Re: [ietf-provreg] [BH] P3P and Extensible Provisioning Protocol

> > > If the initial data collection had a particular policy (P3P)
> >
> > This may be a theory-of-foo bump, or it may be a slow moving armidillo,
> > but data originates at a registrar.
> > We (epp-hat==1) aren't designing the registrar's UI.
> 
> So is the information covered is not my data (my contact info I've placed 
> with the registrar) but the registrars information? I continue to fail to 
> understand exactly what information the practice applies to and governs. I 
> suspect a step-by-step scenario would be immensely useful.

We have some rules, things like delete-object-before-create-object returns
an error.

What we don't have rule about are where registrars go to get "data", they
could just be making it up.

There is no in-band mechanism to distinguish "registrar-generated-data"
from "entity-other-than-registrar-generated-data".

There is a data collection policy announcement from a data collector, which
is indifferent as to the originator of the data which it collects, and it is
possible that a registrar might use non-fictive data.

Did the registrar use P3P when collecting the data? I've no idea. I don't
even know if the registrar was the initial data collector, or if the initial
data collector was a reseller and the registrar engaged in onward-transport.
I don't know how the data got to the registrar.

What the <dcp> covers is _everything_ in a session. Since sessions exhaust,
for the time being, the semantics of state exchange between registrars and
registries, everything collected by a registry is policied. Note that any
registry may have a number other than one of applicable <dcp> statements,
with non-overlapping session-scope.

Eric

Received on Monday, 14 April 2003 18:20:11 UTC