Security Services for the Registration Data Access Protocol (RDAP)
RFC 7481
Document | Type | RFC - Proposed Standard (March 2015; No errata) | |
---|---|---|---|
Authors | Scott Hollenbeck , Ning Kong | ||
Last updated | 2015-10-14 | ||
Replaces | draft-hollenbeck-weirds-rdap-sec | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | Submitted to IESG for Publication | |
Document shepherd | Murray Kucherawy | ||
Shepherd write-up | Show (last changed 2014-09-22) | ||
IESG | IESG state | RFC 7481 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Yes | ||
Telechat date | |||
Responsible AD | Pete Resnick | ||
IESG note | Murray Kucherawy (superuser@gmail.com) is the document shepherd. | ||
Send notices to | (None) | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | No IANA Actions |
Internet Engineering Task Force (IETF) S. Hollenbeck Request for Comments: 7481 Verisign Labs Category: Standards Track N. Kong ISSN: 2070-1721 CNNIC March 2015 Security Services for the Registration Data Access Protocol (RDAP) Abstract The Registration Data Access Protocol (RDAP) provides "RESTful" web services to retrieve registration metadata from Domain Name and Regional Internet Registries. This document describes information security services, including access control, authentication, authorization, availability, data confidentiality, and data integrity for RDAP. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7481. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Hollenbeck & Kong Standards Track [Page 1] RFC 7481 RDAP Security Services March 2015 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions Used in This Document . . . . . . . . . . . . . . 2 2.1. Acronyms and Abbreviations . . . . . . . . . . . . . . . 3 3. Information Security Services and RDAP . . . . . . . . . . . 3 3.1. Access Control . . . . . . . . . . . . . . . . . . . . . 3 3.2. Authentication . . . . . . . . . . . . . . . . . . . . . 3 3.2.1. Federated Authentication . . . . . . . . . . . . . . 4 3.3. Authorization . . . . . . . . . . . . . . . . . . . . . . 6 3.4. Availability . . . . . . . . . . . . . . . . . . . . . . 6 3.5. Data Confidentiality . . . . . . . . . . . . . . . . . . 7 3.6. Data Integrity . . . . . . . . . . . . . . . . . . . . . 7 4. Privacy Threats Associated with Registration Data . . . . . . 8 5. Security Considerations . . . . . . . . . . . . . . . . . . . 9 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 6.1. Normative References . . . . . . . . . . . . . . . . . . 10 6.2. Informative References . . . . . . . . . . . . . . . . . 11 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 1. Introduction The Registration Data Access Protocol (RDAP) is specified in multiple documents, including "Registration Data Access Protocol (RDAP) Query Format" [RFC7482], "JSON Responses for the Registration Data Access Protocol (RDAP)" [RFC7483], and "HTTP Usage in the Registration Data Access Protocol (RDAP)" [RFC7480]. One goal of RDAP is to provide security services that do not exist in the WHOIS [RFC3912] protocol, including access control, authentication, authorization, availability, data confidentiality, and data integrity. This document describes how each of these services is achieved by RDAP using features that are available in other protocol layers. Additional or alternative mechanisms can be added in the future. Where applicable, informative references to requirements for a WHOIS replacement service [RFC3707] are noted. 2. Conventions Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Hollenbeck & Kong Standards Track [Page 2] RFC 7481 RDAP Security Services March 2015 2.1. Acronyms and Abbreviations DNR: Domain Name Registry HTTP: Hypertext Transfer Protocol JSON: JavaScript Object NotationShow full document text