draft-ietf-crisp-requirements-00.txt   draft-ietf-crisp-requirements-01.txt 
Network Working Group A. Newton Network Working Group A. Newton
Internet-Draft VeriSign, Inc. Internet-Draft VeriSign, Inc.
Expires: January 29, 2003 July 31, 2002 Expires: April 3, 2003 October 3, 2002
Cross Registry Internet Service Protocol (CRISP) Requirements Cross Registry Internet Service Protocol (CRISP) Requirements
draft-ietf-crisp-requirements-00 draft-ietf-crisp-requirements-01
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
skipping to change at page 1, line 31 skipping to change at page 1, line 31
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as reference at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 29, 2003. This Internet-Draft will expire on April 3, 2003.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved. Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract Abstract
Internet registries expose administrative and operational data via Internet registries expose administrative and operational data via
varying directory services. This document defines functional varying directory services. This document defines functional
requirements for the directory services of domain registries and the requirements for the directory services of domain registries and the
skipping to change at page 2, line 37 skipping to change at page 2, line 37
3. Functional Requirements . . . . . . . . . . . . . . . . . 9 3. Functional Requirements . . . . . . . . . . . . . . . . . 9
3.1 Base Functions . . . . . . . . . . . . . . . . . . . . . . 9 3.1 Base Functions . . . . . . . . . . . . . . . . . . . . . . 9
3.1.1 Mining Prevention . . . . . . . . . . . . . . . . . . . . 9 3.1.1 Mining Prevention . . . . . . . . . . . . . . . . . . . . 9
3.1.2 Minimal Technical Reinvention . . . . . . . . . . . . . . 9 3.1.2 Minimal Technical Reinvention . . . . . . . . . . . . . . 9
3.1.3 Standard and Extensible Schemas . . . . . . . . . . . . . 9 3.1.3 Standard and Extensible Schemas . . . . . . . . . . . . . 9
3.1.4 Level of Access . . . . . . . . . . . . . . . . . . . . . 10 3.1.4 Level of Access . . . . . . . . . . . . . . . . . . . . . 10
3.1.5 Client Processing . . . . . . . . . . . . . . . . . . . . 10 3.1.5 Client Processing . . . . . . . . . . . . . . . . . . . . 10
3.1.6 Entity Referencing . . . . . . . . . . . . . . . . . . . . 10 3.1.6 Entity Referencing . . . . . . . . . . . . . . . . . . . . 10
3.1.7 Decentralization . . . . . . . . . . . . . . . . . . . . . 10 3.1.7 Decentralization . . . . . . . . . . . . . . . . . . . . . 10
3.1.8 Query of Access Levels . . . . . . . . . . . . . . . . . . 10 3.1.8 Query of Access Levels . . . . . . . . . . . . . . . . . . 10
3.1.9 Authentication Distribution . . . . . . . . . . . . . . . 11
3.2 Domain Specific Functions . . . . . . . . . . . . . . . . 11 3.2 Domain Specific Functions . . . . . . . . . . . . . . . . 11
3.2.1 Contact Lookup . . . . . . . . . . . . . . . . . . . . . . 11 3.2.1 Contact Lookup . . . . . . . . . . . . . . . . . . . . . . 11
3.2.2 Nameserver Lookup . . . . . . . . . . . . . . . . . . . . 11 3.2.2 Nameserver Lookup . . . . . . . . . . . . . . . . . . . . 11
3.2.3 Domain Status Lookup . . . . . . . . . . . . . . . . . . . 11 3.2.3 Domain Registrant Search . . . . . . . . . . . . . . . . . 11
3.2.4 Domain Registrant Search . . . . . . . . . . . . . . . . . 11 3.2.4 Domain Information Lookup . . . . . . . . . . . . . . . . 12
3.2.5 Domain Information Lookup . . . . . . . . . . . . . . . . 12 3.2.5 Nameserver Search . . . . . . . . . . . . . . . . . . . . 12
3.2.6 Nameserver Search . . . . . . . . . . . . . . . . . . . . 12 3.2.6 Escrow Support . . . . . . . . . . . . . . . . . . . . . . 12
3.2.7 Escrow Support . . . . . . . . . . . . . . . . . . . . . . 12 3.2.7 Domain Name Search . . . . . . . . . . . . . . . . . . . . 12
3.2.8 Authentication Distribution . . . . . . . . . . . . . . . 12 3.2.8 Result Set Limits . . . . . . . . . . . . . . . . . . . . 13
3.2.9 Domain Name Search . . . . . . . . . . . . . . . . . . . . 13 3.2.9 DNS Label Referencing . . . . . . . . . . . . . . . . . . 13
3.2.10 DNS Label Referencing . . . . . . . . . . . . . . . . . . 13 3.2.10 Distribution for Domain Registry Types . . . . . . . . . . 13
3.2.11 Distribution for Domain Registry Types . . . . . . . . . . 13
4. Feature Requirements . . . . . . . . . . . . . . . . . . . 14 4. Feature Requirements . . . . . . . . . . . . . . . . . . . 14
4.1 Client Authentication . . . . . . . . . . . . . . . . . . 14 4.1 Client Authentication . . . . . . . . . . . . . . . . . . 14
4.2 Referrals . . . . . . . . . . . . . . . . . . . . . . . . 14 4.2 Referrals . . . . . . . . . . . . . . . . . . . . . . . . 14
4.3 Common Referral Mechanism . . . . . . . . . . . . . . . . 14 4.3 Common Referral Mechanism . . . . . . . . . . . . . . . . 14
4.4 Structured Queries and Responses . . . . . . . . . . . . . 14 4.4 Structured Queries and Responses . . . . . . . . . . . . . 14
4.5 Existing Schema Language . . . . . . . . . . . . . . . . . 14 4.5 Existing Schema Language . . . . . . . . . . . . . . . . . 14
4.6 Defined Schemas . . . . . . . . . . . . . . . . . . . . . 14 4.6 Defined Schemas . . . . . . . . . . . . . . . . . . . . . 14
4.7 Serialization Definition . . . . . . . . . . . . . . . . . 15 4.7 Serialization Definition . . . . . . . . . . . . . . . . . 15
5. Internationalization Considerations . . . . . . . . . . . 16 5. Internationalization Considerations . . . . . . . . . . . 16
6. IANA Considerations . . . . . . . . . . . . . . . . . . . 17 6. IANA Considerations . . . . . . . . . . . . . . . . . . . 17
skipping to change at page 10, line 7 skipping to change at page 10, line 7
network and transport layer standards as defined by the Internet network and transport layer standards as defined by the Internet
Engineering Task Force. The service MUST define one or more Engineering Task Force. The service MUST define one or more
transport mechanisms for mandatory implementation. transport mechanisms for mandatory implementation.
3.1.3 Standard and Extensible Schemas 3.1.3 Standard and Extensible Schemas
The service MUST define standard schemas for the exchange of data The service MUST define standard schemas for the exchange of data
needed to implement the functionality in this document. In addition, needed to implement the functionality in this document. In addition,
there MUST be a means to allow the use of schemas not defined by the there MUST be a means to allow the use of schemas not defined by the
needs of this document. Both types of schemas MUST use the same needs of this document. Both types of schemas MUST use the same
schema language. schema language. The schemas MUST be able to express data elements
with identifying tags for the purpose of localization of
internationalized data element labels
3.1.4 Level of Access 3.1.4 Level of Access
The service MUST allow the classification of data as being either The service MUST allow the classification of data as being either
privileged or non-privileged, for the purpose of restricting access privileged or non-privileged, for the purpose of restricting access
to privileged data. Note that this requirement makes no assumption to privileged data. Note that this requirement makes no assumption
or prescription as to what data (social or operational) might be or prescription as to what data (social or operational) might be
considered privileged, but merely provides the ability to make the considered privileged, but merely provides the ability to make the
classification as necessary. classification as necessary.
skipping to change at page 11, line 12 skipping to change at page 11, line 14
response indicating this condition. The service SHOULD NOT provide a response indicating this condition. The service SHOULD NOT provide a
mechanism allowing a client to determine if a query will be denied mechanism allowing a client to determine if a query will be denied
before the query is submitted. before the query is submitted.
It is the intent of this requirement for clients to learn of It is the intent of this requirement for clients to learn of
inadequate permission status for a query only after the query has inadequate permission status for a query only after the query has
been submitted. Operating modes allowing a client to predetermine been submitted. Operating modes allowing a client to predetermine
the queries that will or will not be denied are not encouraged for the queries that will or will not be denied are not encouraged for
security considerations. security considerations.
3.1.9 Authentication Distribution
The service MUST NOT require any Internet registries to participate
in any particular distributed authentication system. The service
SHOULD allow the participation by an Internet registry in
distributed authentication by many centralized authorities.
3.2 Domain Specific Functions 3.2 Domain Specific Functions
These functions describe requirements specifically needed by domain These functions describe requirements specifically needed by domain
registries (Section 2.1.1) and domain registrars (Section 2.1.2). registries (Section 2.1.1) and domain registrars (Section 2.1.2).
Requirements specific to other registries (Section 2.2) MUST be Requirements specific to other registries (Section 2.2) MUST be
specified separately. No compliant service entity is required to specified separately. No compliant service entity is required to
support the functions required by every registry type. support the functions required by every registry type.
3.2.1 Contact Lookup 3.2.1 Contact Lookup
The service MUST allow access to social data of contact entities The service MUST allow access to social data of contact entities
given a unique reference to the contact entity. given a unique reference to the contact entity. The contact
information set MUST be able to express and represent the attributes
and allowable values of contact registration requests in domain
registration and provisioning protocols.
3.2.2 Nameserver Lookup 3.2.2 Nameserver Lookup
The service MUST allow access to operational and social data of a The service MUST allow access to operational and social data of a
nameserver given the fully-qualified host name or IP address of a nameserver given the fully-qualified host name or IP address of a
nameserver. nameserver. The host information set MUST be able to express and
represent the attributes and allowable values of nameservers in
3.2.3 Domain Status Lookup domain registration and provisioning protocols.
The service MUST provide access to the status of a domain given the
domain's fully qualified name. This status MUST indicate the
activation status of the domain. The activation status is the same
as would be available in Section 3.2.5.
3.2.4 Domain Registrant Search 3.2.3 Domain Registrant Search
The service MUST provide the capability of searching for registrants The service MUST provide the capability of searching for registrants
by exact name match or a reasonable name subset. The service MAY by exact name match or a reasonable name subset. This search must
provide limits to the number of results from this search to comply with Section 3.2.8.
alleviate performance or comply with Section 3.1.1. If the service
limits the number of results from this search to alleviate
performance, it MUST provide the client with a response indicating
this condition. If the service limits the number of results from
this search to comply with Section 3.1.1, it MUST NOT provide the
client with a response indicating this condition.
The service MUST provide a mechanism to distribute this search The service MUST provide a mechanism to distribute this search
across all applicable domain registries and registrars. The service across all applicable domain registries and registrars. The service
SHOULD have a means to narrow the scope of a search to a specific SHOULD have a means to narrow the scope of a search to a specific
TLD. The service MUST be able to specify to the client an empty TLD. The service MUST be able to specify to the client an empty
result set should the search yield no results. result set should the search yield no results.
3.2.5 Domain Information Lookup 3.2.4 Domain Information Lookup
The service MUST provide access to operational and social data The service MUST provide access to operational and social data
specific to a domain given the domain's fully qualified name (FQDN). specific to a domain given the domain's fully qualified name (FQDN).
This information SHOULD include the following: The service MUST be capable of supplying the following information
for this lookup:
o activation status o activation status
o registrant name and contact data o registrant name and contact data
o hosting nameservers o hosting nameservers
o technical, billing or other entity types associate with the o technical, billing or other entity types associated with the
domain and their relevant contact data, if any exist domain and their relevant contact data, if any exist
o the name of or a reference to the registry delegating the domain o the name of or a reference to the registry delegating the domain
o the name of or a reference to the registrar for the domain, if o the name of or a reference to the registrar for the domain, if
one exists one exists
3.2.6 Nameserver Search The domain information set MUST be able to express and represent the
attributes and allowable values of domain registration requests in
domain registration and provisioning protocols.
3.2.5 Nameserver Search
The service MAY allow the ability to list all domains hosted by a The service MAY allow the ability to list all domains hosted by a
specific nameserver given the fully-qualified host name or IP specific nameserver given the fully-qualified host name or IP
address, if applicable, of the nameserver. The service MAY provide a address, if applicable, of the nameserver. The service MAY provide a
mechanism to distribute this search across all applicable domain mechanism to distribute this search across all applicable domain
registries and registrars. registries and registrars.
3.2.7 Escrow Support 3.2.6 Escrow Support
The service MUST provide a means to escrow data of domain registrars The service MUST provide a means to escrow data of domain registrars
to an escrow entity using a common schema. This escrow capability to an escrow entity using a common schema. This escrow capability
SHOULD be "off-line" and "out-of-band" from the normal operations of SHOULD be "off-line" and "out-of-band" from the normal operations of
the service. the service.
3.2.8 Authentication Distribution 3.2.7 Domain Name Search
The service MUST be capable of allowing a centralized authority
entity the means to distribute authentication information of
entities accessing the service. The service MUST not require all
Internet registries to participate in distributed authentication and
SHOULD allow the participation by an Internet registry in
distributed authentication by many centralized authority entities.
3.2.9 Domain Name Search
The service MUST allow searching for domains by exact name match or The service MUST allow searching for domains by exact name match or
a reasonable subset of a domain name. The service MAY provide limits a reasonable subset of a domain name. This search SHOULD allow for
to the number of results from this search to alleviate performance parameters and qualifiers designed to allow better matching of
or comply with Section 3.1.1. If the service limits the number of internationalized domain names and SHOULD allow for both exact and
results from this search to alleviate performance, it MUST provide partial matching within the limits of internationalized domain
the client with a response indicating this condition. If the service names. The service SHOULD NOT require special transformations of
limits the number of results from this search to comply with Section internationalized domain names to accommodate this search. This
3.1.1, it MUST NOT provide the client with a response indicating search MUST comply with Section 3.2.8.
this condition.
The service MUST provide a mechanism to distribute this search The service MUST provide a mechanism to distribute this search
across all applicable domain registries and registrars. There should across all applicable domain registries and registrars. There should
be a means to narrow this search based on a TLD. be a means to narrow this search based on a TLD.
The search mechanism SHOULD provide for differences in domain names The search mechanism SHOULD provide for differences in domain names
between the native representation and the canonical form existing in between the native representation and the canonical form existing in
the registry. the registry.
3.2.10 DNS Label Referencing 3.2.8 Result Set Limits
The service MAY provide limits to the number of results from
searches and lookups to improve performance bottlenecks or comply
with Section 3.1.1. The service MUST be capable of providing to the
client an indication that a result set has been truncated or
limited. The service MUST be capable of distinguishing the cause of
this condition as either a mechanism to improve performance
bottlenecks, as specified above, or a means of compliance with
Section 3.1.1.
3.2.9 DNS Label Referencing
The service MUST use DNS[2] to determine the authoritative source of The service MUST use DNS[2] to determine the authoritative source of
information about domain names. It is the intention of this information about domain names. It is the intention of this
requirement that a client be able to determine via DNS and query the requirement that a client be able to determine via DNS and query the
servers or set of servers of the domain registry delegating the servers or set of servers of the domain registry delegating the
domain name, the domain registrar responsible for registering the domain name, the domain registrar responsible for registering the
domain name if one is applicable, and the domain registrant of the domain name if one is applicable, and the domain registrant of the
domain name. The service SHOULD provide procedures or mechanisms to domain name. The service SHOULD provide procedures or mechanisms to
allow this determination if it cannot be done using DNS. allow this determination if it cannot be done using DNS. This allows
the service to operate when an operator chooses not to take
advantage of DNS label referencing and during periods of transient
or erroneous state of DNS configuration.
3.2.11 Distribution for Domain Registry Types 3.2.10 Distribution for Domain Registry Types
The service MUST allow for the various registration distribution The service MUST allow for the various registration distribution
models of domain registry types described in Section 2.1.1 while models of domain registry types described in Section 2.1.1 while
complying with Section 3.1.7. complying with Section 3.1.7.
4. Feature Requirements 4. Feature Requirements
Feature requirements describe the perceived need derived from the Feature requirements describe the perceived need derived from the
functional requirements for specific technical criteria of the functional requirements for specific technical criteria of the
directory service. This section makes references to terms and directory service. This section makes references to terms and
skipping to change at page 14, line 24 skipping to change at page 14, line 24
These requirements are for the purpose of designing a technical These requirements are for the purpose of designing a technical
specification. The words used in this section are for compliance specification. The words used in this section are for compliance
with RFC2119[8], do not reference or specify policy, and speak only with RFC2119[8], do not reference or specify policy, and speak only
to the capabilities in the derived technology. to the capabilities in the derived technology.
4.1 Client Authentication 4.1 Client Authentication
Entities accessing the service (users) MUST be provided a mechanism Entities accessing the service (users) MUST be provided a mechanism
for passing credentials to a server for the purpose of for passing credentials to a server for the purpose of
authentication. authentication. The service MUST provide a mechanism capable of
employing many authentication types and capable of extension for
future authentication types.
4.2 Referrals 4.2 Referrals
To distribute queries for search continuations and to issue entity To distribute queries for search continuations and to issue entity
references, the service MUST provide a referral mechanism. references, the service MUST provide a referral mechanism.
4.3 Common Referral Mechanism 4.3 Common Referral Mechanism
To distribute queries for search continuation and to issue entity To distribute queries for search continuation and to issue entity
references, the service MUST define a common referral scheme and references, the service MUST define a common referral scheme and
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/