To:
"'Eric Brunner-Williams in Portland Maine'" <brunner@nic-naa.net>
Cc:
ietf-provreg@cafax.se
From:
"Hollenbeck, Scott" <shollenbeck@verisign.com>
Date:
Wed, 11 Apr 2001 09:21:47 -0400
Sender:
owner-ietf-provreg@cafax.se
Subject:
RE: Registrant Access (Data Protection/Privacy)
Eric, Can you provide some more detail describing what the "extension" is all about? The DTD described in the reference you provided describes an element with an optional attribute with name "optional" and enumerated values of "yes" or "no", and parsed character data for the content. Is this just a string of unspecified additional information? There may be a more compact way of representing this structure using the access_disclosure elements as attributes of the ACCESS element, like this: <access disclosure="social"> <extension optional="yes">This is PCDATA.</extension> <extension optional="no">This is PCDATA, too.</extension> </access> <Scott/> >-----Original Message----- >From: Eric Brunner-Williams in Portland Maine >[mailto:brunner@nic-naa.net] >Sent: Monday, April 09, 2001 1:41 PM >To: ietf-provreg@cafax.se >Subject: Registrant Access (Data Protection/Privacy) > > >In a note sent to both the provreg and whois lists earlier this year, >Patrik Faltstrom mentioned registrant access in the context of data >protection. More recently, Sheer noted that while specific requirements >are "local", e.g., specific "data-access" functional requirements, the >abstract form is of general interest. > >Here is a fragment (draft forthcomming, RSN!!!) on access >policy and its >expression in ABNF (grammer representation of XML syntax) and in XSD. > >Modified from http://www.w3.org/TR/P3P/#ACCESS [1] > >The <ACCESS> element is defined as the ability of registrant to view >registrant originated data and address questions or concerns to the >registration service provider. Registration service providers MUST >disclose one value for the access attribute. The method of access is >not specified. (Note this has _nothing_ to do with whois:43 or whois:xx >"access", which is outside the scope of a provisioning protocol.) > >The ACCESS element must contain one of the following elements: > > <social/> access is provided to all social data only > <technical/> access is provided to all technical data only > <all/> access is provided to all technical and social data > <noaccess/> registrant data exists but access is not provided > <null/> registrant data is not persistent > > >The (P3P-consistent) ABNF for this is: > > access = "<ACCESS>" > access_disclosure > *extension > "<ACCESS>" > > access_disclosure = "<social/>" | ; socal data only > "<technical/>" | ; technical data only > "<all/>" | ; all data > "<noaccess/>" | ; access not provided > "<null/>" | ; data not persistent > [snip]