developments) -  Development of an EPP Extension required for implementation of high impacts (est. 6 additional months) ¤  Synchronization of implementation with other relevant initiative (as per earlier IRT Feedback) : -  Low Impact with Whois Clarifications -  High Impact with RDAP Conclusions of last IRT Meeting (ICANN 52)
Text ConfidenVal  –  For  ICANN  internal  use  only  2014 2015 Feb AprJan Aug DecOctJun Jul Sep NovMar May 2016 DecOct Nov Feb AprJan Aug DecOctJun Jul Sep NovMar May Finalization of Implementation Plan Update to EPP Standard (High Impact requirements) Ry/Rr EPP Systems Update Whois Clarifications Effective Date ICANN 52 Implementation by Contracted Parties AWIP + Whois Clarifications (Assumption) ICANN 52 Implementation of RDAP by Ry/Rr IETF RFCs Published Operational Profile Definition RDAP (Assumption) RDAP Effective Date TW CL&D Policy Effective Date Inclusion of CL&D Requirements to RDAP Operation Profile Ry/Rr Systems Update (Low/Med. Impact Requirements) 12 months 6 months 6 months Thick  WHOIS     Consitent  Labeling  &  Display   Conclusions of last IRT Meeting (ICANN 52)
| 20 ¤  Whois Clarifications Advisory https://www.icann.org/resources/pages/registry-agreement-raa-rdds-2015-04-27-en -  Published 27 April 2015 -  Effective 31 January 2016 -  Only applies to New gTLDs and 2013 RAA signatories -  CL&D Implementation unable to catch up with timeline of the advisory contrary to what was initially anticipated ¤  The Registration Data Access Protocol (RDAP) is entering the landscape http://datatracker.ietf.org/wg/weirds/documents/ -  RFCs 7480-7484 published on 25 March -  ICANN GDD initiated development of implementation plan and is currently engaging the community -  Implementation by contracted parties could start in 2016 New developments since ICANN 52
| 21 The impact of RDAP: Definitions ¤  Registration Data Access Protocol (RDAP) -  Refers to the new protocol defined in RFCs 7480 to 7485 -  It is meant to replace the WHOIS protocol as the reference access protocol to domain name registration data (in addition to IP address registration data)   ¤  The term Whois is overloaded (see SAC051), it can mean -  The WHOIS protocol defined in RFC 3912 (Port-43) used to access domain name registration data (and IP address registration data) -  The actual domain name registration data -  The overall Registration Data Directory Service ¤  Registration Data Directory Service (RDDS) -  Refers to the overall domain name registration data directory service as defined in RA Specification 4 and 2013 RAA Specification 3 -  Specification mandate distribution of Data over WHOIS Port 43 and a Web interface (HTML rendering of WHOIS Port 43 output in practice) -  “Until ICANN requires a different protocol”
| 22 The impact of RDAP: End-user view Whois RDAP
| 23 Consistent Labeling & Display - without RDAP Registration Data Layer Thick Whois Consensus Policy Consistent Labeling and Display Registrant & Contacts Data Registrar- Specifc Data Domain Name Data Web-based Directory Service (HTML rendering of WHOIS Port 43 in practice) Presentation Layer Require transfer to and storage by registries Require all outputs to be consistent with Spec 3 RAA End-Users of Registration Data Distribution Services (RDDS) WHOIS Protocol (Port 43)
| 24 Consistent Labeling & Display - with RDAP Registration Data Layer Thick Whois Consensus Policy Consistent Labeling and Display Registrant & Contacts Data Registrar- Specifc Data Domain Name Data RDAP Protocol Web-based Directory Service (Updated ?) Presentation Layer RDAP Implementation Requirements (Operational Profile) Require transfer to and storage by registries Rely on RDAP Requirements for consistency End-Users of Registration Data Distribution Services (RDDS)
| 25 ¤  CL&D Implementation to only affect RDAP Output, no changes to WHOIS Port 43 ¤  CL&D Implementation Plan dependent on RDAP -  RDAP consistency with Policy Recommendation #1 ? -  Future of Web-based Directory service Requirements ? -  RDAP Deployement Timeline ¤  EPP Extension development for Registrar Registration Expiration Date and Reseller Information -  Current effort ongoing at IETF: https://datatracker.ietf.org/doc/draft-zhou-eppext-reseller-mapping/ -  Missing the Registrar Registration Expiration Date -  Involvement of ICANN Staff upon release of CL&D Final implementation plan ¤  Collaboration of Registrars (indirectly affected) in transferring relevant data to registries for existing registrations and non-EPP data -  Channels and efficiency measures -  Any Forseeable issues not already identified CL&D Implementation – Proposals & Open Issues
Text 2015 Feb AprJan Aug DecOctJun Jul Sep NovMar May 2016 Feb AprJan Aug DecOctJun Jul Sep NovMar May ICANN 52 ICANN 53 ICANN 55 (A) ICANN 56 (B) ICANN 57 (C) GDD Summit RDAP Operational Profile Development (incl community Input) Implementation of RDAP by Registries and Registrars FebJan Mar 2017 Draft Implementation Plan CL&D EPP Extension Development CL&D High Impact Implementation Public Comments on Draft Implementation Plan Final Implementation Plan CL&D Low Impact Implementation ICANN 54 Thick  WHOIS     Consitent  Labeling  &  Display   RDAP   CL&D Implementation – Timeline (Est.)
Text 2015 Feb AprJan Aug DecOctJun Jul Sep NovMar May 2016 Feb AprJan Aug DecOctJun Jul Sep NovMar May ICANN 52 ICANN 53 ICANN 55 (A) ICANN 56 (B) ICANN 57 (C) GDD Summit RDAP Operational Profile Development (incl community Input) Implementation of RDAP by Registries and Registrars FebJan Mar 2017 Draft Implementation Plan CL&D EPP Extension Development CL&D High Impact Implementation Public Comments on Draft Implementation Plan Final Implementation Plan CL&D Low Impact Implementation ICANN 54 Overall Timeline – Current Estimate Thick  WHOIS     Consitent  Labeling  &  Display   RDAP   Transi?on  from  thin  to  thick     for  .COM,  .NET  &  .JOBS   Legal Review Design of implementation plan with experts from affected parties (Incl. Public Comment period) Implementation of transition by affected parties
Thick whois policy implementation meeting with the irt icann53

More Related Content

PDF
OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...
byNETWAYS
 
PPT
Registrar Constituency GNSO Update
byrrader
 
PDF
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
byThis account is closed
 
PDF
Registrars + law enforcement icann53
byICANN
 
PDF
La Croissance de L’Économie Numérique
byICANN
 
PDF
ICANN Strategic Plan 2016-2020 (Poster)
byICANN
 
PDF
Policy Development Process Infographic Portuguese
byICANN
 
PDF
Next steps for whois accuracy reporting icann53
byICANN
 
OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...
byNETWAYS
 
Registrar Constituency GNSO Update
byrrader
 
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
byThis account is closed
 
Registrars + law enforcement icann53
byICANN
 
La Croissance de L’Économie Numérique
byICANN
 
ICANN Strategic Plan 2016-2020 (Poster)
byICANN
 
Policy Development Process Infographic Portuguese
byICANN
 
Next steps for whois accuracy reporting icann53
byICANN
 

Viewers also liked

PDF
Supporting Global Discussion: IANA Stewardship Transition
byICANN
 
PDF
Policy Development Process Infographic Russian
byICANN
 
PDF
Idn root zone lgr workshop icann53
byICANN
 
PDF
Universal Acceptance Steering Group Workshop ICANN53
byICANN
 
PDF
Gdd update icann53
byICANN
 
PDF
ICANN53 Fadi Chehadé Keynote
byICANN
 
PDF
What’s the New ICANN Meeting Strategy?
byICANN
 
PDF
Idn program update icann53
byICANN
 
PDF
How it works domain name registry protocol icann53
byICANN
 
PDF
Plan stratégique de l'ICANN 2016-2020
byICANN
 
PDF
IDN Access Domain Names Infographic Chinese
byICANN
 
PDF
ICANN Expected Standards of Behavior | Chinese
byICANN
 
PPTX
Call for Volunteers: Accountability & Transparency Review Team_ZH
byICANN
 
PDF
Call for Volunteers: Accountability & Transparency Review Team
byICANN
 
PDF
Future of the Internet | Media Briefing from Bangkok, Thailand [19 August 2015]
byICANN
 
PDF
How it works internet networking icann53
byICANN
 
PDF
Policy Development Process Infographic Turkish
byICANN
 
PDF
IDN Access Domain Names Infographic English
byICANN
 
PDF
ICANN Expected Standards of Behavior
byICANN
 
PDF
How it works internet standards setting icann53
byICANN
 
Supporting Global Discussion: IANA Stewardship Transition
byICANN
 
Policy Development Process Infographic Russian
byICANN
 
Idn root zone lgr workshop icann53
byICANN
 
Universal Acceptance Steering Group Workshop ICANN53
byICANN
 
Gdd update icann53
byICANN
 
ICANN53 Fadi Chehadé Keynote
byICANN
 
What’s the New ICANN Meeting Strategy?
byICANN
 
Idn program update icann53
byICANN
 
How it works domain name registry protocol icann53
byICANN
 
Plan stratégique de l'ICANN 2016-2020
byICANN
 
IDN Access Domain Names Infographic Chinese
byICANN
 
ICANN Expected Standards of Behavior | Chinese
byICANN
 
Call for Volunteers: Accountability & Transparency Review Team_ZH
byICANN
 
Call for Volunteers: Accountability & Transparency Review Team
byICANN
 
Future of the Internet | Media Briefing from Bangkok, Thailand [19 August 2015]
byICANN
 
How it works internet networking icann53
byICANN
 
Policy Development Process Infographic Turkish
byICANN
 
IDN Access Domain Names Infographic English
byICANN
 
ICANN Expected Standards of Behavior
byICANN
 
How it works internet standards setting icann53
byICANN
 

Similar to Thick whois policy implementation meeting with the irt icann53

PDF
ICANN 51: Thick WHOIS Implementation (working session)
byICANN
 
PDF
ICANN 50: Thick Whois Consensus Policy Implementation
byICANN
 
PDF
What is WHOIS?
byICANN
 
PDF
GDPR and Whois at ICANN
byAPNIC
 
PPT
ICANN GNSO Whois Task Force - Operational Point of Contact
byrrader
 
PDF
ICANN 52: Global Domains Division (GDD) Update
byICANN
 
PDF
ICANN 51: Registry Services Update
byICANN
 
PDF
Experience Using RIR Whois
byAPNIC
 
PDF
ICANN 51: Global Domains Division Update
byICANN
 
ICANN 51: Thick WHOIS Implementation (working session)
byICANN
 
ICANN 50: Thick Whois Consensus Policy Implementation
byICANN
 
What is WHOIS?
byICANN
 
GDPR and Whois at ICANN
byAPNIC
 
ICANN GNSO Whois Task Force - Operational Point of Contact
byrrader
 
ICANN 52: Global Domains Division (GDD) Update
byICANN
 
ICANN 51: Registry Services Update
byICANN
 
Experience Using RIR Whois
byAPNIC
 
ICANN 51: Global Domains Division Update
byICANN
 

More from ICANN

PPTX
Call for Volunteers: Accountability & Transparency Review Team_PT
byICANN
 
PPTX
Call for Volunteers: Accountability & Transparency Review Team_ES
byICANN
 
PPTX
Call for Volunteers: Accountability & Transparency Review Team_AR
byICANN
 
PPTX
Call for Volunteers: Accountability & Transparency Review Team_FR
byICANN
 
PPTX
Call for Volunteers: Accountability & Transparency Review Team_RU
byICANN
 
PDF
ICANN Expected Standards of Behavior | French
byICANN
 
PDF
ICANN Expected Standards of Behavior | Russian
byICANN
 
PDF
ICANN Expected Standards of Behavior | Arabic
byICANN
 
PDF
ICANN Expected Standards of Behavior | Spanish
byICANN
 
PDF
Policy Development Process Infographic Spanish
byICANN
 
PDF
Policy Development Process Infographic French
byICANN
 
PDF
Policy Development Process Infographic English
byICANN
 
PDF
Policy Development Process Infographic Chinese
byICANN
 
PDF
Policy Development Process Infographic Arabic
byICANN
 
PDF
How are gTLD Policies Implemented | French
byICANN
 
PDF
How are gTLD Policies Implemented | Spanish
byICANN
 
PDF
El Crecimiento de la Economía Digital
byICANN
 
PDF
O Crescimento da Economia Digital
byICANN
 
PDF
The Growth of the Digital Economy
byICANN
 
PDF
3 Phases of the IANA Stewardship Transition
byICANN
 
Call for Volunteers: Accountability & Transparency Review Team_PT
byICANN
 
Call for Volunteers: Accountability & Transparency Review Team_ES
byICANN
 
Call for Volunteers: Accountability & Transparency Review Team_AR
byICANN
 
Call for Volunteers: Accountability & Transparency Review Team_FR
byICANN
 
Call for Volunteers: Accountability & Transparency Review Team_RU
byICANN
 
ICANN Expected Standards of Behavior | French
byICANN
 
ICANN Expected Standards of Behavior | Russian
byICANN
 
ICANN Expected Standards of Behavior | Arabic
byICANN
 
ICANN Expected Standards of Behavior | Spanish
byICANN
 
Policy Development Process Infographic Spanish
byICANN
 
Policy Development Process Infographic French
byICANN
 
Policy Development Process Infographic English
byICANN
 
Policy Development Process Infographic Chinese
byICANN
 
Policy Development Process Infographic Arabic
byICANN
 
How are gTLD Policies Implemented | French
byICANN
 
How are gTLD Policies Implemented | Spanish
byICANN
 
El Crecimiento de la Economía Digital
byICANN
 
O Crescimento da Economia Digital
byICANN
 
The Growth of the Digital Economy
byICANN
 
3 Phases of the IANA Stewardship Transition
byICANN
 

Thick whois policy implementation meeting with the irt icann53

  • 1.
    Thick Whois Implementation Meetingwith the IRT | ICANN 53 | 24 June 2015
  • 2.
    | 2 Background and Statusof Implementation Transition from thin to thick for .COM, .NET and .JOBS Incl. Legal Review Consistent Labeling and Display of Whois Output for all gTLDs 1 2 33 Agenda 30 min50 min10 min
  • 3.
  • 4.
    | 4 ¤  ThickWhois Policy Development Process (Mar. 2012 – Oct. 2013) http://gnso.icann.org/en/group-activities/active/thick-whois ¤  Policy Recommendations adopted by the ICANN Board in Feb. 2014 http://www.icann.org/en/groups/board/documents/resolutions-07feb14- en.htm#2.c ¤  Two expected outcomes (policy recommendation #1) -  Transition from thin to thick WHOIS for .COM, .NET and .JOBS -  Consistent labeling and display for all gTLDs per Spec 3 RAA 2013 ¤  Decoupling of implementation of the two outcomes in line with Implementation Considerations (Final Report of Thick WHOIS PDP) Background
  • 5.
    | 5 Policy Recommendationsvs. Outcomes 1 The provision of thick Whois services, with a consistent labeling and display as per the model outlined in specification 3 of the 2013 RAA, should become a requirement for all gTLD registries, both existing and future Explain the first summary point here Explain the third summary point here Transition from thin to thick for .COM, .NET and .JOBS Consistent Labeling and Display of Whois Output for all gTLDs as per Spec 3 of 2013 RAA 2 Consideration of input provided in Public Comments before Board Resolution 3 As part of the implementation process, a legal review of law applicable to the transition of data from a thin to thick model not already been considered in the EWG memo is undertaken Outcomes
  • 6.
    | 6 Thick Whois,Consistent Labeling & Display ¤  Domain Name Registrations include two sets of data -  Data associated with the domain name -  Data associated with the registrant and its contacts ¤  Thin vs. Thick Registration Model -  Thin model: the Registry manages the domain data only -  Thick model: the Registry manages the domain data & stores the registrant data -  The Consistent Labeling & Display part of the Thick Whois Policy adds the registrar-specifc data to the Thick Registration Model Domain  Name:  ICANN.COM   Registrar:  GODADDY.COM,  LLC   Sponsoring  Registrar  IANA  ID:  146   Whois  Server:  whois.godaddy.com   Referral  URL:  hIp://registrar.godaddy.com   Name  Server:  A.IANA-­‐SERVERS.NET   Name  Server:  B.IANA-­‐SERVERS.NET   Name  Server:  C.IANA-­‐SERVERS.NET   Name  Server:  NS.ICANN.ORG   Status:  clientDeleteProhibited     Status:  clientRenewProhibited   Status:  clientTransferProhibited   Status:  clientUpdateProhibited     Updated  Date:  19-­‐oct-­‐2014   CreaVon  Date:  14-­‐sep-­‐1998   ExpiraVon  Date:  19-­‐oct-­‐2023   Domain  Name:  ICANN.COM   Registry  Domain  ID:  2346839_DOMAIN_COM-­‐VRSN   Registrar  WHOIS  Server:  whois.godaddy.com   Registrar  URL:  hIp://www.godaddy.com   Update  Date:  2014-­‐10-­‐19T17:48:11Z   CreaVon  Date:  1998-­‐09-­‐14T04:00:00Z   Registrar  RegistraVon  ExpiraVon  Date:  2023-­‐10-­‐19T03:59:59Z   Registrar:  GoDaddy.com,  LLC   Registrar  IANA  ID:  146   Registrar  Abuse  Contact  Email:  [email protected]   Registrar  Abuse  Contact  Phone:  +1.480-­‐624-­‐2505   Domain  Status:  clientTransferProhibited     Domain  Status:  clientUpdateProhibited     Domain  Status:  clientRenewProhibited     Domain  Status:  clientDeleteProhibited     Registry  Registrant  ID:     Registrant  Contact  InformaVon  (+)   Registry  Admin  ID:     Admin  Contact  InformaVon    (+)   Registry  Tech  ID:     Tech  Contact  InformaVon    (+)   Name  Server:  NS.ICANN.ORG   Name  Server:  A.IANA-­‐SERVERS.NET   Name  Server:  B.IANA-­‐SERVERS.NET   Name  Server:  C.IANA-­‐SERVERS.NET   DNSSEC:  unsigned   .COMRegistryWhoisOutput .COMRegistarWhoisOutput
  • 7.
    | 7 On balance,the Thick Whois Final Report concluded that there are more benefits than disadvantages to requiring thick Whois for all gTLDs, such as: ¤  Improved response consistency ¤  Improved access to Whois data (registry vs. registrars accessibility) ¤  Improved stability (increased availability in case of failure) ¤  More copies of escrowed data in the event of a failure ¤  No overly burdensome cost impact on providers of Whois data ¤  More level playing field for competition between registry provider (Selected from the PDP Working Group deliberations available in the final report http://gnso.icann.org/en/issues/whois/thick-final-21oct13-en.pdf) The Value of Thick Whois
  • 8.
    | 8 ¤  Releaseof Legal Review Memo on June 8 (Review of Law Applicable to the Transition of Data from a Thin to Thick Whois Model as per Policy Recommentation #3) Recent Activity Transition from thin to thick WHOIS for .COM, .NET, .JOBS ¤  Revised Impact Impact Assessment released and discussed with IRT at ICANN 52. No subsequent feedback received from IRT. ¤  IPT development of implementation plan (synchronized with other relevant initiatives) delayed due to impact of RDAP on RDDS landscape Consistent Labeling and Display of WHOIS Ouput for all gTLDs Current documentation available at: https://community.icann.org/display/TWCPI/Documentation
  • 9.
    | 9 Current TimelineAssumptions 2015 Apr Aug DecOctJun Jul Sep NovMar May 2016 Feb AprJan Aug DecOctJun Jul Sep NovMar May Legal Review Design of implementation plan with experts from affected parties (Incl. Public Comment period) Implementation of transition by affected parties Transition from thin to thick Whois of .COM, .NET, .JOBS Consistent labeling & display of Whois output for all gTLDs as per RAA 2013 Design of Implementation plan (incl. Public Comment period) 2017 Feb AprJan Mar May Implementation of policy by affected parties
  • 10.
    Transition from thinto thick for .COM, .NET and .JOBS
  • 11.
    | 11 Legal Review:Policy Recommendation #3 ¤  Recommendation #3 of the GNSO Council Consensus Policy Recommendations on Thick Whois adopted by the Board on 7 February 2014 (the “Thick Whois Policy”) required: “As part of the implementation process, a legal review of law applicable to the transition of data from a thin to thick model not already been considered in the EWG memo is undertaken, and due consideration is given to potential privacy issues that may arise from the discussions on the transition from thin to thick Whois, including, for example, guidance on how the long-standing contractual requirement that registrars give notice to, and obtain consent from, each registrant for uses of any personally identifiable data submitted by the registrant should apply to registrations involved in the transition. Should any privacy issues emerge from these transition discussions that were not anticipated by the WG and which would require additional policy consideration, the Implementation Review Team is expected to notify the GNSO Council of these so that appropriate action can be taken”
  • 12.
    | 12 Legal Review:Scope ¤  General survey of EU data protection laws which serve as a basis for many data protection laws around the world ¤  Survey to examine whether there are any significant concerns not already identified or addressed in the EWG Memo or the Thick Whois Final Report ¤  Implementation considerations about the transition to thick Whois for discussion by the IRT
  • 13.
    | 13 Legal Review:Legal Considerations(1) ¤  In some countries, Registrars may need to establish a ‘lawful basis’ for: -  Disclosure of Registrants’ personal data to the Registry -  Transfer of such data to another country ¤  Registrant Consent may constitute a lawful basis, and may be the most suitable approach, despite some possible implementation challenges: -  In certain jurisdiction there exist the right to revoke consent -  The validity of consent as “freely given” may be challenged ¤  Legitimate Interests can be an alternative basis, if with greater challenges : -  Security, stability and resiliency of the Internet would be legitimate -  However, additional steps would need to be taken to address data transfer requirements. These may require DPA approval and have other constraints ¤  Additional options to address transfer of data could be: -  Privacy/proxy services -  Thick Whois with data localized in region subject to restrictions (1) To assist with the legal analysis, ICANN engaged Bird & Bird, a Leading international law firm with a highly regarded International Privacy & Data Protection Group
  • 14.
    | 14 Legal Review:Implementation Considerations ¤  Registrant Consent is likely to be the most expedient way of addressing the transition to thick Whois ¤  Where conflict exists between local privacy laws and thick Whois requirements, ICANN’s Procedure for Handling WHOIS Conflicts with Privacy Laws is available to contracted parties ¤  Contracted parties may wish also to consider requesting amendments to or waivers from specific contractual requirements ¤  Registration Data Access Protocol (RDAP) could be a means of mitigating conflicts, in particular thanks to its redirection feature: -  Whois look up would appear thick even if all data is not stored with the Registry -  Consistency with Policy Recommendation #1 may be questioned
  • 15.
    | 15 Legal Review:RDAP redirection RegistryRegistrar Registrar Jurisdiction Allowing Transfer of Registration Data Jurisdiction Not Allowing Transfer of Registration Data RDDS End-User RDAP-based RDDS All Registration Data Transferred at time of Registration (or as part of transition) All Registration Data Not Transferred at time of Registration (or as part of transition) RDAP-based RDDS (1) Requests Registration Data (2) Returns Full Registration Data (2) Returns Redirection and/or Domain Data + Reference to Registar RDAP Server (3) Request Additional Registration Data (4) Returns Registrant + Registrar Data
  • 16.
    | 16 ¤  DiscussImplementation considerations and open questions -  Registrant Consent requirements applicable to transfer of data -  Handling of conflicts with Privacy laws -  Consistency with Policy recommendation of RDAP to mitigate conflicts -  Channel for transfer of data for existing registrations -  Timeline for transfer of data -  Supporting measure to assist stakeholders with the transition ¤  Work out implementation details with Group of experts from affected Partes -  12 volunteers representing 10 registrars joined the IRT in dec. 2014 -  Potential bi-weekly meetings if appropriate ¤  Aim to deliver : -  Initial Draft Implementation Plan by September 2015 -  Final implementation Plan by end of 2015 including public comments Next Steps
  • 17.
    Consistent Labeling and Displayof Whois Output for all gTLDs
  • 18.
    | 18 ¤  RevisedImpact Assesment -  Interpretation of “consistent labeling and display” as requiring the consistent display of all the required Output fields, including: -  Registrar Abuse Contact -  Reseller Information -  Distinction of High and Low Impacts (distributed vs. local developments) -  Development of an EPP Extension required for implementation of high impacts (est. 6 additional months) ¤  Synchronization of implementation with other relevant initiative (as per earlier IRT Feedback) : -  Low Impact with Whois Clarifications -  High Impact with RDAP Conclusions of last IRT Meeting (ICANN 52)
  • 19.
    Text ConfidenVal  –  For  ICANN  internal  use  only  2014 2015 Feb AprJan Aug DecOctJun Jul Sep NovMar May 2016 DecOct Nov Feb AprJan Aug DecOctJun Jul Sep NovMar May Finalization of Implementation Plan Update to EPP Standard (High Impact requirements) Ry/Rr EPP Systems Update Whois Clarifications Effective Date ICANN 52 Implementation by Contracted Parties AWIP + Whois Clarifications (Assumption) ICANN 52 Implementation of RDAP by Ry/Rr IETF RFCs Published Operational Profile Definition RDAP (Assumption) RDAP Effective Date TW CL&D Policy Effective Date Inclusion of CL&D Requirements to RDAP Operation Profile Ry/Rr Systems Update (Low/Med. Impact Requirements) 12 months 6 months 6 months Thick  WHOIS     Consitent  Labeling  &  Display   Conclusions of last IRT Meeting (ICANN 52)
  • 20.
    | 20 ¤  WhoisClarifications Advisory https://www.icann.org/resources/pages/registry-agreement-raa-rdds-2015-04-27-en -  Published 27 April 2015 -  Effective 31 January 2016 -  Only applies to New gTLDs and 2013 RAA signatories -  CL&D Implementation unable to catch up with timeline of the advisory contrary to what was initially anticipated ¤  The Registration Data Access Protocol (RDAP) is entering the landscape http://datatracker.ietf.org/wg/weirds/documents/ -  RFCs 7480-7484 published on 25 March -  ICANN GDD initiated development of implementation plan and is currently engaging the community -  Implementation by contracted parties could start in 2016 New developments since ICANN 52
  • 21.
    | 21 The impactof RDAP: Definitions ¤  Registration Data Access Protocol (RDAP) -  Refers to the new protocol defined in RFCs 7480 to 7485 -  It is meant to replace the WHOIS protocol as the reference access protocol to domain name registration data (in addition to IP address registration data)   ¤  The term Whois is overloaded (see SAC051), it can mean -  The WHOIS protocol defined in RFC 3912 (Port-43) used to access domain name registration data (and IP address registration data) -  The actual domain name registration data -  The overall Registration Data Directory Service ¤  Registration Data Directory Service (RDDS) -  Refers to the overall domain name registration data directory service as defined in RA Specification 4 and 2013 RAA Specification 3 -  Specification mandate distribution of Data over WHOIS Port 43 and a Web interface (HTML rendering of WHOIS Port 43 output in practice) -  “Until ICANN requires a different protocol”
  • 22.
    | 22 The impactof RDAP: End-user view Whois RDAP
  • 23.
    | 23 Consistent Labeling& Display - without RDAP Registration Data Layer Thick Whois Consensus Policy Consistent Labeling and Display Registrant & Contacts Data Registrar- Specifc Data Domain Name Data Web-based Directory Service (HTML rendering of WHOIS Port 43 in practice) Presentation Layer Require transfer to and storage by registries Require all outputs to be consistent with Spec 3 RAA End-Users of Registration Data Distribution Services (RDDS) WHOIS Protocol (Port 43)
  • 24.
    | 24 Consistent Labeling& Display - with RDAP Registration Data Layer Thick Whois Consensus Policy Consistent Labeling and Display Registrant & Contacts Data Registrar- Specifc Data Domain Name Data RDAP Protocol Web-based Directory Service (Updated ?) Presentation Layer RDAP Implementation Requirements (Operational Profile) Require transfer to and storage by registries Rely on RDAP Requirements for consistency End-Users of Registration Data Distribution Services (RDDS)
  • 25.
    | 25 ¤  CL&DImplementation to only affect RDAP Output, no changes to WHOIS Port 43 ¤  CL&D Implementation Plan dependent on RDAP -  RDAP consistency with Policy Recommendation #1 ? -  Future of Web-based Directory service Requirements ? -  RDAP Deployement Timeline ¤  EPP Extension development for Registrar Registration Expiration Date and Reseller Information -  Current effort ongoing at IETF: https://datatracker.ietf.org/doc/draft-zhou-eppext-reseller-mapping/ -  Missing the Registrar Registration Expiration Date -  Involvement of ICANN Staff upon release of CL&D Final implementation plan ¤  Collaboration of Registrars (indirectly affected) in transferring relevant data to registries for existing registrations and non-EPP data -  Channels and efficiency measures -  Any Forseeable issues not already identified CL&D Implementation – Proposals & Open Issues
  • 26.
    Text 2015 Feb AprJan AugDecOctJun Jul Sep NovMar May 2016 Feb AprJan Aug DecOctJun Jul Sep NovMar May ICANN 52 ICANN 53 ICANN 55 (A) ICANN 56 (B) ICANN 57 (C) GDD Summit RDAP Operational Profile Development (incl community Input) Implementation of RDAP by Registries and Registrars FebJan Mar 2017 Draft Implementation Plan CL&D EPP Extension Development CL&D High Impact Implementation Public Comments on Draft Implementation Plan Final Implementation Plan CL&D Low Impact Implementation ICANN 54 Thick  WHOIS     Consitent  Labeling  &  Display   RDAP   CL&D Implementation – Timeline (Est.)
  • 27.
    Text 2015 Feb AprJan AugDecOctJun Jul Sep NovMar May 2016 Feb AprJan Aug DecOctJun Jul Sep NovMar May ICANN 52 ICANN 53 ICANN 55 (A) ICANN 56 (B) ICANN 57 (C) GDD Summit RDAP Operational Profile Development (incl community Input) Implementation of RDAP by Registries and Registrars FebJan Mar 2017 Draft Implementation Plan CL&D EPP Extension Development CL&D High Impact Implementation Public Comments on Draft Implementation Plan Final Implementation Plan CL&D Low Impact Implementation ICANN 54 Overall Timeline – Current Estimate Thick  WHOIS     Consitent  Labeling  &  Display   RDAP   Transi?on  from  thin  to  thick     for  .COM,  .NET  &  .JOBS   Legal Review Design of implementation plan with experts from affected parties (Incl. Public Comment period) Implementation of transition by affected parties