Registration Data Access Protocol (RDAP) Extension for Verified Contact InformationIIT-CNR/Registro.itVia Moruzzi,1PisaIT56124mario.loffredo@iit.cnr.ithttp://www.iit.cnr.itIIT-CNR/Registro.itVia Moruzzi,1PisaIT56124maurizio.martinelli@iit.cnr.ithttp://www.iit.cnr.itVeriSign, Inc.12061 Bluemont WayRestonVA20190USjgould@verisign.comhttp://www.verisigninc.comDENIC eGTheodor-Stern-Kai 1Frankfurt am MainDEpawel.kowalik@denic.dehttps://denic.deVerifiedContactsExtensionThis document describes an extension to the Registration Data Access Protocol (RDAP) that allows the inclusion of verification status information for contact fields such as email addresses and phone numbers. The goal is to improve data quality and trustworthiness of RDAP responses by indicating which pieces of contact data have been verified and how.IntroductionThe Registration Data Access Protocol (RDAP) provides access to registration data for domain names, IP addresses, and autonomous system numbers. However, RDAP responses do not currently include explicit information about whether contact information such as email addresses or phone numbers has been verified.This document defines a simple extension that enables RDAP providers to include verification status for contact fields. This is useful in contexts where contact verification may be legally required or strongly recommended.In particular, Article 28 of Directive (EU) 2022/2555 () requires top-level domain (TLD) name registries and domain name registrars to collect and maintain accurate and complete domain name registration data. Assuring accuracy and completeness of registration data may involve verification of contact details and, in some cases, publishing their verification status—either in a publicly accessible RDAP service or in a closed RDAP service requiring prior authorization for legitimate access seekers or authorities. The extension defined in this document can support compliance with these obligations by enabling the inclusion of verification status for contact fields in RDAP responses in a standardized way.
Conventions Used in This DocumentThe key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14
when, and only when, they
appear in all capitals, as shown here.RDAP ConformanceServers implementing this extension MUST include the string "verifiedContacts" in the "rdapConformance" () array of all relevant RDAP responses.
The registration of the "verifiedContacts" extension identifier is described in .JSON StructureThe verification information is conveyed via a new top-level object member named "verifiedContacts_data" within the entity objects.Entity object including the "verifiedContacts_data" member
{
"objectClassName": "entity",
"handle": "ABC123-EXAMPLE",
"rdapConformance": ["rdap_level_0", "verifiedContacts"],
...
"verifiedContacts_data":
{
[
"claims": ["name", "address"],
"verificationDate": "2025-03-15T12:00:00Z",
"trustFramework": "eidas",
"verifierId": "Registro.it",
"verificationId": "verif-20250315-0001",
"evidence": "idcard",
"method": "auth"
],
[
"claims": ["email"],
"verificationDate": "2025-03-10T09:30:00Z",
"trustFramework": "registro.it",
"verifierId": "Registro.it",
"verificationId": "verif-20250310-0001",
"method": "reachability",
"remarks" :
[
{
"description" :
[
"E-mail verification embedded
in onboarding process."
]
}
]
]
...
}
}
verifiedContacts_data StructureThe "verifiedContacts_data" member is an array if objects containing:
"verificationDate":
(OPTIONAL) A string with the date and time of verification, represented as an date-time profile format.
"verifierId":
(OPTIONAL) Verifier identifier, that is a server unique number or a delimited string using a '-' as a separator character to support a regional or globally unique identifier.
The minimum length is 1 character and the maximum length is 40 characters. The set of verifiers and verifier identifiers is up to server policy.
"verifierName":
(OPTIONAL) Verifier name of the verifier that is a simple character string, with a minimum length of 1 character and a maximum length of 40 characters. The set of verifiers and verifier identifiers is up to server policy.
"verificationId":
(OPTIONAL) Verification identifier that unambigously identifies the verification performed by the verification provider.
"claims":
(OPTIONAL) An array of strings indicating which parts of the data has been verified in a given process.The list of allowed values is specified by entries of a type "verified contact claim" in "RDAP JSON Values Registry" and is extendible.This specification defines the following set of values based on :
"email":
E-mail address.
"phone number":
Voice phone number.
"fax":
Fax phone number.
"address":
Address.
"name":
Entities full name.
"given name":
Given name or first name of the entity.
"family name":
Surname or last name of the entity.
"birthdate":
Date of birth.
"trustFramework":
(OPTIONAL) A string determining the trust framework governing the identity verification process.The list of allowed values is specified by entries of a type "verified contact trust framework" in "RDAP JSON Values Registry" and is extendible.If the verification is conducted according to the policy framework of server operator, this value SHOULD be specific to this operator unless external policy has been adopted.This specification defines the following set of values:
"eidas":
The verification has been conducted in accordance with the EU regulation No 910/2014 (eIDAS).
"private":
The verification has been conducted in accordance private policy framework of server operator.
"method":
(OPTIONAL) A string indicating a verification method.The list of allowed values is specified by entries of a type "verified contact method" in "RDAP JSON Values Registry" and is extendible.This specification defines the following set of values, based on Check Methods defined in referred from :
"vpip":
Validation that physical evidence is genuine through inspection of its physical properties in person.
"vpiruv":
Validation that physical evidence is genuine through inspection of its physical properties in person including its optical characteristics under non-visible light.
"vri":
Validation that physical evidence is genuine through the inspection of an image taken remotely under visible light.
"vdig":
Validation that digital/electronic evidence is genuine by the inspection of its properties and content.
"vcrypt":
Validation the cryptographic security features of the evidence are intact and correct.
"data":
Found an existing electronic record that matches the claims made by the user.
"auth":
Verifying the user is the owner of the claims by use of an electronic authentication process that is linked to the owner of the claims.
"token":
Verifying the user is the owner of the claims by use of an electronic authentication token such as hardware token or smartcard that is linked and issued to the owner of the claims.
"kbv":
Verifying the user is the owner of the claims by knowledge based challenges/questions that only the owner of the claims should know how to answer.
"pvp":
Physical verification in person by a qualified/authorised person, the comparison of a physical characteristic (such as face) of the user with a known image/template of the owner of the claims.
"pvr":
Physical verification by a qualified/authorised person when the user is remote, the comparison of a physical characteristic (such as face) from an image or video of the user with a known image/template of the owner of the claims.
"bvp":
Biometric verification by an automated system with the user physically present to the system and the verifier, the use of a biometric modality (such as face) to match the user with a known template of the owner of the claims.
"bvr":
Biometric verification by an automated system where the user and capture device is remote to the verifier, the use of a biometric modality (such as face) to match the user with a known template of the owner of the claims.
"reachability":
Verification conducted in a way that confirms the reliability of the chosen communication method, requiring the recipient to actively acknowledge receipt through an appropriate confirmation action, such as signing a confirmation of receipt, entering a code or clicking a link
"evidence":
(OPTIONAL) A string indicating an evidence used in the verification.The list of allowed values is specified by entries of a type "verified contact evidence" in "RDAP JSON Values Registry" and is extendible.This specification defines the following set of values, based on Documents, Electronic records and Vouches defined in referred from :
"idcard":
An identity document issued by a country's government for the purpose of identifying a citizen.
"passport":
A passport is a travel document, usually issued by a country's government, that certifies the identity and nationality of its holder primarily for the purpose of international travel.
"residence permit":
Official document permitting an individual to reside within a particular jurisdiction.
"bank statement":
Bank statement from a recognized banking institution.
"utility statement":
Statement from a recognized utility provider.
"tax statement":
Statement from a country's tax authority.
"birth certificate":
Official document certifying the circumstances of a birth.
"birth register":
A record from an official register of births.
"population register":
A record from an official population register.
"written attestation":
A written/printed statement/letter from a recognised person or authority regarding the identity of the entity.
"digital attestation":
A statement from a recognised person or authority regarding the identity of the entiry that was made and stored electronically.
"email ver transaction log":
A digital transaction log of an appropriate confirmation action of email verification, such as entering a code or clicking a link.
"postal ver transaction log":
A digital transaction log of an appropriate confirmation action of postal verification, such as confirmation of receipt, entering a code or clicking a link.
"address database":
Information from a reliable address database.
"remarks":
(OPTIONAL) property, which is an array of remarks (see ).
"extension":
(OPTIONAL) property, which is a map of objects.The list of allowed values is specified by entries of a type "verified contact extension" in "RDAP JSON Values Registry" and is extendible.This specification does not specify any entries to this registry leaving it open for other specificiations.
Combining Evidence and MethodIn most common cases a verification of data consists of comparison against some authoritative source or document (evidence) using one of the allowed methods (method) within a defined trust framework. The same evidence may be verified using different methods, just as the same method may be applied to different evidences. Therefore, a description of the verification process typically specifies the values in a combination.Real life examples of such combinations:
Email verification
{
...
"verifiedContacts_data":
{
[
"claims": ["email"],
"method": "reachability",
"evidence": "email ver transaction log",
"remarks" :
[
{
"description" :
[
"Sending a confirmation link to
the specified email address and
requiring user interaction (e.g.,
clicking the link) to confirm
ownership."
]
}
]
]
...
}
}
Address Verification
{
...
"verifiedContacts_data":
{
[
"claims": ["address"],
"method": "data",
"evidence": "address database",
"remarks" :
[
{
"description" :
[
"Verification of the postal address using
a geolocation or address validation service
(e.g., Google Maps API, OpenStreetMap,
postal databases)."
]
}
]
]
...
}
}
Manual review
{
...
"verifiedContacts_data":
{
[
"claims": ["name", "address"],
"method": "pvr",
"evidence": "idcard",
"remarks" :
[
{
"description" :
[
"Manual review of contact data by a human operator
(e.g., calling the phone number, making a live
video call, inspecting submitted documentation)."
]
}
]
]
...
}
}
This extension supports the following versioning types as defined in :
Opaque Versioning: The Opaque Extension Version Identifier is "verifiedContacts".
Semantic Versioning: The Semantic Extension Version Identifier is "verifiedContacts-0.3".
The Semantic Extension Version Identifier is "verifiedContacts-0.2" for draft-loffredo-regext-rdap-verified-contacts-02 and "verifiedContacts-0.1" for draft-loffredo-regext-rdap-verified-contacts-01.
When there are interface changes to the extension, the Semantic Extension Version Identifier will be incremented, which may not match the draft version number. When the draft becomes a working group document and passes Working Group Last Call (WGLC), the Semantic Extension Version Identifier will be changed to "verifiedContacts-1.0".
IANA ConsiderationsRDAP Extensions RegistryIANA is requested to register the following value in the RDAP
Extensions Registry:
Extension identifier:
verifiedContacts
Registry operator:
Any
Published specification:
This document.
Contact:
IETF <iesg@ietf.org>
Intended usage:
This extension identifies RDAP extension for verified contact information.
RDAP JSON Values RegistrySection 10.2 of defines the
RDAP JSON Values Registry with pre-defined Type field values and the use of the
"Expert Review" policy defined in .
This specification defines new RDAP JSON Values Registry Type field
values that can be used to register pre-defined "verified contact claim", "verified contact method",
"verified contact trust framework", "verified contact evidence" and "verified contact extension" values.
IANA is requested to update the RDAP JSON Values
Registry to accept these additional type field values as follows:
"verified contact claim":
Verified contact claim being registered. The registered "verified contact claim"
is referenced using a sub-field of the verified contacts "verifiedContacts_data" field.
"verified contact method":
Verified contact method being registered. The "verified contact method"
is referenced using the "method" field of the verified contacts detail
(e.g., "email", "voice", "fax", "addr") field.
"verified contact evidence":
Verified contact evidence being registered. The "verified contact evidence"
is referenced using a sub-field of the verified contacts "verifiedContacts_data" field.
"verified contact trust framework":
Verified contact trust framework registered. The "verified contact trust framework"
is referenced using a sub-field of the verified contacts "verifiedContacts_data" field.
"verified contact extension":
Verified contact extension field being registered. The "verified contact extension"
is referenced using a sub-field of the verified contacts "verifiedContacts_data" field.
IANA is requested to register the following in the RDAP JSON Values Registry, described in :
Value:
email
Type:
verified contact claim
Description:
E-mail address.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
phone number
Type:
verified contact claim
Description:
Voice phone number.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
fax
Type:
verified contact claim
Description:
Fax phone number.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
address
Type:
verified contact claim
Description:
Address.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
name
Type:
verified contact claim
Description:
Entities full name.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
given name
Type:
verified contact claim
Description:
Given name or first name of the entity.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
family name
Type:
verified contact claim
Description:
Surname or last name of the entity.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
birthdate
Type:
verified contact claim
Description:
Date of birth.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
vpip
Type:
verified contact method
Description:
Validation that physical evidence is genuine through inspection of its physical properties in person.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
vpiruv
Type:
verified contact method
Description:
Validation that physical evidence is genuine through inspection of its physical properties in person including its optical characteristics under non-visible light.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
vri
Type:
verified contact method
Description:
Validation that physical evidence is genuine through the inspection of an image taken remotely under visible light.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
vdig
Type:
verified contact method
Description:
Validation that digital/electronic evidence is genuine by the inspection of its properties and content.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
vcrypt
Type:
verified contact method
Description:
Validation the cryptographic security features of the evidence are intact and correct.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
data
Type:
verified contact method
Description:
Found an existing electronic record that matches the claims made by the user.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
auth
Type:
verified contact method
Description:
Verifying the user is the owner of the claims by use of an electronic authentication process that is linked to the owner of the claims.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
token
Type:
verified contact method
Description:
Verifying the user is the owner of the claims by use of an electronic authentication token such as hardware token or smartcard that is linked and issued to the owner of the claims.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
kbv
Type:
verified contact method
Description:
Verifying the user is the owner of the claims by knowledge based challenges/questions that only the owner of the claims should know how to answer.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
pvp
Type:
verified contact method
Description:
Physical verification in person by a qualified/authorised person, the comparison of a physical characteristic (such as face) of the user with a known image/template of the owner of the claims.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
pvr
Type:
verified contact method
Description:
Physical verification by a qualified/authorised person when the user is remote, the comparison of a physical characteristic (such as face) from an image or video of the user with a known image/template of the owner of the claims.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
bvp
Type:
verified contact method
Description:
Biometric verification by an automated system with the user physically present to the system and the verifier, the use of a biometric modality (such as face) to match the user with a known template of the owner of the claims.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
bvr
Type:
verified contact method
Description:
Biometric verification by an automated system where the user and capture device is remote to the verifier, the use of a biometric modality (such as face) to match the user with a known template of the owner of the claims.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
reachability
Type:
verified contact method
Description:
Verification conducted in a way that confirms the reliability of the chosen communication method, requiring the recipient to actively acknowledge receipt through an appropriate confirmation action, such as signing a confirmation of receipt, entering a code or clicking a link.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
idcard
Type:
verified contact evidence
Description:
An identity document issued by a country's government for the purpose of identifying a citizen.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
passport
Type:
verified contact evidence
Description:
A passport is a travel document, usually issued by a country's government, that certifies the identity and nationality of its holder primarily for the purpose of international travel.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
residence permit
Type:
verified contact evidence
Description:
Official document permitting an individual to reside within a particular jurisdiction.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
bank statement
Type:
verified contact evidence
Description:
Bank statement from a recognized banking institution.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
utility statement
Type:
verified contact evidence
Description:
Statement from a recognized utility provider.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
tax statement
Type:
verified contact evidence
Description:
Statement from a country's tax authority.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
birth certificate
Type:
verified contact evidence
Description:
Official document certifying the circumstances of a birth.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
birth register
Type:
verified contact evidence
Description:
A record from an official register of births.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
population register
Type:
verified contact evidence
Description:
A record from an official population register.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
written attestation
Type:
verified contact evidence
Description:
A written/printed statement/letter from a recognised person or authority regarding the identity of the entity.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
digital attestation
Type:
verified contact evidence
Description:
A statement from a recognised person or authority regarding the identity of the entiry that was made and stored electronically.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
email ver transaction log
Type:
verified contact evidence
Description:
A digital transaction log of an appropriate confirmation action of email verification, such as entering a code or clicking a link.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
postal ver transaction log
Type:
verified contact evidence
Description:
A digital transaction log of an appropriate confirmation action of postal verification, such as confirmation of receipt, entering a code or clicking a link.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
address database
Type:
verified contact evidence
Description:
Information from a reliable address database.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
eidas
Type:
verified contact trust framework
Description:
The verification has been conducted in accordance with the EU regulation No 910/2014 (eIDAS).
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Value:
private
Type:
verified contact trust framework
Description:
The verification has been conducted in accordance private policy framework of server operator.
Registrant Name:
IETF
Registrant Contact Information:
iesg@ietf.org
Security ConsiderationsContact verification data may have privacy implications. Servers MUST ensure that disclosure of this information complies with applicable data protection laws and policies.The authors wish to thank the following persons for their feedback
and suggestions: .ReferencesNormative ReferencesDirective (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive)European Parliament and CouncilOpenID Identity Assurance Schema Definitionsprind.orgAuthleteConsidrd.Consulting LtdSantander1&1 Mail & Media Development & Technology GmbHKDDI CorporationOverview page for predefined valuesOpenID FoundationOpenID Connect Core 1.0 incorporating errata set 1NRIPing IdentityMicrosoftGoogleSalesforceChange HistoryChange from 00 to 01
Made The "verifiedContacts_data" keys consistent with those defined in draft-ietf-regext-rdap-jscontact.
Further specified the verification methods and changed their format to CamelCase.
Change from 01 to 02
Added definition of the "verified contact detail" and "verified contact method" RDAP JSON Values types and added a set of RDAP JSON Values registrations.
Updated the "method" values to be lowercase with a space word separator to match the requirement for registered RDAP JSON Values.
Added support for semantic versioning using the versioning extension and included the semantic versions for the prior draft versions.
Added the "all", "email", "voice", "fax", and "addr" verified contact detail registration.
Added the "verifierId" optional field to reference who performed the verification.
Added the "verificationId" optional field to reference the unique verification performed by the verification provider.
Added the "trustFramework" optional field to reference the policy framework of the verification
Make verification date optional
Clarified that the extension can be used in both public and restricted RDAP services
Make possible to have multiple verification objects.
Add verification evidence as optional field.
Change reference to verified data as an array instead of object key, to enable multiple verifications referring to the same data element and avoid same verification object repeated if multiple data elements were verified.
Change from 02 to 03
Rename "verified contact detail" to "verified contact claim" to match terminology with .