[ppml] Directory Services - Take 2

Howard, W. Lee L.Howard at stanleyassociates.com
Fri Jun 10 09:38:50 EDT 2005

> -----Original Message-----
> From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On 
> Behalf Of Michael.Dillon at btradianz.com
> Sent: Friday, June 10, 2005 5:51 AM
> To: ppml at arin.net
> Subject: Re: [ppml] Directory Services - Take 2
> >        ARIN shall publish the APID in the following methods using
> >        industry standard practices:
> > 
> >            - Via the WHOIS protocol.
> >            - Via a query form accessible via the HTTP protocol.
> >            - Via FTP to users who complete the bulk data form.
> >            - Via CDROM to users who complete the bulk data form.
> >            - Via the RWHOIS protocol.
> This just sucks.
> The RWHOIS protocol is an ancient creaking unmaintained 
> and unsupported protocol which is sorely in need of 
> retirement. 

Or replacement with something better.

> The "query form accessible via the HTTP protocol" is 
> excessively vague. Is this XML-RPC, SOAP, REST? Or yet 
> another crude PHP hack?

What would you prefer?  

> The FTP and CDROM ideas are not all that bad, but the
> wording implies that anyone who completes the form
> gets the data. If Osama Bin Laden fills out the form
> and says he needs it to evaluate potential attack
> targets, this wording says that he gets his CDROM
> just like everyone else. Also, why do we need to 
> specify media type? Does this mean ARIN can't use
> a DVD-R? Let's leave the details of physical media
> format between ARIN staff and the applicants. If someone
> wants to courier over a hard drive to get an Oracle 
> dump file, it is none of our business.

I agree.  I made some comment once about language 
allowing cuneiform on clay tablets, but the querant 
would have to pay for it (including staff time, if

> And whatever happened to the IETF standard directory
> access protocol, namely Lightweight Directory Access 
> Protocol (LDAP)? It's there, it works, it's scalable,
> it's supported, it's maintained. Thousands of companies
> use this protocol on a larger scale than ARIN whois and
> even Microsoft has bitten the bullet and stopped using
> their proprietary directory access protocol in favour
> of LDAP. This protocol is widely used by ISPs operationally
> in their mail server farms so most ARIN members probably
> have someone on staff who knows how to deal with LDAP
> already.

Seems like every time I hear this song, it's a solo.  I'm
not saying it's a bad song, but not many people seem to
know the words.  Either we need to hear more people say,
"Yea, LDAP's the way to go," or you (or the President and
Board) need to decide it's the way to go and teach everyone
else to sing along.  

> And even though the IETF hasn't finished working on 
> IRIS, ARIN should at least support XML-encoding of the
> whois data. This could be returned by the whois protocol
> using a -xml option on the query. It could be returned
> by XML-RPC and SOAP. And it could be the basis of the
> LDAP schema used in an LDAP server which is something
> that members could also run. That is to say, if ARIN 
> publishes a standard LDAP schema for whois data, then members 
> can easily set up their own distributed LDAP servers to host 
> their own directory data and we can dismantle this whole 
> uneccessary SWIP system and central whois database.

It sounds to me like you have an alternate proposal to Leo's.
You guys should either collaborate, to see if you can come
up with a better mousetrap, or you should write the schema
and show the distribution/referral tree.  I don't think the
public would need to see or draw consensus on a data dictionary,
but I think we need a more specific proposal to get behind.
We could approve an approach in principle, then ARIN could
have full-time DBAs actually design and implement the thing.

> --Michael Dillon

More information about the ARIN-PPML mailing list