[arin-ppml] Revised - Draft Policy ARIN-2018-5: Disallow Third-party Organization Record Creation
andrew.dul at quark.net
Tue Apr 2 19:59:22 EDT 2019
On 4/2/2019 4:17 PM, Jo Rhett wrote:
> On Apr 1, 2019, at 4:45 PM, Owen DeLong <owen at delong.com
> <mailto:owen at delong.com>> wrote:
>> as it occurs to me that the following dilemma comes into play:
>> I, as a contractor, often create ORG records for (and at the request
>> of) my clients. I’m not their ISP and I’m not creating the records
>> without their knowledge or informed consent (which is the real
>> problem here). In fact, I only create them when I am in the process
>> of preparing an IP and/or ASN request for them.
> I agree completely with everything Owen said, as I often work in the
> same capacity.
> There also exists situations where a data center (or other
> organizations) which doesn't own or provide IP assists its customers
> with preparation of documents for self-management. Perhaps even
> coarser, there are datacenter utilities and programs that help people
> prepare or fill out forms. This is under the direction or express
> action of the customer, but may be generated programatically.
> It's hard to read the current proposal and understand the
> responsibilities in that context. I think we should be friendly to
> automation opportunities for people who only interact with ARIN once
> or twice in their organization's lifetime. (especially in the v6 era)
The staff assessment of this draft policy perhaps helps with the
understanding of how ARIN staff will implement this policy. And maybe
will help illuminate if additional clarity is needed.
Draft Policy 2018-05 requires that only an authorized contact, that is
verified by ARIN, be allowed to create new organization records. The
request must be submitted directly to ARIN by the verified authorized
contact and no third-parties shall be allowed to create organization
records on behalf of the new organization.
The use-case of a contractor working for an organization is a valid use
case that we need to consider in the implementation of this policy. The
draft policy states that "authorized contact representing an entity" can
create org-id records. This might be the case of an additional step to
verify that a contractor is authorized to create a record on an
organizations behalf. But, I believe the text itself allows for an
authorized "contact/contractor" to create an org-id for a specified
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ARIN-PPML