[ppml] Directory Services - Take 2

Michael.Dillon at btradianz.com Michael.Dillon at btradianz.com
Fri Jun 10 05:51:06 EDT 2005

>        ARIN shall publish the APID in the following methods using
>        industry standard practices:
>            - Via the WHOIS protocol.
>            - Via a query form accessible via the HTTP protocol.
>            - Via FTP to users who complete the bulk data form.
>            - Via CDROM to users who complete the bulk data form.
>            - Via the RWHOIS protocol.

This just sucks.

The RWHOIS protocol is an ancient creaking unmaintained 
and unsupported protocol which is sorely in need of retirement.
It should be dropped from this document.

The "query form accessible via the HTTP protocol" is
excessively vague. Is this XML-RPC, SOAP, REST? Or
yet another crude PHP hack?

The FTP and CDROM ideas are not all that bad, but the
wording implies that anyone who completes the form
gets the data. If Osama Bin Laden fills out the form
and says he needs it to evaluate potential attack
targets, this wording says that he gets his CDROM
just like everyone else. Also, why do we need to 
specify media type? Does this mean ARIN can't use
a DVD-R? Let's leave the details of physical media
format between ARIN staff and the applicants. If someone
wants to courier over a hard drive to get an Oracle 
dump file, it is none of our business.

And whatever happened to the IETF standard directory
access protocol, namely Lightweight Directory Access 
Protocol (LDAP)? It's there, it works, it's scalable,
it's supported, it's maintained. Thousands of companies
use this protocol on a larger scale than ARIN whois and
even Microsoft has bitten the bullet and stopped using
their proprietary directory access protocol in favour
of LDAP. This protocol is widely used by ISPs operationally
in their mail server farms so most ARIN members probably
have someone on staff who knows how to deal with LDAP

And even though the IETF hasn't finished working on 
IRIS, ARIN should at least support XML-encoding of the
whois data. This could be returned by the whois protocol
using a -xml option on the query. It could be returned
by XML-RPC and SOAP. And it could be the basis of the
LDAP schema used in an LDAP server which is something
that members could also run. That is to say, if ARIN publishes
a standard LDAP schema for whois data, then members can
easily set up their own distributed LDAP servers to
host their own directory data and we can dismantle this
whole uneccessary SWIP system and central whois database.

--Michael Dillon

More information about the ARIN-PPML mailing list