120 likes | 131 Views
This article discusses the enhancement of Internet's administrative look-up service, focusing on Universal Whois, LDAP integration, and XDAP development. The goal is to provide better machine readability and address privacy concerns.
E N D
Enhancing the Internet’s Administrative Look-up Service Mark Kosters Andrew Newton VeriSign Labs NANOG 23, October 2001
UWhat? • Universal Whois • VeriSign has committed undertaking in agreement with ICANN • Public consultations (3 formal, ongoing informal) • business, intellectual property holders (Aug 2001) • international input (May be at Nov 2001 ICANN meeting) • civil liberties, other ngo’s (TBD) • Informal Meetings • RIPE (Oct 2001) • NANOG (Oct 2001) • ARIN (Oct 2001) • APRICOT (Mar 2002)
UWho • universal whois • non-centralized • not specific to particular tld registry • non-proprietary, open standard as outcome
VeriSign’s role • coordinating • commitment • listening
Part of a bigger picture • Protocol, if any, to be developed within IETF standards body: • whoisfix bof @ IETF51 • ietf-whois@imc.org • ietf-not43@lists.research.netsol.com • Policy – ICANN’s role
Exploring Enhancements • Perhaps the best methods are not on port 43. • Points of exploration • Referral LDAP Service – take advantage of the many LDAP standards. • XDAP – looking at a layered XML approach similar to EPP. • This work actually started before VeriSign committed to Appendix W.
Goals • Re-use known technology. • Don’t invent too much • Does the world really need another application transport? • Does the world really need another schema language? • Structured queries and structured results for better machine readability. • Referrals to bridge domain registries and registrars and other needs for entity reference. • Client authentication to address privacy concerns • Provide the mechanism, not the policy • Toolkits should be readily available.
Referral LDAP Service • Uses LDAP to serve up domain information • Many, many server implementations • Many, many tools and toolkits • No new objectclasses, attributes, or syntaxes needed for our implementation. • Works with LDAPv2 and LDAPv3. • http://www.ldap.research.netsol.com • DIT structure is outlined in draft-newton-ldap-whois-01
Our LDAP Work To Date • A registry LDAP server • 4 DIT’s for com,net,org, and edu • DIT for nameservers • Over 32+ million domains • A registrar LDAP server • 4 DIT’s for com,net,org, and edu • DIT’s for nameservers and contacts • Referrals to registrants • Demonstration of access control • Web site • Web interface to conduct various LDAP queries. • Examples on using ‘ldapsearch’ • LDAP-to-whois gateway for domains • Open-sourced. • Uses OpenLDAP.
Our LDAP Work… • Client code samples • Open-sourced graphical clients
XDAP • Only in “draft” form at present • Uses layering approach • Similar to EPP in methodology • Uses XML Namespaces for extensibility • Uses XML Schema for definition • Perhaps see what PROVREG produces and re-use some of their object definitions • Multiple XML layers • A common schema for talking about commands, authentication, referrals, etc… • Information specific layers for refining queries and defining results. • Application transport agnostic.
Further Exploration • RIR and IRR uses • Can their data/needs be accommodated using the current approaches? • Should this be explored? • Common indexing. • More requirements gathering.