Internet-Draft | Registration Data Dictionary | October 2022 |
Flanagan & Crocker | Expires 27 April 2023 | [Page] |
Multiple applications related to the registration of names and other identifiers are built around a list of data elements. There is currently no unified public list of these data elements, nor is there an organized and independent change control process. This document compiles the multiple similar but not quite identical lists of data elements into a neutral Data Dictionary to be maintained as an independent IANA Registry. The Data Dictionary defines data elements but does not specify which ones are to be used in any particular application; the Data Dictionary is policy-neutral.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 27 April 2023.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The Registration Data Dictionary provides a common set of names and definitions for data element that may be used in any registration protocol, including the DNS. The dictionary is intended to be inclusive and not obligatory. That is, the existence of a data element in this dictionary does not imply the data element must be used or recognized in any particular protocol. The items in this dictionary should represent the union for what is in existing relevant protocols and should prevent divergence in new protocols. We also expect that each application or protocol may have additional requirements specific to the application or protocol. Such additional requirements should be documented as part of the application or protocol specification.¶
The data elements in this dictionary include the metadata regarding the registration, the detailed status of a registration, details for each of the contacts, and the account details and payment history. The proposed IANA registry lists standard data elements; each element will be versioned in the registry.¶
We expect the Registration Data Dictionary to evolve to meet the needs of various applications. With the exception of correction of errors, we expect the changes to the Registration Data Dictionary to be additions as opposed to deletions or changes.¶
[Comment: We are looking for additional authors and contributors to add to and improve the data dictionary, keeping in line with the RFC Series Editor statement on authorship. https://www.rfc-editor.org/pipermail/rfc-interest/2015-May/008869.html]¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
Each data element is a single unit of information that can be collected and compared during the registration process. The primary purposes of the IANA registry of data elements are to ensure that each data element is assigned a unique name and the syntax of each data element is specified.¶
Each data element is assigned to an element type to organize the taxonomy of the data dictionary.¶
The name of the data element MUST be unique and this characteristic MUST be enforced by the registry. The character encoding recommendation for data elements is specified in Section 3.¶
The subsections below comprise an initial list of known data elements commonly being used in the templates. The title of the subsection is the data element name for the data element. The combination of data element type and data element name MUST be unique and MUST be processed as case insensitive in the IANA registry.¶
Note that the legal definition of any of the terms used in the data dictionary, such as 'personally identifiable information' or 'legal person', are to be determined locally. The organization using this dictionary will record their interpretation in the appropriate element.¶
This is the name of the object being registered, e.g., the domain name.[RFC5890]¶
The name of the registry.¶
The authoritative name server for the registration.[RFC1034]¶
The date and time of the object's creation.¶
The date and time identifying the end of the registration period.¶
The date and time of the most recent modification of the registration data.¶
The date and time of the most recent successful registration transfer.¶
A description of the rulesets used to offer different levels of protection to the registrant. This attribute indicates whether the registration requires extra versus normal protection. In the case of domain name registration, this attribute can be used flag the need for additional protection for celebrities, politicians, at risk NGOs, etc.¶
Describes whether the registration is from someone in the correct group, region, or other qualification required for the registration.¶
Record of whether this registration is for a legal or a natural person.¶
Record of whether this registration may contains personally identifiable information, based on the interpretation of applicable laws by the registrar or registration authority.¶
Examples include the EPP (Section 2.3 of [RFC5731]) and RDAP (Section 10.2.2 of [RFC9083]) codes (ex: clientTransferProhibited) that describe the current state of a registered object and the protocol actions that can (or cannot) be performed on the registered object. A registered object MAY be associated with multiple status values. Other managed objects, including name server and contact objects, can also have status and lock values.¶
The back pointer from registry to registrant. When registration information is supplied from another source, this field names that source.¶
This is a customer ID at the registrar, reseller, or privacy/proxy provider, respectively.¶
Individual name.¶
Organization name.¶
Physical street address.¶
Postal city address.¶
Postal state or province address.¶
Postal code.¶
Country code identifier.¶
Telephone number.¶
This field is intended to represent an "extension" within the phone number to reach the specific person or role desk telephone, appropriate queue or mailbox after successfully dialing the Phone element.¶
Fax telephone number.¶
This field is an "extension" within a phone tree or PBX that is necessary to connect to a fax machine after successfully dialing the fax element.¶
Email address.¶
There is a requirement that either the phone or email element have been confirmed reachable, which this field is intended to represent.¶
This field represents server-unique identifiers assigned to entities, such as clients and contacts.¶
This section describes the format of the IANA Registration Report Registry, which has two tables described below, and the procedures used to populate and manage the registry entries.¶
This registry uses the "Specification Required" policy described in [RFC8126]. An English language version of the extension specification is required in the registry, though non-English versions of the specification may also be provided.¶
The "Specification Required" policy implies review by a "designated expert". Section 5.2 of RFC 8126 describes the role of designated experts and the function they perform.¶
A high-level description of the role of the designated expert is described in Section 5.2 of RFC 8126. Specific guidelines for the appointment of designated experts and the evaluation of a new data element is provided here.¶
The IESG SHOULD appoint a small pool of individuals (perhaps 3 - 5) to serve as designated experts, as described in Section 5.2 of RFC 8126. The pool should have a single administrative chair who is appointed by the IESG. The designated experts should use the existing regext mailing list (regext@ietf.org) for public discussion of registration requests. This implies that the mailing list should remain open after the work of the REGEXT working group has concluded.¶
The results of the evaluation should be shared via email with the registrant and the regext mailing list. Issues discovered during the evaluation can be corrected by the registrant, and those corrections can be submitted to the designated experts until the designated experts explicitly decide to accept or reject the registration request. The designated experts must make an explicit decision and that decision must be shared via email with the registrant and the regext mailing list. If the specification for a data element or report is an IETF Standards Track document, no review is required by the designated expert.¶
Designated experts should be permissive in their evaluation of requests for data elements and reports that have been implemented and deployed by at least one registry. This implies that it may indeed be possible to register multiple data elements or reports that provide the same functionality. Requests to register data elements or reports that have not been deployed should be evaluated with a goal of reducing duplication. A potential registrant who submits a request to register a new data element or report that includes similar functionality to existing data elements or reports should be made aware of the existing data elements and reports. The registrant should be asked to reconsider their request given the existence of similar data elements or reports. Should they decline to do so, perceived similarity should not be a sufficient reason for rejection as long as all other requirements are met.¶
The registry contains information describing each registered data element or report. Registry entries are created and managed by sending forms to IANA that describe the data element or report for the registry entry.¶
The required information must be formatted consistently using the following registration form. Form field names and values may appear on the same line.¶
Name of data element type¶
MUST be unique within the registry, enforced to be unique, and MUST be processed as case insensitive¶
Name of data element¶
MUST be unique within the registry, enforced to be unique, and MUST be processed as case insensitive¶
Reference document¶
MUST define the data element, SHOULD be a URL to a RFC, and SHOULD include the section number (or other detailed internal document reference), MAY be a URL to any document available under equivalent terms¶
Registrant¶
Will be IESG for initial entries and all Standards Track specifications; otherwise as specified by the registran¶
Status¶
MUST be one of active, inactive, or unknown¶
Registrants should send each registration form to IANA with a single record for incorporation into the registry. Send the form via email to iana@iana.org or complete the online form found on the IANA web site. The subject line should indicate whether the enclosed form represents an insertion of a new record (indicated by the word "INSERT" in the subject line) or a replacement of an existing record (indicated by the word "MODIFY" in the subject line). At no time can a record be deleted from the registry. On receipt of the registration request, IANA will initiate review by the designated expert(s) if appropriate, who will evaluate the request using the criteria in Section 3.1.1 in consultation with the regext mailing list.¶
When submitting changes to existing registry entries, include text in the "Notes" field of the registration form describing the change. Under normal circumstances, registry entries are only to be updated by the registrant. If the registrant becomes unavailable or otherwise unresponsive, the designated expert can submit a registration form to IANA to update the registrant information. Entries can change state from "Active" to "Inactive" and back again as long as state-change requests conform to the processing requirements identified in this document. In addition to entries that become "Inactive" due to a lack of implementation, entries for which a specification becomes consistently unavailable over time should be marked "Inactive" by the designated expert until the specification again becomes reliably available.¶
--- BEGIN FORM ---¶
Name of data element:¶
Name¶
Reference:¶
This RFC Section 2.1.¶
Registrant:¶
IESG, iesg@ietf.org¶
Status:¶
Active¶
--- END FORM ---¶
--- BEGIN FORM ---¶
Name of data element:¶
............¶
Reference:¶
This RFC Section $2.n¶
Registrant:¶
IESG, iesg@ietf.org¶
Status:¶
Active¶
--- END FORM ---¶
This specification does not consider the issues of distribution or access to the reports that are created and thus does not introduce any new security oncerns that are not already present in the local environment in which the report is created.¶
A security principle to keep in mind as new reports are developed is that it is considered a bad practice to report or disclose security information. In the case of the registration system upon which this reporting mechanism is based, the authInfo code is a specific example of a data element that SHOULD NOT be included in a report.¶
This specification defines a mechanism for policy comparison based on data in a registration system. Some of that data is likely to be considered personally identifiable information (PII) and thus would be subject to privacy protection according to an applicable privacy regulation. It is outside the scope of this specification to address those specific concerns. Implementors are urged to consider these issues with their local legal authority and develop appropriate requirements for their work.¶
The character encoding for the file contents MUST use UTF-8. Throughout this document A-LABEL is indicated as a SHOULD and that MUST be interpreted as follows. All name labels MUST be in A-LABEL format if it is possible to represent it as an A-LABEL, otherwise U-LABEL MAY be used.¶
-03: Editorial updates to abstract, introduction¶
-03: Added definitions to Protection, Nexus, Person, Personal, Source and Method, User Account ID¶
-03: Removed Payment History, Transaction History, and Reserved elements.¶
-02: Removed all format syntax guidance.¶
-02: Removed specific references to domain names and DNS where possible.¶
-02: Revised the Introduction.¶
-01: Updated abstract to clarify that this draft does not intend to set policy.¶
-01: Updated definitions in 2.1, 2.4, 2.5, 2.6, 2.7 to remove normative reference to the EPP spec.¶
-01: Updated 2. Data Element specification to note local interpretation expected for any legal definitions.¶
-01: Added TBD to policy-related items, all data-related elements wrt format.¶
-01: Moved several items from informative to normative references.¶
With many thanks to James Galvin and Rod Rasmussen for their advice and feedback on this data dictionary.¶