verification function
Hi, Sitting in the/IANA Department - Who, What, Why?/session. The question of who would perform the verification after NTIA no longer does it. Unless we assume that the function is not required, is this something that could just be farmed out to a professional audit company? avri
Avri, For the benefit of people not in the session, can you give a short description of what “verification” means in this context? One sentence should do it. Thanks, Steve On Feb 11, 2015, at 10:13 AM, Avri Doria <avri@acm.org> wrote:
Hi,
Sitting in the IANA Department - Who, What, Why? session.
The question of who would perform the verification after NTIA no longer does it.
Unless we assume that the function is not required, is this something that could just be farmed out to a professional audit company?
avri
_______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org https://mm.icann.org/mailman/listinfo/cwg-stewardship
On 11-Feb-15 10:23, Steve Crocker wrote:
Avri,
For the benefit of people not in the session, can you give a short description of what “verification” means in this context? One sentence should do it.
from the slides: Verification Changes that satisfy the policy requirements are transmitted to NTIA for verification. NTIA reviews the change and then gives authorization to proceed with publishing the change. http://singapore52.icann.org/en/schedule/wed-iana/presentation-iana-departme... On 11-Feb-15 10:23, Steve Crocker wrote:
Avri,
For the benefit of people not in the session, can you give a short description of what “verification” means in this context? One sentence should do it.
Thanks,
Steve
On Feb 11, 2015, at 10:13 AM, Avri Doria <avri@acm.org <mailto:avri@acm.org>> wrote:
Hi,
Sitting in the/IANA Department - Who, What, Why?/session.
The question of who would perform the verification after NTIA no longer does it.
Unless we assume that the function is not required, is this something that could just be farmed out to a professional audit company?
avri
_______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org <mailto:CWG-Stewardship@icann.org> https://mm.icann.org/mailman/listinfo/cwg-stewardship
Avri The RYSG comments suggested a secondary verification step within the IANA Dept. Or an independent third party, which could be a professional audit company. Any verification would need to meet the same service levels attained now, or better. Donna Sent from my iPhone On Feb 11, 2015, at 10:14 AM, Avri Doria <avri@acm.org<mailto:avri@acm.org>> wrote: Hi, Sitting in the IANA Department - Who, What, Why? session. The question of who would perform the verification after NTIA no longer does it. Unless we assume that the function is not required, is this something that could just be farmed out to a professional audit company? avri _______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org<mailto:CWG-Stewardship@icann.org> https://mm.icann.org/mailman/listinfo/cwg-stewardship
I believe "verification" was used as a synonym for what we have generally called "authorization" in our discussion of NTIA's role. Greg On Wed, Feb 11, 2015 at 10:25 AM, Donna Austin <Donna.Austin@ariservices.com
wrote:
Avri
The RYSG comments suggested a secondary verification step within the IANA Dept. Or an independent third party, which could be a professional audit company.
Any verification would need to meet the same service levels attained now, or better.
Donna
Sent from my iPhone
On Feb 11, 2015, at 10:14 AM, Avri Doria <avri@acm.org> wrote:
Hi,
Sitting in the *IANA Department - Who, What, Why?* session.
The question of who would perform the verification after NTIA no longer does it.
Unless we assume that the function is not required, is this something that could just be farmed out to a professional audit company?
avri
_______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org https://mm.icann.org/mailman/listinfo/cwg-stewardship
_______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org https://mm.icann.org/mailman/listinfo/cwg-stewardship
And I for one am deeply suspicious of including an authorisation process. It can only be on whether the process has been followed and the proposed changes are accurate: wouldn’t it be best to confirm with the customer? My concern is that the authorisation process as is is entirely administrative. I’d be unhappy with something that kept in place a role that may become a gatekeeper and could slow down a process. I’d also note that there could be jurisdiction questions associated with this role. Cheers Martin From: cwg-stewardship-bounces@icann.org [mailto:cwg-stewardship-bounces@icann.org] On Behalf Of Greg Shatan Sent: 11 February 2015 10:29 To: Donna Austin Cc: cwg-stewardship@icann.org Subject: Re: [CWG-Stewardship] verification function I believe "verification" was used as a synonym for what we have generally called "authorization" in our discussion of NTIA's role. Greg On Wed, Feb 11, 2015 at 10:25 AM, Donna Austin <Donna.Austin@ariservices.com<mailto:Donna.Austin@ariservices.com>> wrote: Avri The RYSG comments suggested a secondary verification step within the IANA Dept. Or an independent third party, which could be a professional audit company. Any verification would need to meet the same service levels attained now, or better. Donna Sent from my iPhone On Feb 11, 2015, at 10:14 AM, Avri Doria <avri@acm.org<mailto:avri@acm.org>> wrote: Hi, Sitting in the IANA Department - Who, What, Why? session. The question of who would perform the verification after NTIA no longer does it. Unless we assume that the function is not required, is this something that could just be farmed out to a professional audit company? avri _______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org<mailto:CWG-Stewardship@icann.org> https://mm.icann.org/mailman/listinfo/cwg-stewardship _______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org<mailto:CWG-Stewardship@icann.org> https://mm.icann.org/mailman/listinfo/cwg-stewardship
Martin, There currently is an authorization process. The RFP requires us to justify eliminating it. As to concerns about gatekeeper functions and delays -- if we were to carry on the role as defined currently (or even more lightweight/automated), and define it clearly, wthat should seem to control for the "slippery slope" concern. On the other hand, we need to explore the extent to which the authorization function is useful or helpful or worthwhile. I don't assume it is worth keeping just because it is there. Finally, as a point of information, can you clarify what you mean by jurisdictional concerns? Greg On Wed, Feb 11, 2015 at 11:31 AM, Martin Boyle <Martin.Boyle@nominet.org.uk> wrote:
And I for one am deeply suspicious of including an authorisation process. It can only be on whether the process has been followed and the proposed changes are accurate: wouldn’t it be best to confirm with the customer?
My concern is that the authorisation process as is is entirely administrative. I’d be unhappy with something that kept in place a role that may become a gatekeeper and could slow down a process. I’d also note that there could be jurisdiction questions associated with this role.
Cheers
Martin
*From:* cwg-stewardship-bounces@icann.org [mailto: cwg-stewardship-bounces@icann.org] *On Behalf Of *Greg Shatan *Sent:* 11 February 2015 10:29 *To:* Donna Austin *Cc:* cwg-stewardship@icann.org *Subject:* Re: [CWG-Stewardship] verification function
I believe "verification" was used as a synonym for what we have generally called "authorization" in our discussion of NTIA's role.
Greg
On Wed, Feb 11, 2015 at 10:25 AM, Donna Austin < Donna.Austin@ariservices.com> wrote:
Avri
The RYSG comments suggested a secondary verification step within the IANA Dept. Or an independent third party, which could be a professional audit company.
Any verification would need to meet the same service levels attained now, or better.
Donna
Sent from my iPhone
On Feb 11, 2015, at 10:14 AM, Avri Doria <avri@acm.org> wrote:
Hi,
Sitting in the *IANA Department - Who, What, Why?* session.
The question of who would perform the verification after NTIA no longer does it.
Unless we assume that the function is not required, is this something that could just be farmed out to a professional audit company?
avri
_______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org https://mm.icann.org/mailman/listinfo/cwg-stewardship
_______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org https://mm.icann.org/mailman/listinfo/cwg-stewardship
Greg, That it is there currently is probably more an historical legacy from when communications were predominantly paper. It might also have provided an element of immunity to the IANA functions operator in case of error. In response to your question: to many the process of authorisation has been seen as a mystery activity (even though the NTIA did keep telling people that it was purely an administrative check). For the USG to have a final say over changes to a ccTLD’s entry was seen as a threat over national sovereignty decisions. (Result: art 63 of the WSIS Tunis Agenda.) Making that decision the role of a US Counsel (or a counsel based in a foreign country) introduces a new and third party in a straight customer-supplier transaction. Hence why I suggest that if checking the change before it is carried out would be best the role of the customer. In Frankfurt, no one really argued for retention. We need to ask ourselves why we should keep the role, and if we do not have any strong reasons to keep it, why overlay another process? Reason for not including might then simply be, we do not think that the process is needed. Avri earlier in the discussion quoted Saint-Exupéry (from his book “Terre des Hommes”: “Il semble que la perfection soit atteinte non quand il n'y a plus rien à ajouter, mais quand il n'y a plus rien à retrancher”): “[it appears that] he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away." Best Martin From: Greg Shatan [mailto:gregshatanipc@gmail.com] Sent: 11 February 2015 13:39 To: Martin Boyle Cc: Donna Austin; cwg-stewardship@icann.org Subject: Re: [CWG-Stewardship] verification function Martin, There currently is an authorization process. The RFP requires us to justify eliminating it. As to concerns about gatekeeper functions and delays -- if we were to carry on the role as defined currently (or even more lightweight/automated), and define it clearly, wthat should seem to control for the "slippery slope" concern. On the other hand, we need to explore the extent to which the authorization function is useful or helpful or worthwhile. I don't assume it is worth keeping just because it is there. Finally, as a point of information, can you clarify what you mean by jurisdictional concerns? Greg On Wed, Feb 11, 2015 at 11:31 AM, Martin Boyle <Martin.Boyle@nominet.org.uk<mailto:Martin.Boyle@nominet.org.uk>> wrote: And I for one am deeply suspicious of including an authorisation process. It can only be on whether the process has been followed and the proposed changes are accurate: wouldn’t it be best to confirm with the customer? My concern is that the authorisation process as is is entirely administrative. I’d be unhappy with something that kept in place a role that may become a gatekeeper and could slow down a process. I’d also note that there could be jurisdiction questions associated with this role. Cheers Martin From: cwg-stewardship-bounces@icann.org<mailto:cwg-stewardship-bounces@icann.org> [mailto:cwg-stewardship-bounces@icann.org<mailto:cwg-stewardship-bounces@icann.org>] On Behalf Of Greg Shatan Sent: 11 February 2015 10:29 To: Donna Austin Cc: cwg-stewardship@icann.org<mailto:cwg-stewardship@icann.org> Subject: Re: [CWG-Stewardship] verification function I believe "verification" was used as a synonym for what we have generally called "authorization" in our discussion of NTIA's role. Greg On Wed, Feb 11, 2015 at 10:25 AM, Donna Austin <Donna.Austin@ariservices.com<mailto:Donna.Austin@ariservices.com>> wrote: Avri The RYSG comments suggested a secondary verification step within the IANA Dept. Or an independent third party, which could be a professional audit company. Any verification would need to meet the same service levels attained now, or better. Donna Sent from my iPhone On Feb 11, 2015, at 10:14 AM, Avri Doria <avri@acm.org<mailto:avri@acm.org>> wrote: Hi, Sitting in the IANA Department - Who, What, Why? session. The question of who would perform the verification after NTIA no longer does it. Unless we assume that the function is not required, is this something that could just be farmed out to a professional audit company? avri _______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org<mailto:CWG-Stewardship@icann.org> https://mm.icann.org/mailman/listinfo/cwg-stewardship _______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org<mailto:CWG-Stewardship@icann.org> https://mm.icann.org/mailman/listinfo/cwg-stewardship
I agree with Martin. The rationale for eliminating it is that it is primarily a customer-service supplier relationship and interjecting a third party adds nothing of value, potentially introduces delay or intervention, and is nothing more than a legacy of the USG’s desire to maintain control of the contents of the root zone. From: cwg-stewardship-bounces@icann.org [mailto:cwg-stewardship-bounces@icann.org] On Behalf Of Martin Boyle Sent: Wednesday, February 11, 2015 2:19 AM To: Greg Shatan Cc: cwg-stewardship@icann.org Subject: Re: [CWG-Stewardship] verification function Greg, That it is there currently is probably more an historical legacy from when communications were predominantly paper. It might also have provided an element of immunity to the IANA functions operator in case of error. In response to your question: to many the process of authorisation has been seen as a mystery activity (even though the NTIA did keep telling people that it was purely an administrative check). For the USG to have a final say over changes to a ccTLD’s entry was seen as a threat over national sovereignty decisions. (Result: art 63 of the WSIS Tunis Agenda.) Making that decision the role of a US Counsel (or a counsel based in a foreign country) introduces a new and third party in a straight customer-supplier transaction. Hence why I suggest that if checking the change before it is carried out would be best the role of the customer. In Frankfurt, no one really argued for retention. We need to ask ourselves why we should keep the role, and if we do not have any strong reasons to keep it, why overlay another process? Reason for not including might then simply be, we do not think that the process is needed. Avri earlier in the discussion quoted Saint-Exupéry (from his book “Terre des Hommes”: “Il semble que la perfection soit atteinte non quand il n'y a plus rien à ajouter, mais quand il n'y a plus rien à retrancher”): “[it appears that] he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away." Best Martin From: Greg Shatan [mailto:gregshatanipc@gmail.com] Sent: 11 February 2015 13:39 To: Martin Boyle Cc: Donna Austin; cwg-stewardship@icann.org<mailto:cwg-stewardship@icann.org> Subject: Re: [CWG-Stewardship] verification function Martin, There currently is an authorization process. The RFP requires us to justify eliminating it. As to concerns about gatekeeper functions and delays -- if we were to carry on the role as defined currently (or even more lightweight/automated), and define it clearly, wthat should seem to control for the "slippery slope" concern. On the other hand, we need to explore the extent to which the authorization function is useful or helpful or worthwhile. I don't assume it is worth keeping just because it is there. Finally, as a point of information, can you clarify what you mean by jurisdictional concerns? Greg On Wed, Feb 11, 2015 at 11:31 AM, Martin Boyle <Martin.Boyle@nominet.org.uk<mailto:Martin.Boyle@nominet.org.uk>> wrote: And I for one am deeply suspicious of including an authorisation process. It can only be on whether the process has been followed and the proposed changes are accurate: wouldn’t it be best to confirm with the customer? My concern is that the authorisation process as is is entirely administrative. I’d be unhappy with something that kept in place a role that may become a gatekeeper and could slow down a process. I’d also note that there could be jurisdiction questions associated with this role. Cheers Martin From: cwg-stewardship-bounces@icann.org<mailto:cwg-stewardship-bounces@icann.org> [mailto:cwg-stewardship-bounces@icann.org<mailto:cwg-stewardship-bounces@icann.org>] On Behalf Of Greg Shatan Sent: 11 February 2015 10:29 To: Donna Austin Cc: cwg-stewardship@icann.org<mailto:cwg-stewardship@icann.org> Subject: Re: [CWG-Stewardship] verification function I believe "verification" was used as a synonym for what we have generally called "authorization" in our discussion of NTIA's role. Greg On Wed, Feb 11, 2015 at 10:25 AM, Donna Austin <Donna.Austin@ariservices.com<mailto:Donna.Austin@ariservices.com>> wrote: Avri The RYSG comments suggested a secondary verification step within the IANA Dept. Or an independent third party, which could be a professional audit company. Any verification would need to meet the same service levels attained now, or better. Donna Sent from my iPhone On Feb 11, 2015, at 10:14 AM, Avri Doria <avri@acm.org<mailto:avri@acm.org>> wrote: Hi, Sitting in the IANA Department - Who, What, Why? session. The question of who would perform the verification after NTIA no longer does it. Unless we assume that the function is not required, is this something that could just be farmed out to a professional audit company? avri _______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org<mailto:CWG-Stewardship@icann.org> https://mm.icann.org/mailman/listinfo/cwg-stewardship _______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org<mailto:CWG-Stewardship@icann.org> https://mm.icann.org/mailman/listinfo/cwg-stewardship
As for authorization step service levels - I asked the question directly to NTIA as to how long they take, on average to process verification requests from IANA The answer was, if i recall well - within mins and at most several hours. IMHO that’s an quite efficient. Robert -- Robert Guerra Phone: +1 416-893-0377 Twitter: twitter.com/netfreedom Email: rguerra@privaterra.org PGP Keys : https://keybase.io/rguerra
On Feb 11, 2015, at 10:25 AM, Donna Austin <Donna.Austin@ariservices.com> wrote:
Avri
The RYSG comments suggested a secondary verification step within the IANA Dept. Or an independent third party, which could be a professional audit company.
Any verification would need to meet the same service levels attained now, or better.
Donna
Sent from my iPhone
On Feb 11, 2015, at 10:14 AM, Avri Doria <avri@acm.org <mailto:avri@acm.org>> wrote:
Hi,
Sitting in the IANA Department - Who, What, Why? session.
The question of who would perform the verification after NTIA no longer does it.
Unless we assume that the function is not required, is this something that could just be farmed out to a professional audit company?
avri
_______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org <mailto:CWG-Stewardship@icann.org> https://mm.icann.org/mailman/listinfo/cwg-stewardship <https://mm.icann.org/mailman/listinfo/cwg-stewardship>
CWG-Stewardship mailing list CWG-Stewardship@icann.org https://mm.icann.org/mailman/listinfo/cwg-stewardship
On Wed, Feb 11, 2015 at 10:13 AM, Avri Doria <avri@acm.org> wrote:
Hi,
Sitting in the *IANA Department - Who, What, Why?* session.
The question of who would perform the verification after NTIA no longer does it.
Unless we assume that the function is not required,
Hi Avri, That would be my assumption, however this may also depend on how the RZM management is handled after the transition (which by the way currently seem to be out of our scope)
is this something that could just be farmed out to a professional audit company?
I think either way the need for external audit could be an overkill, as described by Lisse and the NTIA rep during the session; there has not been any time when NTIA sent back the request passed to it by IANA neither is NTIA performing anything other than ticking off boxes (in this context).
From RIR background, I liken this to asking staff of RIR to be subject to external audit everytime they want to assign IP address to an applicant. The point is everyone does the audit/checking one way or the other and what is important is a process to cry foul when/if it happens.
Regards
avri
_______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org https://mm.icann.org/mailman/listinfo/cwg-stewardship
-- ------------------------------------------------------------------------ *Seun Ojedeji,Federal University Oye-Ekitiweb: http://www.fuoye.edu.ng <http://www.fuoye.edu.ng> Mobile: +2348035233535**alt email: <http://goog_1872880453>seun.ojedeji@fuoye.edu.ng <seun.ojedeji@fuoye.edu.ng>* The key to understanding is humility - my view !
Seun, RZM management is out of our scope.
On Feb 11, 2015, at 10:28 AM, Seun Ojedeji <seun.ojedeji@gmail.com> wrote:
On Wed, Feb 11, 2015 at 10:13 AM, Avri Doria <avri@acm.org <mailto:avri@acm.org>> wrote: Hi,
Sitting in the IANA Department - Who, What, Why? session.
The question of who would perform the verification after NTIA no longer does it.
Unless we assume that the function is not required,
Hi Avri,
That would be my assumption, however this may also depend on how the RZM management is handled after the transition (which by the way currently seem to be out of our scope)
is this something that could just be farmed out to a professional audit company?
I think either way the need for external audit could be an overkill, as described by Lisse and the NTIA rep during the session; there has not been any time when NTIA sent back the request passed to it by IANA neither is NTIA performing anything other than ticking off boxes (in this context).
From RIR background, I liken this to asking staff of RIR to be subject to external audit everytime they want to assign IP address to an applicant. The point is everyone does the audit/checking one way or the other and what is important is a process to cry foul when/if it happens.
Regards
avri
_______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org <mailto:CWG-Stewardship@icann.org> https://mm.icann.org/mailman/listinfo/cwg-stewardship <https://mm.icann.org/mailman/listinfo/cwg-stewardship>
-- ------------------------------------------------------------------------ Seun Ojedeji, Federal University Oye-Ekiti web: http://www.fuoye.edu.ng <http://www.fuoye.edu.ng/> Mobile: +2348035233535 <> alt email: <http://goog_1872880453/>seun.ojedeji@fuoye.edu.ng <mailto:seun.ojedeji@fuoye.edu.ng>
The key to understanding is humility - my view !
_______________________________________________ CWG-Stewardship mailing list CWG-Stewardship@icann.org https://mm.icann.org/mailman/listinfo/cwg-stewardship
Dear colleagues, On Wed, Feb 11, 2015 at 10:28:32AM +0800, Seun Ojedeji wrote:
I think either way the need for external audit could be an overkill, as described by Lisse and the NTIA rep during the session;
I agree. It seems to me that the verifications step as it exists today could nearly be performed by a small shell script, and perhaps what we ought to do is figure out what parts cannot be and suggest that people figure out a way to automate those too. Best regards, Andrew (PS: yes, I'm new to the list. I wasn't able to commit to this work in the past, but some changes in $dayjob have freed a tiny bit of time so I joined the list and the group. I've been following the list via the archives, but I hope my late arrival won't be too disruptive.) -- Andrew Sullivan ajs@anvilwalrusden.com
participants (9)
-
Andrew Sullivan -
Avri Doria -
Donna Austin -
Greg Shatan -
Martin Boyle -
Milton L Mueller -
Robert Guerra -
Seun Ojedeji -
Steve Crocker