[ppml] Proposed Policy: Directory Services Overhaul
ARIN received the following proposed policy. In accordance with the ARIN
Internet Resource Policy Evaluation Process, the proposal is being posted
to the ARIN Public Policy Mailing List and being placed on ARIN's website.
The ARIN Advisory Council will review the proposal and within ten working
days may decide to:
1) support the proposal as is,
2) work with the author to clarify, divide or combine one or more policy
3) not support the policy proposal.
If the AC supports the proposal or reaches an agreement to work with the
author, then the proposal will be posted as a formal policy proposal to
the Public Policy Mailing List and it will be presented at the Public
Policy Meeting. If the AC does not support the proposal, then the author
may elect to use the petition process to advance the proposal. If the
author elects not to petition or the petition fails, then the proposed
policy will be considered closed.
The ARIN Internet Resource Policy Evaluation Process can be found at:
Mailing list subscription information can be found at:
Member Services Department
American Registry for Internet Numbers
Register for ARIN XV and NAv6TF Summit, April 17-21, 2005, Orlando, FL
E-mail memsvcs at arin.net
### * ###
Policy Proposal Name: Directory Services Overhaul
Author: Leo Bicknell
Policy term: permanent
Replace all of section three with the following rewrite.
3 Directory Services
3.1 ARIN Directory Services Databases
The ARIN Public Information Database (APID) is a collection
of information created and collected by ARIN during the due
course of business which the ARIN membership has deemed public
information and decided to publish.
The ARIN Confidential Information Database (ACID) is a collection
of information created and collected by ARIN during the due course
of business which the ARIN membership has deemed is confidential
3.2 Directory Information Made Public
ARIN shall publish verified contact information and the
resource(s) allocated (including identification for that
allocation, like date of allocation or other information
identified by ARIN) in the APID in the following cases:
- All resources delegated by ARIN.
- If allowed by the parent delegation, and requested by
the contact listed with the parent, a subdelegation of a
ARIN shall insure all contact information in the APID is
verified from time to time and is correct to the best of ARIN's
ability. ARIN staff shall maintain verification criteria and
post it on the ARIN web site.
3.2.1 Non-Responsive Contacts
If ARIN is unable to verify contact information via the normal
verification procedure ARIN shall attempt to notify the parent
of the resource to have the information updated. If there is
no parent, or if the data is not corrected in a reasonable
amount of time the resource shall be SUSPENDED.
Once the resource is suspended ARIN shall make one more request
of all contacts listed with the resource and the parent resource
(if available), and if no response is received in a reasonable
amount of time the resource shall be reclaimed.
Third parties may report the inability to make contact with a
party via information in the APID. In this case ARIN shall
attempt the contact verification procedure for that contact
immediately. If a response is received, ARIN should document
that a problem occurred, and the response from the resource
holder. Offenders who fail to respond to third parties more
than 4 times per month for three months may have their resources
reclaimed at the discretion of ARIN staff.
If a third party submits reports of the inability to make contact
that are subsequently disproven, ARIN may choose to ignore reports
from specific companies, people, e-mail addresses, or any other
classification means as appropriate.
The ARIN staff shall publish the time thresholds and procedural
details to implement this policy on the ARIN web site.
If a resource is reclaimed under no circumstances shall the
holder of that resource be entitled to a refund of any fees.
3.3 Data Distribution
3.3.1 Methods of Access
ARIN shall publish the APID in the following methods using
industry standard practices:
- Via the WHOIS protocol.
- Via a query form accessible via the HTTP protocol.
- Via FTP to users who complete the bulk data form.
- Via CDROM to users who complete the bulk data form.
- Via the RWHOIS protocol.
188.8.131.52 Outside Sources
ARIN may refer a query to a outside source (for instance via
RWHOIS or HTTP redirect). Outside sources must:
1 Have an AUP deemed compatible with the ARIN AUP by ARIN staff.
2 Meet the requirements in section 3.3.3.
3 Support the applications in section 3.3.1.
4 Prohibit the applications in section 3.3.2.
3.3.2 Acceptable Usage Policy
All data provided shall be subject to an AUP. The AUP shall
be written by ARIN staff and legal and posted on the ARIN website.
ARIN may require a signed copy of the AUP before providing
3.3.3 Requirements for Internet Accessible Services
For any method of access which is provided in real time via the
Internet the following requirements must be met:
* The distributed information service must be operational
24 hours a day, 7 days a week to both the general public
and ARIN staff. The service is allowed reasonable
downtime for server maintenance according to generally
accepted community standards.
* The distributed information service must allow public
access to reassignment information. The service may
restrict the number of queries allowed per time interval
from a host or subnet to defend against DDOS attacks,
remote mirroring attempts, and other nefarious acts.
* The distributed information service must return current
3.4 Distribution of the ARIN Public Information Database
3.4.1 Supported Uses
ARIN shall make the APID available for the following uses
1 ARIN's use in implementing ARIN policies and other
2 Community verification, allowing members of the community
to confirm the proper users of the various resources ARIN
3 Statistic gathering by ARIN and third parties on resource
4 As a contact database to facilitate communication with the
person or entity responsible for a particular resource.
3.4.2 Prohibited Uses
ARIN prohibits the use of the APID for the following uses:
1 Sending any unsolicited commercial correspondence advertising
a product or service to any address (physical or electronic)
listed in the APID.
2 Using data in the APID to facilitate violating any state,
federal, or local law.
3.4.3 Other Uses
ARIN shall allow all non-prohibited uses of the APID, however
unless those uses are listed as a supported use the data set
may be changed in such a way as to render them ineffective,
or they may be blocked outright as deemed necessary by ARIN
staff. Users of applications not listed who are concerned
that they are supported should introduce a proposal to add
their application to the supported list.
3.5 Distribution of the ARIN Confidential Information Database
ARIN Staff shall use industry standard procedures to prevent
the distribution of any data in the ARIN Confidential Information
3.6 Implementation Details
ARIN Staff shall document all implementation specific details for
directory services in a single document available on the web site.
The document must contain, but is not limited to:
- Database field definitions.
- Update procedures.
- Points of contact.
- Copies of the AUP.
- Verification procedures.
3.7 [Routing Registry] Copy Verbatim from the existing 3.4.
Section 184.108.40.206.4: Replace with:
All reassignment information for current blocks shall be submitted to
ARIN prior to submitting a request for a new allocation.
Section 220.127.116.11.6: Strike.
Various proposals affecting directory services have come and gone in the
last 5 years leaving the policy affecting directory services fragemented.
Also during that time deployments and laws have changed. Several large
DSL and cable providers now offer subnets to residential customers that
may require them to be registered with ARIN. Several laws have been
passed that may restrict the personal information that can be published.
This proposal attempts to provide a unified policy that is easier to
understand, and is updated to deal with these new issues.
Timetable for implementation: 6-18 months, depending on staff