To:
"'ietf-provreg@cafax.se'" <ietf-provreg@cafax.se>
From:
"Hollenbeck, Scott" <shollenbeck@verisign.com>
Date:
Tue, 15 Apr 2003 15:41:06 -0400
Importance:
high
Sender:
owner-ietf-provreg@cafax.se
Subject:
[ietf-provreg] Proposed Text for Contact Mapping Disclosure Elements
I'd like to propose adding the following text to section 2 of the contact mapping document to move forward with the element privacy approach described here: http://www.cafax.se/ietf-provreg/maillist/2003-03/msg00134.html I am assuming that we are past the point of discussing whether or not the direction described in this new text is one we need to follow. Specific replacement text would be _most_ helpful if you see something that you don't like. "2.9 Disclosure of Data Elements and Attributes The EPP core protocol requires a server operator to announce data collection policies to clients; see section 2.4 of [EPP]. In conjunction with this disclosure requirement, this mapping includes data elements that allow a client to identify elements that require exceptional server operator handling to allow or restrict disclosure to third parties. A server operator announces a default disclosure policy when establishing a session with a client. When an object is created or updated, the client can specify contact attributes that require exceptional disclosure handling using an OPTIONAL <contact:disclose> element. A server operator MAY reject any transaction that requests disclosure practices that do not conform to the announced data collection policy. Once set, disclosure preferences can be reviewed using a standard contact information query. If present, the <contact:disclose> element MUST contain a "flag" attribute. The "flag" attribute contains an XML Schema boolean value. A value of "true" or "1" (decimal one) notes a client preference to allow disclosure of the specified elements as an exception to the stated data collection policy. A value of "false" or "0" (decimal zero) notes a client preference to not allow disclosure of the specified elements as an exception to the stated data collection policy. The <contact:disclose> element MUST contain at least one of the following child elements: <contact:name type="int"> <contact:name type="loc"> <contact:org type="int"> <contact:org type="loc"> <contact:addr type="int"> <contact:addr type="loc"> <contact:voice> <contact:fax> <contact:email> Example <contact:disclose> element, flag="0": <contact:disclose flag="0"> <contact:email> <contact:voice> </contact:disclose> In this example, the contact email address and voice telephone number should not be disclosed. All other elements are subject to disclosure in accordance with the server's data collection policy. Example <contact:disclose> element, flag="1": <contact:disclose flag="1"> <contact:name type="int"> <contact:org type="int"> <contact:addr type="int"> </contact:disclose> In this example, the internationalized contact name, organization, and address information can be disclosed. All other elements are subject to disclosure in accordance with the server's data collection policy." Well, that's the proposed text, with appropriate changes required elsewhere in the document to maintain consistency. Fire away. -Scott-