[ppml] Directory Services - Take 2

Leo Bicknell bicknell at ufp.org
Mon May 9 16:07:42 EDT 2005


Below is my directory services proposal, take two.  Based on feedback
from the last meeting, I have removed the option of displaying SWIP
information, and also updated several minor terms which were confusing
from feedback on the mailing list.  I'd like to get some discussion
going so this can be ready for the next ARIN meeting.

Also, at the end of this message I included a context diff to call
out the changes.

$Author: bicknell $ - $Date: 2005/05/09 20:06:30 $ - $Revision: 1.4 $

Replace all of section three with the following rewrite.

3 Directory Services

  3.1 ARIN Directory Services Databases

     The ARIN Public Information Database (APID) is a collection
     of information created and collected by ARIN during the due
     course of business which the ARIN membership has deemed public
     information and decided to publish.

     The ARIN Confidential Information Database (ACID) is a collection
     of information created and collected by ARIN during the due course
     of business which the ARIN membership has deemed is confidential
     information that should be kept under a strict privacy policy.

  3.2 Directory Information Made Public

     ARIN shall publish verified contact information and the
     resource(s) allocated (including identification for that
     allocation, like date of allocation or other information
     identified by ARIN) in the APID for all resources delegated
     by ARIN.  In addition, all reassignment information as defined
     by section 4.2.3.7 will be included in the APID.

     ARIN shall insure all contact information in the APID is
     verified from time to time and is correct to the best of ARIN's
     ability.  ARIN staff shall maintain verification criteria and
     post it on the ARIN web site.

     3.2.1 Non-Responsive Contacts

       If ARIN is unable to verify contact information via the normal
       verification procedure ARIN shall attempt to notify the parent
       of the resource to have the information updated.  If there is
       no parent, or if the data is not corrected in a reasonable
       amount of time the resource shall be SUSPENDED.
  
       Once the resource is suspended ARIN shall make one more
       request of all contacts listed with the resource and the
       parent resource (if available), and if no response is received
       in a reasonable amount of time the resource shall be reclaimed
       (APID records removed, DNS delegations removed, the space
       returned to the free pool).
  
       Third parties may report the inability to make contact with
       a party via information in the APID.  In this case ARIN shall
       attempt the contact verification procedure for that contact
       immediately.  If a response is received, ARIN should document
       that a problem occurred, and the response from the resource
       holder.  Resource holders who fail to respond to third parties
       more than 4 times per month for three months may have their
       resources reclaimed at the discretion of ARIN staff.
  
       If a third party submits reports of the inability to make contact
       that are subsequently disproven, ARIN may choose to ignore reports
       from specific companies, people, e-mail addresses, or any other
       classification means as appropriate.
  
       The ARIN staff shall publish the time thresholds and procedural
       details to implement this policy on the ARIN web site.
  
       If a resource is reclaimed under no circumstances shall the
       holder of that resource be entitled to a refund of any fees.

  3.3 Data Distribution

     3.3.1 Methods of Access

       ARIN shall publish the APID in the following methods using
       industry standard practices:

           - Via the WHOIS protocol.
           - Via a query form accessible via the HTTP protocol.
           - Via FTP to users who complete the bulk data form.
           - Via CDROM to users who complete the bulk data form.
           - Via the RWHOIS protocol.

       All users of the APID must agree to the ARIN AUP.  ARIN staff
       may make the APID available via other methods as conveniant.

     3.3.1.1 Outside Sources

       ARIN may refer a query to a outside source (for instance via
       RWHOIS or HTTP redirect).  Outside sources must:

       1 Have an AUP deemed compatible with the ARIN AUP by ARIN staff.
       2 Support the applications in section 3.3.1.
       3 Prohibit the applications in section 3.3.2.
       4 Meet the requirements in section 3.3.3.

     3.3.2 Acceptable Usage Policy

       All data provided shall be subject to an AUP.  The AUP shall
       be written by ARIN staff and legal and posted on the ARIN website.
       ARIN may require a signed copy of the AUP before providing
       bulk data.

     3.3.3 Requirements for Internet Accessible Services

       For any method of access which is provided in real time via the
       Internet the following requirements must be met:

	 * The distributed information service must be operational
	   24 hours a day, 7 days a week to both the general public
	   and ARIN staff.  The service is allowed reasonable
	   downtime for server maintenance according to generally
	   accepted community standards.

	 * The distributed information service must allow public
	   access to reassignment information. The service may
	   restrict the number of queries allowed per time interval
	   from a host or subnet to defend against DDOS attacks,
	   remote mirroring attempts, and other nefarious acts.

         * The distributed information service must return current
           information.

  3.4 Distribution of the ARIN Public Information Database

      3.4.1 Supported Uses

        ARIN shall make the APID available for the following uses
        (supported uses):
  
          1 ARIN's use in implementing ARIN policies and other
            business.
          2 Community verification, allowing members of the community
            to confirm the proper users of the various resources ARIN
            controls.
          3 Statistic gathering by ARIN and third parties on resource
            utilization.
          4 As a contact database to facilitate communication with the
            person or entity responsible for a particular resource.

      3.4.2 Prohibited Uses

        ARIN prohibits the use of the APID for the following uses:
  
          1 Sending any unsolicited commercial correspondence advertising
            a product or service to any address (physical or electronic)
            listed in the APID.
          2 Using data in the APID to facilitate violating any state,
            federal, or local law.

      3.4.3 Other Uses

        ARIN shall allow all non-prohibited uses of the APID, however
        unless those uses are listed as a supported use the data set
        may be changed in such a way as to render them ineffective,
        or they may be blocked outright as deemed necessary by ARIN
        staff.  Users of applications not listed who are concerned
        that they are supported should introduce a proposal to add
        their application to the supported list.

  3.5 Distribution of the ARIN Confidential Information Database

    ARIN Staff shall use industry standard procedures to prevent
    the distribution of any data in the ARIN Confidential Information
    Database.

  3.6 Implementation Details

    ARIN Staff shall document all implementation specific details for 
    directory services in a single document available on the web site.
    The document must contain, but is not limited to:

      - Database field definitions.
      - Update procedures.
      - Templates.
      - Points of contact.
      - Copies of the AUP.
      - Verification procedures.

  3.7 [Routing Registry] Copy Verbatim from the existing 3.4.

Section 4.2.3.7.4: Replace with:

  All reassignment information for current blocks shall be submitted to
  ARIN prior to submitting a request for a new allocation.

-------------------Context diff below----------------------------------

2c2
< $Author: bicknell $ - $Date: 2005/02/03 15:27:41 $ - $Revision: 1.2 $
---
> $Author: bicknell $ - $Date: 2005/05/09 20:06:30 $ - $Revision: 1.4 $
25,30c25,27
<      identified by ARIN) in the APID in the following cases:
< 
<          - All resources delegated by ARIN.
< 	 - If allowed by the parent delegation, and requested by
< 	   the contact listed with the parent, a subdelegation of a
< 	   resource.
---
>      identified by ARIN) in the APID for all resources delegated
>      by ARIN.  In addition, all reassignment information as defined
>      by section 4.2.3.7 will be included in the APID.
45,48c42,47
<        Once the resource is suspended ARIN shall make one more request
<        of all contacts listed with the resource and the parent resource
<        (if available), and if no response is received in a reasonable
<        amount of time the resource shall be reclaimed.
---
>        Once the resource is suspended ARIN shall make one more
>        request of all contacts listed with the resource and the
>        parent resource (if available), and if no response is received
>        in a reasonable amount of time the resource shall be reclaimed
>        (APID records removed, DNS delegations removed, the space
>        returned to the free pool).
50,51c49,50
<        Third parties may report the inability to make contact with a
<        party via information in the APID.  In this case ARIN shall
---
>        Third parties may report the inability to make contact with
>        a party via information in the APID.  In this case ARIN shall
55,57c54,56
<        holder.  Offenders who fail to respond to third parties more
<        than 4 times per month for three months may have their resources
<        reclaimed at the discretion of ARIN staff.
---
>        holder.  Resource holders who fail to respond to third parties
>        more than 4 times per month for three months may have their
>        resources reclaimed at the discretion of ARIN staff.
82a82,84
>        All users of the APID must agree to the ARIN AUP.  ARIN staff
>        may make the APID available via other methods as conveniant.
> 
89,91c91,93
<        2 Meet the requirements in section 3.3.3.
<        3 Support the applications in section 3.3.1.
<        4 Prohibit the applications in section 3.3.2.
---
>        2 Support the applications in section 3.3.1.
>        3 Prohibit the applications in section 3.3.2.
>        4 Meet the requirements in section 3.3.3.
182,183d183
< 
< Section 4.2.3.7.6: Strike.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20050509/e4759c5b/attachment.sig>


More information about the ARIN-PPML mailing list