To:
"Robert Burbidge" <robert.burbidge@poptel.coop>, "Ietf-Provreg \(E-mail\)" <ietf-provreg@cafax.se>
From:
"Edmon Chung" <edmon@neteka.com>
Date:
Tue, 28 May 2002 11:42:43 -0400
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: EPP and verification processes
Our implementation at SGNIC also required verification of contact similar to your situation. Currently, the gateway returns a particular response code to the client notifying them that additional verification will be required (based on the automated screening process result). The status of the domain name will be on Pending Verification, and the registrar is required to check on the status and update the registrant regularly, by policy. It also supports revoking of previous decisions whether it was an approval or rejection. Since the registry itself is responsible for the verification and not the registrar, these operations are done within the registry system and will not be necessary for the registrar to update the registry via EPP. Although the project did not mandate, but we also experimented with having the registrar complete the verification and update the registry. In that case, the registrar will do a domain status update via EPP for the domain name to change it from pending verification to Active. Edmon ----- Original Message ----- From: "Robert Burbidge" <robert.burbidge@poptel.coop> To: "Ietf-Provreg (E-mail)" <ietf-provreg@cafax.se> Sent: Tuesday, May 28, 2002 11:05 AM Subject: EPP and verification processes > As we are making good progress on our generic epp implementation, we need to > finalise the verification extensions. How is EPP expected to be used for a > domain that verifies registrants? I have the .coop TLD in mind, as you might > expect. Here's a summary of the salient points of the .coop registrant > validation process. The real process is a little more subtle than I have > described it, but it is sufficient to explain the background of my question. > > * When creating a new registrant, the .coop registry requires contact > details for the registrant (as with any other domain), and also contact > details for two sponsor organisations. These sponsors can be used to verify > the status of the registrant as a bona fide cooperative organisation. Some > sponsors are associated with particular countries, and some are > international bodies. > * Registrants are allocated an initial status based on their country > of origin. > * During the next few days, the relevant sponsoring organisations are > contacted and as a result the registrant's status may be amended. A > registrant may be rejected if not holding cooperative status. A registrant > who has been rejected will have its domains revoked. > * There is an appeals procedure which may result in a registrant being > re-verified. Domains that had previously been revoked may be restored to the > registrant. > > How would you suggest that EPP should handle registrant verification? > > * We could ignore the verification process in EPP, and create all > registrants when EPP commands reach the registry. Any subsquent > investigation and revocation can be handled through out-of-band channels > such as email or fax. This is not ideal, as the registry will then be > responsible for manual collection of sponsor data, and makes the > verification process very slack. > * I note that there is a "pendingValidation" status for domains. > However the one-line explanation doesn't actually mention validation, there > is no suggestion of the validation procedures, and (crucially) there is no > validationFailed status. I wonder what the purpose of this status is. > Incidentally, from our point of view we validate registrants, not domains. > It's arguable that there are two different kinds of validation for a domain > name (a) this domain name is under review because of registry policy (b) > this domain name is under review because the nominated registrant is under > review. I am concerned that there is not enough flexibility to handle the > two cases. > * Should we use <poll> as a mechanism for notifying registrars that a > registrant has been investigated etc? > * Contact status values do not include any validation status codes. > That's reasonable, because contacts are not always registrants. Only when a > domain is created does a contact become a registrant. However, our workflow > is based around validating the registrant, and subsequent domain validation > is dependent on registrant validation. > > Your thoughts and suggestions are of course welcome. > > Rob Burbidge > >