Hi RySG Team,


Thank you for this feedback. I believe IPC can support all the points below, with one comment and one question:


With agreement in principle that abusive requestors should be suspended, we would pause to ensure that there is sufficient “due process” to confirm that erroneous submissions and the like do not result in inappropriate suspension.


We would like to discuss further your final point, regarding point (P). How would you envision that operating? What controls would be needed?


Brian J. King  
Director of Internet Policy and Industry Affairs


T +1 443 761 3726


Protecting companies and consumers in a digital world


From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Anderson, Marc via Gnso-epdp-team
Sent: Friday, October 25, 2019 8:59 PM
To: marika.konings@icann.org; gnso-epdp-team@icann.org
Subject: Re: [Gnso-epdp-team] For your review - accreditation building block by Friday 25 Oct COB


EPDP Colleagues,


I’m submitting the following on behalf of the RySG representatives.







EPDP Team,


The RySG has the following general feedback on Building Blocks F and J (Authentication / Authorization / Accreditation).  Where applicable specific feedback/suggested edits will be made directly to the google document.


We would like to express our appreciation for the recent contributions by Alex Deacon.  His input captures many areas of agreement and provides a useful basis for moving forward our deliberations on authentication.  We do note that for some sections the text is more principle based, rather than clearly a policy recommendation.  While this is useful at our current stage of deliberation, these principles should be converted to implementable recommendations before they are final.


We note Marika’s clarification text that accreditation in this document does not refer to accreditation/certification as discussed in GDPR Article 42/43.  That said, our internal review of this building block revealed that there is still a good deal of confusion around definitions, particularly Accreditation, Authentication and Authorization.  We intend to provide separate feedback to those definitions to help clarify.


On revocation of credentials, the RySG feels that graduated penalties should only apply to an Accreditation Authority.  Suspension of an Accreditation Authority would adversely affect everyone that entity has accredited.  This may negatively impact legitimate accredited users so a graduated approach to suspension makes sense here.  In cases of abuse by an individual user though, suspension should be immediate and absolute.


The RySG recognizes that the charter specifically asks the working group to consider how RDAP (that is technically capable) applies to accreditation.  We are supportive of this charter question and the importance of making sure the policy recommendations are “implementable”.  While RDAP is the current technology of choice we feel it’s best for the policy recommendations to be technology agnostic referencing the generic Registration Data Directory Services (RDDS) instead of the technology specific RDAP.


The RYSG strongly disagrees with the manner in which point (P) is structured. It is accepted that nothing in the SSAD should prevent, nor in truth, shall it prevent, a 3rd party from requesting disclosure directly from a controller (be that a registry or registrar). Should, however, a requester have been deemed to have misused, or abused the SSAD / accreditation process such that their access to the SSAD and their accreditation has been revoked, this is of vital importance to the Controller, and in fact would also be certainly considered to be a disqualifying factor for any subsequent disclosure of data to that user by that Controller. In isolated systems of disclosure, a controller would not ordinarily know of such an issue; however, the EPDP must be clear that in such an interconnected system, there can be no built-in legal back doors, or ‘second bites of the apple’ for such ‘users’.  Allowing such would be encouraging data breach.


Thank you,

RySG Team



From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Marika Konings
Sent: Thursday, October 24, 2019 2:42 PM
To: gnso-epdp-team@icann.org
Subject: [EXTERNAL] [Gnso-epdp-team] For your review - accreditation building block by Friday 25 Oct COB


Dear EPDP Team,


Please note that staff has gone ahead and cleaned up the accreditation building block per today’s discussion for your review and input: https://docs.google.com/document/d/1-90NgBnkZt8mRL2acJUPOwoIkx5clvXlCaCC3RAOGWU/edit#.


As per the action items from today’s meeting, please provide any further edits or comments by Friday 25 October COB in the google doc.


Best regards,


Caitlin, Berry and Marika


Marika Konings

Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) 

Email: marika.konings@icann.org  


Follow the GNSO via Twitter @ICANN_GNSO

Find out more about the GNSO by taking our interactive courses and visiting the GNSO Newcomer pages