Re: FYI: EPP implementation by the Polish registry
Eric Brunner-Williams in Portland Maine <brunner <at> nic-naa.net>
2003-03-03 15:47:52 GMT
> why do domain/contact/.. not have granular information about privacy?
Asked and answered.
1. Because operationally, policing at the session level is sufficient to
support persistent policing across multiple distinct objects, or support
2. Because syntactically, if epp is to remain extensible, and xml-based,
adding attributes to elements is either pervasive, or specific. As this
WG lost the technical/social distinction with the expiry of Ross' draft,
we don't have a handy hook for being "specific", and "pervasive" makes
conditionally "private" even the data the registrants who have standing
to "privacy" under EU framework UNCONDITIONALLY SEEK TO PUBLISH.
3. Because semantically, it isn't simply contemporanious publication via
954 that is of issue, particularly in the EU, but also in the OEDC, and
potentially even the US. Also required is some mechanism to identify the
repurposing of registrant (and registrar) data, as bulk-access is a real
practice, with abuses. Also required is some mechanism to identify the
availability of collected registrant (and registrar) data for correction.
Also required is some mechanism to identify the duration that data is
held by the collector.
Adding these semantics to complexType elements would be complex, and has
no benefit over attaching the same semantics to aggregations of elements
that are NEVER DISAGGREGATED, aka "objects". There is little observed or
hypothetical inter-object disaggregation of policy that cannot be reasonably,
and scalably met, by bounding sessions by policy discontinuity.