To:
"Ietf-Provreg (E-mail)" <ietf-provreg@cafax.se>
From:
Robert Burbidge <robert.burbidge@poptel.coop>
Date:
Tue, 28 May 2002 16:05:26 +0100
Sender:
owner-ietf-provreg@cafax.se
Subject:
EPP and verification processes
As we are making good progress on our generic epp implementation, we need to finalise the verification extensions. How is EPP expected to be used for a domain that verifies registrants? I have the .coop TLD in mind, as you might expect. Here's a summary of the salient points of the .coop registrant validation process. The real process is a little more subtle than I have described it, but it is sufficient to explain the background of my question. * When creating a new registrant, the .coop registry requires contact details for the registrant (as with any other domain), and also contact details for two sponsor organisations. These sponsors can be used to verify the status of the registrant as a bona fide cooperative organisation. Some sponsors are associated with particular countries, and some are international bodies. * Registrants are allocated an initial status based on their country of origin. * During the next few days, the relevant sponsoring organisations are contacted and as a result the registrant's status may be amended. A registrant may be rejected if not holding cooperative status. A registrant who has been rejected will have its domains revoked. * There is an appeals procedure which may result in a registrant being re-verified. Domains that had previously been revoked may be restored to the registrant. How would you suggest that EPP should handle registrant verification? * We could ignore the verification process in EPP, and create all registrants when EPP commands reach the registry. Any subsquent investigation and revocation can be handled through out-of-band channels such as email or fax. This is not ideal, as the registry will then be responsible for manual collection of sponsor data, and makes the verification process very slack. * I note that there is a "pendingValidation" status for domains. However the one-line explanation doesn't actually mention validation, there is no suggestion of the validation procedures, and (crucially) there is no validationFailed status. I wonder what the purpose of this status is. Incidentally, from our point of view we validate registrants, not domains. It's arguable that there are two different kinds of validation for a domain name (a) this domain name is under review because of registry policy (b) this domain name is under review because the nominated registrant is under review. I am concerned that there is not enough flexibility to handle the two cases. * Should we use <poll> as a mechanism for notifying registrars that a registrant has been investigated etc? * Contact status values do not include any validation status codes. That's reasonable, because contacts are not always registrants. Only when a domain is created does a contact become a registrant. However, our workflow is based around validating the registrant, and subsequent domain validation is dependent on registrant validation. Your thoughts and suggestions are of course welcome. Rob Burbidge