To:
"'Jarle Greipsland'" <jarle@uninett.no>, ietf-provreg@cafax.se
From:
"Hollenbeck, Scott" <shollenbeck@verisign.com>
Date:
Wed, 8 Aug 2001 16:35:36 -0400
Sender:
owner-ietf-provreg@cafax.se
Subject:
RE: EPP reliance on registrar sponsorship model
>-----Original Message----- >From: Jarle Greipsland [mailto:jarle@uninett.no] >Sent: Wednesday, August 08, 2001 7:16 AM >To: ietf-provreg@cafax.se >Subject: EPP reliance on registrar sponsorship model > > >I think we would be better served by having the registrar sponsorship >concept replaced by a more general authorization mechanism. >Registries that wish to work within the registrar sponsorship model >can then do so by (explicitly or implicitly) authorizing the "current >registrar" to make any changes to a given object, including the right >to reject or accept a transfer. Registries that wish to operate >within another model, e.g. the registry will register digital >certificates for individuals or organizations, and attach attributes >to objects authorizing certificate holders to perform a given set of >operations on the object (provided the request is properly signed by >the holder) no matter what registrar forwards the request to the >registry, can then do so. The EPP drafts were first written without object-specific authorization information. It was added in an attempt to address one person's comments. It was subsequently removed as a result of larger WG discussion to simplify operations. I think there is a larger data consistency issue that is introduced if the client sponsorship model is abandoned. As changes are made across clients, all of the previously involved clients will probably like to know about changes made through other clients so that whatever locally-copied data they maintain remains consistent with that of the server. It's a many-to-one relationship. With the client sponsorship model, there's a one-to-one relationship that is _far_ easier to manage. <Scott/>