[ppml] Directory Services - Take 2

Michael.Dillon at btradianz.com Michael.Dillon at btradianz.com
Fri Jun 10 10:26:28 EDT 2005 

> > The "query form accessible via the HTTP protocol" is 
> > excessively vague. Is this XML-RPC, SOAP, REST? Or yet 
> > another crude PHP hack?
> 
> What would you prefer? 

REST. For those who don't know what this is,
check out this article: http://www.devx.com/DevX/Article/8155
Basically, REST is just plain old HTML forms and
CGI where the arguments and options of a query
are specified in the URL itself. For instance you
can make a port 43 query that looks like this

whois n + > 192.168.0.0

REST would specify that a server accepts a query like
http://whois.arin.net/query.py?type=n&display=summ&hierarchy=down&identifier=192.168.0.0

This same URL could be generated by a plain old 
HTML form or by a script in an ISP's management systems.
In fact, this is not all that different technically
from what ARIN already does with web based queries.
I am mainly asking that this type of whois query
be "blessed" as an official form of publishing the
whois directory, and documented so that the interface
is publicly known, and perhaps even, publicly encouraged.
There is no need for the HTML form to reside on an
ARIN server, so people like completewhois.com and
Joe's Hometown ISP should be encouraged to direct
queries to this form of ARIN whois server.

I'd really like to see this become the default whois
protocol and retire port 43 entirely.

> > have someone on staff who knows how to deal with LDAP
> > already.
> 
> Seems like every time I hear this song, it's a solo.  I'm
> not saying it's a bad song, but not many people seem to
> know the words.  Either we need to hear more people say,
> "Yea, LDAP's the way to go," or you (or the President and
> Board) need to decide it's the way to go and teach everyone
> else to sing along. 

I have been hoping and praying that the board doesn't 
just listen to political opinions like mine, but that they
hire some knowledgable technical consultants to advise them
on the technical POSSIBILITIES for whois. I'm not suggesting
that the decisionmaking should be handed to others, but we
must realize that it is not possible for such a small select
group with relatively similar technical backgrounds (IP networking)
to fully comprehend the entire suite of network technology
possibilities. That's where consultants can help so that you
draw in the vast technical expertise that other people have in
other areas. LDAP is one of those areas where we could bring
in someone with a decade of experience building and operating
large corporate and academic LDAP installations that may well
handle larger loads than whois does.

> It sounds to me like you have an alternate proposal to Leo's.

Not really. I just think that this is the heart of the
issue with whois currently. Leo wants to create an
overarching architecture that covers all whois policy
issues. In doing so, I think he hasn't paid enough attention
to this core issue.

> You guys should either collaborate, to see if you can come
> up with a better mousetrap, or you should write the schema
> and show the distribution/referral tree.  I don't think the
> public would need to see or draw consensus on a data dictionary,
> but I think we need a more specific proposal to get behind.
> We could approve an approach in principle, then ARIN could
> have full-time DBAs actually design and implement the thing.

I would prefer to see the schema evolve in a different way.
I have always felt that the whois directory is the public subset
of ARIN's (or the ISP's) internal IP records database. Therefore
the schema should really be a subset of the existing ARIN
IP records database, and ARIN technical staff are in the best
position to publish this. If anything, I would expect policy
decisions to subtract from the schema, i.e. no zipcodes, no
street address. I know that I have proposed adding some kind
of industry classification codes, but that was intended to
support researchers and I just don't see that there is any
support for special measures to assist research use of this data.

So, would it be possible for ARIN staff to publish all or part
of their SQL database schema (i.e. the DDL)? If we then XMLize
that and LDAPize that, then we can publish something that will
help others maintain consistent databases and it will have the
side effect of simplifying data transfer. For instance, when
an applicant has to supply full data on assignments beyond
the /29 limit. Or when one company acquires another and wants
to merge IP address records.

--Michael Dillon

More information about the ARIN-PPML mailing list