| draft-ietf-regext-rdap-redacted-04.txt | draft-ietf-regext-rdap-redacted-05.txt | |||
|---|---|---|---|---|
| Network Working Group J.G. Gould | Network Working Group J.G. Gould | |||
| Internet-Draft D.S. Smith | Internet-Draft D.S. Smith | |||
| Intended status: Standards Track VeriSign, Inc. | Intended status: Standards Track VeriSign, Inc. | |||
| Expires: 3 November 2022 J.K. Kolker | Expires: 9 November 2022 J.K. Kolker | |||
| R.C. Carney | R.C. Carney | |||
| GoDaddy Inc. | GoDaddy Inc. | |||
| 2 May 2022 | 8 May 2022 | |||
| Redacted Fields in the Registration Data Access Protocol (RDAP) Response | Redacted Fields in the Registration Data Access Protocol (RDAP) Response | |||
| draft-ietf-regext-rdap-redacted-04 | draft-ietf-regext-rdap-redacted-05 | |||
| Abstract | Abstract | |||
| This document describes an RDAP extension for explicitly identifying | This document describes an RDAP extension for explicitly identifying | |||
| redacted RDAP response fields, using JSONPath as the default | redacted RDAP response fields, using JSONPath as the default | |||
| expression language. | expression language. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| skipping to change at page 1, line 35 ¶ | skipping to change at page 1, line 35 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 3 November 2022. | This Internet-Draft will expire on 9 November 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2022 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 32 ¶ | skipping to change at page 2, line 32 ¶ | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 32 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 32 | |||
| 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 32 | 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 32 | |||
| 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 | |||
| 10.1. Informative References . . . . . . . . . . . . . . . . . 32 | 10.1. Informative References . . . . . . . . . . . . . . . . . 32 | |||
| 10.2. Normative References . . . . . . . . . . . . . . . . . . 33 | 10.2. Normative References . . . . . . . . . . . . . . . . . . 33 | |||
| Appendix A. Change History . . . . . . . . . . . . . . . . . . . 34 | Appendix A. Change History . . . . . . . . . . . . . . . . . . . 34 | |||
| A.1. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 34 | A.1. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 34 | |||
| A.2. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 35 | A.2. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 35 | |||
| A.3. Change from 02 to 03 . . . . . . . . . . . . . . . . . . 35 | A.3. Change from 02 to 03 . . . . . . . . . . . . . . . . . . 35 | |||
| A.4. Change from 03 to 04 . . . . . . . . . . . . . . . . . . 35 | A.4. Change from 03 to 04 . . . . . . . . . . . . . . . . . . 35 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 35 | A.5. Change from 04 to 05 . . . . . . . . . . . . . . . . . . 36 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 36 | ||||
| 1. Introduction | 1. Introduction | |||
| This document describes an RDAP extension for explicitly identifying | This document describes an RDAP extension for explicitly identifying | |||
| redacted RDAP response fields, using JSONPath as the default | redacted RDAP response fields, using JSONPath as the default | |||
| expression language. A redacted RDAP field is one that has data | expression language. A redacted RDAP field is one that has data | |||
| removed from the RDAP response due to the lack of client privilege to | removed from the RDAP response due to the lack of client privilege to | |||
| receive the field. This extension can be used to identify redacted | receive the field. This extension can be used to identify redacted | |||
| RDAP fields in any RDAP object class, as defined in [RFC9083], or | RDAP fields in any RDAP object class, as defined in [RFC9083], or | |||
| RDAP fields defined in RDAP extensions. Because an RDAP response may | RDAP fields defined in RDAP extensions. Because an RDAP response may | |||
| skipping to change at page 8, line 13 ¶ | skipping to change at page 8, line 13 ¶ | |||
| ] | ] | |||
| Figure 7: Redacted Email using Replacement Value a "related" | Figure 7: Redacted Email using Replacement Value a "related" | |||
| links member to a web form | links member to a web form | |||
| 4. Redacted RDAP Response | 4. Redacted RDAP Response | |||
| 4.1. RDAP Conformance | 4.1. RDAP Conformance | |||
| RDAP responses that contain values described in this document MUST | RDAP responses that contain values described in this document MUST | |||
| indicate conformance with this specification by including an | indicate conformance with this specification by including an | |||
| rdapConformance ([RFC9083]) value of "redacted_level_0.2". The | "rdapConformance" ([RFC9083]) value of "redacted_level_0_3". The | |||
| "redacted" extension identifier, used as the prefix of the | "redacted_level_0_3" extension identifier is described in | |||
| rdapConformance value, is described in Section 6.1. | Section 6.1. | |||
| Example rdapConformance member with the redacted extension: | Example "rdapConformance" member with the redacted extension: | |||
| "rdapConformance": [ | "rdapConformance": [ | |||
| "rdap_level_0", | "rdap_level_0", | |||
| "redacted_level_0.2" | "redacted_level_0_3" | |||
| ] | ] | |||
| Figure 8: rdapConformance with Redacted Extension | Figure 8: "rdapConformance" with Redacted Extension | |||
| 4.2. "redacted" Member | 4.2. "redacted" Member | |||
| The "redacted" member MUST be added to the RDAP response when there | The "redacted" member MUST be added to the RDAP response when there | |||
| are redacted fields. The "redacted" member is included as a member | are redacted fields. The "redacted" member is included as a member | |||
| of the object class in a lookup response, such as the object classes | of the object class in a lookup response, such as the object classes | |||
| defined in [RFC9083], and as a member of the object instances in a | defined in [RFC9083], and as a member of the object instances in a | |||
| search response, such as the object instances defined in [RFC9083]. | search response, such as the object instances defined in [RFC9083]. | |||
| The "redacted" member contains an array of redacted objects with the | The "redacted" member contains an array of redacted objects with the | |||
| following child members: | following child members: | |||
| skipping to change at page 17, line 42 ¶ | skipping to change at page 17, line 42 ¶ | |||
| ] | ] | |||
| } | } | |||
| Figure 9: Unredacted RDAP Lookup Response | Figure 9: Unredacted RDAP Lookup Response | |||
| Example redacted version of an RDAP lookup response: | Example redacted version of an RDAP lookup response: | |||
| { | { | |||
| "rdapConformance": [ | "rdapConformance": [ | |||
| "rdap_level_0", | "rdap_level_0", | |||
| "redacted_level_0.2" | "redacted_level_0_3" | |||
| ], | ], | |||
| "objectClassName": "domain", | "objectClassName": "domain", | |||
| "ldhName": "example.com", | "ldhName": "example.com", | |||
| "secureDNS": { | "secureDNS": { | |||
| "delegationSigned": false | "delegationSigned": false | |||
| }, | }, | |||
| "notices": [ | "notices": [ | |||
| { | { | |||
| "title": "Terms of Use", | "title": "Terms of Use", | |||
| "description": [ | "description": [ | |||
| skipping to change at page 28, line 10 ¶ | skipping to change at page 28, line 10 ¶ | |||
| ] | ] | |||
| } | } | |||
| Figure 11: Unredacted RDAP Search Response | Figure 11: Unredacted RDAP Search Response | |||
| Example redacted version of an RDAP search response: | Example redacted version of an RDAP search response: | |||
| { | { | |||
| "rdapConformance": [ | "rdapConformance": [ | |||
| "rdap_level_0", | "rdap_level_0", | |||
| "redacted_level_0.2" | "redacted_level_0_3" | |||
| ], | ], | |||
| "domainSearchResults":[ | "domainSearchResults":[ | |||
| { | { | |||
| "objectClassName": "domain", | "objectClassName": "domain", | |||
| "ldhName": "example1.com", | "ldhName": "example1.com", | |||
| "links":[ | "links":[ | |||
| { | { | |||
| "value":"https://example.com/rdap/domain/example1.com", | "value":"https://example.com/rdap/domain/example1.com", | |||
| "rel":"self", | "rel":"self", | |||
| "href":"https://example.com/rdap/domain/example1.com", | "href":"https://example.com/rdap/domain/example1.com", | |||
| skipping to change at page 31, line 9 ¶ | skipping to change at page 31, line 9 ¶ | |||
| 9. RDAP extensions should define any special JSONPath considerations | 9. RDAP extensions should define any special JSONPath considerations | |||
| required to identify redacted RDAP fields if these considerations | required to identify redacted RDAP fields if these considerations | |||
| are insufficient. | are insufficient. | |||
| 6. IANA Considerations | 6. IANA Considerations | |||
| 6.1. RDAP Extensions Registry | 6.1. RDAP Extensions Registry | |||
| IANA is requested to register the following value in the RDAP | IANA is requested to register the following value in the RDAP | |||
| Extensions Registry: | Extensions Registry: | |||
| Extension identifier: redacted_level_0_3 | ||||
| Registry operator: Any | ||||
| Published specification: This document. | ||||
| Contact: IESG <iesg@ietf.org> | ||||
| Intended usage: This extension identifier is used for an | ||||
| "rdapConformance" value when returning the "redacted" member in | ||||
| the JSON response. | ||||
| Extension identifier: redacted | Extension identifier: redacted | |||
| Registry operator: Any | Registry operator: Any | |||
| Published specification: This document. | Published specification: This document. | |||
| Contact: IESG <iesg@ietf.org> | Contact: IESG <iesg@ietf.org> | |||
| Intended usage: This extension identifies the redacted fields in an | Intended usage: This extension prefix identifier is used for the | |||
| RDAP response. | "redacted" member returned in the JSON response. | |||
| 6.2. JSON Values Registry | 6.2. JSON Values Registry | |||
| Section 10.2 of [RFC9083] defines the JSON Values Registry with pre- | Section 10.2 of [RFC9083] defines the JSON Values Registry with pre- | |||
| defined Type field values and the use of the "Expert Review" policy | defined Type field values and the use of the "Expert Review" policy | |||
| defined in [RFC8126]. Two new JSON Values Registry Type field values | defined in [RFC8126]. Two new JSON Values Registry Type field values | |||
| are used to register pre-defined redacted name and reason values: | are used to register pre-defined redacted name and reason values: | |||
| "redacted name": Redacted name being registered. The registered | "redacted name": Redacted name being registered. The registered | |||
| redacted name is referenced using the "type" field of the | redacted name is referenced using the "type" field of the | |||
| skipping to change at page 35, line 40 ¶ | skipping to change at page 35, line 48 ¶ | |||
| implementation by Mario Loffredo. | implementation by Mario Loffredo. | |||
| 4. Added use of numbered figures for easy reference for JSON Values | 4. Added use of numbered figures for easy reference for JSON Values | |||
| Registry registrations. | Registry registrations. | |||
| 5. Updated the example unredacted and redacted lookup responses to | 5. Updated the example unredacted and redacted lookup responses to | |||
| include the "objectClassName" and "handle" members. | include the "objectClassName" and "handle" members. | |||
| 6. Changed RFC7482 and RFC7483 references to RFC9082 and RFC9083, | 6. Changed RFC7482 and RFC7483 references to RFC9082 and RFC9083, | |||
| respectively. | respectively. | |||
| A.4. Change from 03 to 04 | A.4. Change from 03 to 04 | |||
| 1. Changed the exstension identifier to be "redacted" instead of a | 1. Changed the extension identifier to be "redacted" instead of a | |||
| versioned value, which will be leveraged for both the | versioned value, which will be leveraged for both the | |||
| rdapConformance value and the JSON Values. | rdapConformance value and the JSON Values. | |||
| 2. Changed the RDAP Conformance to be "redaced_level_0.2", which | 2. Changed the RDAP Conformance to be "redaced_level_0.2", which | |||
| leveraged the extension identifier as a prefix along with | leveraged the extension identifier as a prefix along with | |||
| "_level_" and a pointed version number. The version number will | "_level_" and a pointed version number. The version number will | |||
| become "1.0" once the draft passes WGLC. | become "1.0" once the draft passes WGLC. | |||
| 3. Added the Redaction by Replacement Value Method. | 3. Added the Redaction by Replacement Value Method. | |||
| A.5. Change from 04 to 05 | ||||
| 1. Update the RDAP Extensions Registry entries to include the | ||||
| identifier that is used for the RDAP conformance value and to | ||||
| include the "redacted" prefix indentifier to use for the JSON | ||||
| response member. | ||||
| 2. Changed the RDAP Conformance to be "redacted_level_0_3", which is | ||||
| registered in the RDAP Extensions Registry. The RDAP Conformance | ||||
| value will become "redacted_level_1" once the draft passes WGLC. | ||||
| Authors' Addresses | Authors' Addresses | |||
| James Gould | James Gould | |||
| VeriSign, Inc. | VeriSign, Inc. | |||
| 12061 Bluemont Way | 12061 Bluemont Way | |||
| Reston, VA 20190 | Reston, VA 20190 | |||
| United States of America | United States of America | |||
| Email: jgould@verisign.com | Email: jgould@verisign.com | |||
| URI: http://www.verisigninc.com | URI: http://www.verisigninc.com | |||
| David Smith | David Smith | |||
| VeriSign, Inc. | VeriSign, Inc. | |||
| End of changes. 17 change blocks. | ||||
| 16 lines changed or deleted | 37 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||