rfc9537.original | rfc9537.txt | |||
---|---|---|---|---|
Network Working Group J.G. Gould | Internet Engineering Task Force (IETF) J. Gould | |||
Internet-Draft D.S. Smith | Request for Comments: 9537 D. Smith | |||
Intended status: Standards Track VeriSign, Inc. | Category: Standards Track VeriSign, Inc. | |||
Expires: 30 May 2024 J.K. Kolker | ISSN: 2070-1721 J. Kolker | |||
R.C. Carney | R. Carney | |||
GoDaddy Inc. | GoDaddy Inc. | |||
27 November 2023 | March 2024 | |||
Redacted Fields in the Registration Data Access Protocol (RDAP) Response | Redacted Fields in the Registration Data Access Protocol (RDAP) Response | |||
draft-ietf-regext-rdap-redacted-16 | ||||
Abstract | Abstract | |||
This document describes an RDAP extension for specifying methods of | This document describes a Registration Data Access Protocol (RDAP) | |||
redaction of RDAP responses and explicitly identifying redacted RDAP | extension for specifying methods of redaction of RDAP responses and | |||
response fields, using JSONPath as the default expression language. | explicitly identifying redacted RDAP response fields, using JSONPath | |||
as the default expression language. | ||||
Status of This Memo | Status of This Memo | |||
This Internet-Draft is submitted in full conformance with the | This is an Internet Standards Track document. | |||
provisions of BCP 78 and BCP 79. | ||||
Internet-Drafts are working documents of the Internet Engineering | ||||
Task Force (IETF). Note that other groups may also distribute | ||||
working documents as Internet-Drafts. The list of current Internet- | ||||
Drafts is at https://datatracker.ietf.org/drafts/current/. | ||||
Internet-Drafts are draft documents valid for a maximum of six months | This document is a product of the Internet Engineering Task Force | |||
and may be updated, replaced, or obsoleted by other documents at any | (IETF). It represents the consensus of the IETF community. It has | |||
time. It is inappropriate to use Internet-Drafts as reference | received public review and has been approved for publication by the | |||
material or to cite them other than as "work in progress." | Internet Engineering Steering Group (IESG). Further information on | |||
Internet Standards is available in Section 2 of RFC 7841. | ||||
This Internet-Draft will expire on 30 May 2024. | Information about the current status of this document, any errata, | |||
and how to provide feedback on it may be obtained at | ||||
https://www.rfc-editor.org/info/rfc9537. | ||||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2023 IETF Trust and the persons identified as the | Copyright (c) 2024 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents | |||
license-info) in effect on the date of publication of this document. | (https://trustee.ietf.org/license-info) in effect on the date of | |||
Please review these documents carefully, as they describe your rights | publication of this document. Please review these documents | |||
and restrictions with respect to this document. Code Components | carefully, as they describe your rights and restrictions with respect | |||
extracted from this document must include Revised BSD License text as | to this document. Code Components extracted from this document must | |||
described in Section 4.e of the Trust Legal Provisions and are | include Revised BSD License text as described in Section 4.e of the | |||
provided without warranty as described in the Revised BSD License. | Trust Legal Provisions and are provided without warranty as described | |||
in the Revised BSD License. | ||||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction | |||
2. Conventions Used in This Document . . . . . . . . . . . . . . 3 | 2. Conventions Used in This Document | |||
3. Redaction Methods . . . . . . . . . . . . . . . . . . . . . . 4 | 3. Redaction Methods | |||
3.1. Redaction by Removal Method . . . . . . . . . . . . . . . 4 | 3.1. Redaction by Removal Method | |||
3.2. Redaction by Empty Value Method . . . . . . . . . . . . . 5 | 3.2. Redaction by Empty Value Method | |||
3.3. Redaction by Partial Value Method . . . . . . . . . . . . 6 | 3.3. Redaction by Partial Value Method | |||
3.4. Redaction by Replacement Value Method . . . . . . . . . . 7 | 3.4. Redaction by Replacement Value Method | |||
4. Redacted RDAP Response . . . . . . . . . . . . . . . . . . . 9 | 4. Redacted RDAP Response | |||
4.1. RDAP Conformance . . . . . . . . . . . . . . . . . . . . 9 | 4.1. RDAP Conformance | |||
4.2. "redacted" Member . . . . . . . . . . . . . . . . . . . . 9 | 4.2. "redacted" Member | |||
5. JSONPath Considerations . . . . . . . . . . . . . . . . . . . 31 | 5. JSONPath Considerations | |||
5.1. JSONPath Client Considerations . . . . . . . . . . . . . 31 | 5.1. JSONPath Client Considerations | |||
5.2. JSONPath Server Considerations . . . . . . . . . . . . . 32 | 5.2. JSONPath Server Considerations | |||
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 | 6. IANA Considerations | |||
6.1. RDAP Extensions Registry . . . . . . . . . . . . . . . . 33 | 6.1. RDAP Extensions Registry | |||
6.2. RDAP JSON Values Registry . . . . . . . . . . . . . . . . 33 | 6.2. RDAP JSON Values Registry | |||
7. Implementation Status . . . . . . . . . . . . . . . . . . . . 34 | 7. Security Considerations | |||
7.1. IIT-CNR/Registro.it RDAP Server . . . . . . . . . . . . . 34 | 8. References | |||
8. Security Considerations . . . . . . . . . . . . . . . . . . . 35 | 8.1. Normative References | |||
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 35 | 8.2. Informative References | |||
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 35 | Acknowledgements | |||
10.1. Informative References . . . . . . . . . . . . . . . . . 35 | Authors' Addresses | |||
10.2. Normative References . . . . . . . . . . . . . . . . . . 35 | ||||
Appendix A. Change History . . . . . . . . . . . . . . . . . . . 36 | ||||
A.1. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 36 | ||||
A.2. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 37 | ||||
A.3. Change from 02 to 03 . . . . . . . . . . . . . . . . . . 38 | ||||
A.4. Change from 03 to 04 . . . . . . . . . . . . . . . . . . 38 | ||||
A.5. Change from 04 to 05 . . . . . . . . . . . . . . . . . . 38 | ||||
A.6. Change from 05 to 06 . . . . . . . . . . . . . . . . . . 38 | ||||
A.7. Change from 06 to 07 . . . . . . . . . . . . . . . . . . 38 | ||||
A.8. Change from 07 to 08 . . . . . . . . . . . . . . . . . . 39 | ||||
A.9. Change from 08 to 09 . . . . . . . . . . . . . . . . . . 39 | ||||
A.10. Change from 09 to 10 . . . . . . . . . . . . . . . . . . 39 | ||||
A.11. Change from 10 to 11 . . . . . . . . . . . . . . . . . . 40 | ||||
A.12. Change from 11 to 12 . . . . . . . . . . . . . . . . . . 40 | ||||
A.13. Change from 12 to 13 . . . . . . . . . . . . . . . . . . 41 | ||||
A.14. Change from 13 to 14 . . . . . . . . . . . . . . . . . . 41 | ||||
A.15. Change from 14 to 15 . . . . . . . . . . . . . . . . . . 42 | ||||
A.16. Change from 15 to 16 . . . . . . . . . . . . . . . . . . 42 | ||||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 42 | ||||
1. Introduction | 1. Introduction | |||
This document describes an RDAP extension for specifying methods of | This document describes an RDAP extension for specifying methods of | |||
redaction of RDAP responses and explicitly identifying redacted RDAP | redaction of RDAP responses and explicitly identifying redacted RDAP | |||
response fields, using JSONPath as the default expression language. | response fields, using JSONPath as the default expression language. | |||
A redacted RDAP field is one that has data removed or replaced in the | A redacted RDAP field is one that has data removed or replaced in the | |||
RDAP response due to server policy, such as the lack of client | RDAP response due to server policy, such as the lack of client | |||
privilege to receive the field. This extension can be used to | privilege to receive the field. This extension can be used to | |||
identify redacted RDAP fields in any RDAP object class, as defined in | identify redacted RDAP fields in any RDAP object class, as defined in | |||
[RFC9083], or RDAP fields defined in RDAP extensions. Because an | [RFC9083], or RDAP fields defined in RDAP extensions. Because an | |||
RDAP response may exclude a field due to either the lack of data or | RDAP response may exclude a field due to either the lack of data or | |||
based on the lack of RDAP client privileges, this extension is used | the lack of RDAP client privileges, this extension is used to | |||
to explicitly specify which RDAP fields are not included in the RDAP | explicitly specify which RDAP fields are not included in the RDAP | |||
response due to redaction. It thereby provides a capability for | response due to redaction. It thereby provides a capability for | |||
disambiguation between redaction and possible other reasons for data | disambiguation between redaction and other possible reasons for data | |||
or field absence. | or field absence. | |||
In [RFC9082] RDAP supports both lookup and search queries, where a | In [RFC9082], RDAP supports both lookup and search queries, where a | |||
lookup query responds with a single object and a search query | lookup query responds with a single object and a search query | |||
responds with a list of objects. This document applies to redaction | responds with a list of objects. This document applies to redaction | |||
of a single object of a lookup response and in each of the objects of | of a single object of a lookup response and in each of the objects of | |||
a search response. | a search response. | |||
JSONPath, as defined in [I-D.ietf-jsonpath-base], is used as the | JSONPath, as defined in [RFC9535], is used as the default expression | |||
default expression language to reference RDAP fields that have been | language to reference RDAP fields that have been redacted. The | |||
redacted. The redacted JSON fields will either be removed, have | redacted JSON fields will be removed, have empty values, have partial | |||
empty values, have partial values, or be replaced in the RDAP | values, or be replaced in the RDAP response. JSON is defined by | |||
response. JSON is defined by [RFC8259]. | [RFC8259]. | |||
2. Conventions Used in This Document | 2. Conventions Used in This Document | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
"OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in | |||
14 [RFC2119] [RFC8174] when, and only when, they appear in all | BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
capitals, as shown here. | capitals, as shown here. | |||
The JSON examples include extra line breaks and whitespace. For | The JSON examples include extra line breaks and whitespace. For | |||
instance, the JSONPath expressions are broken out into multiple lines | instance, the JSONPath expressions are broken out into multiple lines | |||
when required for illustration. | when required for illustration. | |||
The JSONPath expressions in the examples are for illustration | The JSONPath expressions in the examples are for illustration | |||
purposes with single-role entities and the exact expressions to use | purposes with single-role entities, and the exact expressions to use | |||
by the server is out-of-scope. | by the server is out of scope. | |||
3. Redaction Methods | 3. Redaction Methods | |||
Redaction in RDAP can be handled in multiple ways. Redaction in RDAP | Redaction in RDAP can be handled in multiple ways. The resulting | |||
can be handled in multiple ways. The resulting redacted RDAP | redacted RDAP response MUST comply with the format defined in the | |||
response MUST comply with the format defined in the RDAP RFCs with | RDAP RFCs, such as [RFC9083] and updates. The use of placeholder | |||
the RDAP RFCs, such as [RFC9083] and updates. The use of placeholder | text for the values of the RDAP fields, such as "XXXX", MUST NOT be | |||
text for the values of the RDAP fields, such as the placeholder text | used for redaction, since the placeholder text value may not match | |||
"XXXX", MUST NOT be used for redaction, since the placeholder text | the format requirements of each of the RDAP fields, which could | |||
value may not match the format requirements of each of the RDAP | provide an inconsistent and unreliable redaction signal. This | |||
fields and provides an inconsistent and unreliable redaction signal. | section covers the redaction methods that can be used with the | |||
This section covers the redaction methods that can be used with the | ||||
redaction signaling defined in Section 4.2. | redaction signaling defined in Section 4.2. | |||
RDAP responses, as defined in [RFC9083], include a mix of JSON | RDAP responses, as defined in [RFC9083], include a mix of JSON | |||
objects and JSON arrays, where JSON arrays are heavily used for | objects and JSON arrays, where JSON arrays are heavily used for | |||
entity objects with jCard [RFC7095]. jCard [RFC7095] is a JSON | entity objects with jCard [RFC7095]. jCard [RFC7095] is a JSON | |||
representation of vCard [RFC6350] that inherits its dependency on | representation of vCard [RFC6350] that inherits its dependency on | |||
arrays. An example is the vCard [RFC6350] "ADR" property / jCard | arrays. An example is the vCard [RFC6350] "ADR" property / jCard | |||
[RFC7095] "adr" property that defines a sequence of address | [RFC7095] "adr" property, which defines a sequence of address | |||
components. According to [RFC6350], when an "ADR" property component | components. According to [RFC6350], when an "ADR" property component | |||
value is missing, the associated component separator MUST still be | value is missing, the associated component separator MUST still be | |||
specified. jCard [RFC7095] extends the use of arrays with each | specified. jCard [RFC7095] extends the use of arrays with each | |||
individual vCard property being represented by an array of three | individual vCard property being represented by an array of three | |||
fixed elements, followed by one or more additional elements. The mix | fixed elements, followed by one or more additional elements. The mix | |||
of JSON objects and JSON arrays impacts the methods used for | of JSON objects and JSON arrays impacts the methods used for | |||
redaction in RDAP. | redaction in RDAP. | |||
The redaction of RDAP fields fall into the four categories defined in | The redaction of RDAP fields fall into the four categories defined in | |||
the following sub-sections. | the following subsections. | |||
3.1. Redaction by Removal Method | 3.1. Redaction by Removal Method | |||
The Redaction by Removal Method is when the RDAP field is removed | The Redaction by Removal Method is when the RDAP field is removed | |||
from the RDAP response, which is the default method. The Redaction | from the RDAP response, which is the default method. The Redaction | |||
by Removal Method can be done for all RDAP response fields other than | by Removal Method can be done for all RDAP response fields except for | |||
response fields using the position in an array to signal the redacted | response fields using the position in an array to signal the redacted | |||
field (e.g., the JSON arrays used with jCard [RFC7095]). RDAP | field (e.g., the JSON arrays used with jCard [RFC7095]). RDAP | |||
extensions such as JSContact in Registration Data Access Protocol | extensions, such as the one described in "Using JSContact in | |||
(RDAP) JSON Responses [I-D.ietf-regext-rdap-jscontact] do not have a | Registration Data Access Protocol (RDAP) JSON Responses" | |||
dependency on the use of positional JSON arrays and are therefore | [RDAP-JSCONTACT], do not have a dependency on the use of positional | |||
suited for the Redaction by Removal Method. | JSON arrays and are therefore suited for the Redaction by Removal | |||
Method. | ||||
When an RDAP object is redacted by removal, all of the RDAP object's | When an RDAP object is redacted by removal, all of the RDAP object's | |||
child fields are also removed. Only the redacted RDAP object needs | child fields are also removed. Only the redacted RDAP object needs | |||
to be referenced in the list of redacted fields, as defined in | to be referenced in the list of redacted fields, as defined in | |||
Section 4.2. | Section 4.2. | |||
An example of redacting an RDAP object is removing the administrative | An example of redacting an RDAP object is removing the administrative | |||
contact from the RDAP response and including the following "redacted" | contact from the RDAP response and including the following "redacted" | |||
member: | member: | |||
skipping to change at page 5, line 30 ¶ | skipping to change at line 190 ¶ | |||
The Redaction by Removal Method MUST NOT be used to remove an element | The Redaction by Removal Method MUST NOT be used to remove an element | |||
of an array where the position of the element in the array determines | of an array where the position of the element in the array determines | |||
semantic meaning. For example, removal of an individual data field | semantic meaning. For example, removal of an individual data field | |||
in jCard [RFC7095] will result in a non-conformant jCard [RFC7095] | in jCard [RFC7095] will result in a non-conformant jCard [RFC7095] | |||
array definition. | array definition. | |||
3.2. Redaction by Empty Value Method | 3.2. Redaction by Empty Value Method | |||
The Redaction by Empty Value Method is when a redacted field is not | The Redaction by Empty Value Method is when a redacted field is not | |||
removed, but its value is set to an empty value, such as "" for a | removed but its value is set to an empty value, such as "" for a | |||
jCard [RFC7095] Text ("text") property or null for a non-Text | jCard [RFC7095] Text ("text") property or null for a non-Text | |||
property. The empty jCard [RFC7095] values ("" or null) are | property. The empty jCard [RFC7095] values ("" or null) are | |||
referenced in the "redacted" member in place of the jCard [RFC7095] | referenced in the "redacted" member in place of the jCard [RFC7095] | |||
property name in a array, such as referencing the "fn" jCard | property name in an array, such as referencing the "fn" jCard | |||
[RFC7095] property value at position 3 instead of referencing the | [RFC7095] property value at position 3 instead of referencing the | |||
"fn" jCard property name at position 0. The Redaction by Empty Value | "fn" jCard property name at position 0. The Redaction by Empty Value | |||
Method MUST be used only when redacting JSON response fields that use | Method MUST be used only when redacting JSON response fields that use | |||
the position in an array to signal the redacted field (e.g., jCard | the position in an array to signal the redacted field (e.g., jCard | |||
[RFC7095] arrays). Optional jCard [RFC7095] properties MUST use the | [RFC7095] arrays). Optional jCard [RFC7095] properties MUST use the | |||
Redaction by Removal Method (Section 3.1) to redact the entire | Redaction by Removal Method (Section 3.1) to redact the entire | |||
property. The required jCard [RFC7095] "fn" property, defined in | property. The required jCard [RFC7095] "fn" property, defined in | |||
section 6.2.1 of vCard [RFC6350], MUST use the Redaction by Empty | Section 6.2.1 of vCard [RFC6350], MUST use the Redaction by Empty | |||
Value Method to redact the property value. Removing the "fn" | Value Method to redact the property value. Removing the "fn" | |||
property would violate vCard [RFC6350] and removing the property | property would violate vCard [RFC6350], and removing the property | |||
value would violate the fixed array positions defined in jCard | value would violate the fixed array positions defined in jCard | |||
[RFC7095]. | [RFC7095]. | |||
An example of the redacted "fn" jCard property using the Redaction by | An example of the redacted "fn" jCard property using the Redaction by | |||
Empty Value Method: | Empty Value Method: | |||
[ | [ | |||
"fn", | "fn", | |||
{}, | {}, | |||
"text", | "text", | |||
"" | "" | |||
] | ] | |||
Figure 2: Redacted "fn" jCard property using Redaction by Empty | Figure 2: Redacted "fn" jCard Property Using the Redaction by | |||
Value Method | Empty Value Method | |||
An example of the "redacted" member for the redacted "fn" jCard | An example of the "redacted" member for the redacted "fn" jCard | |||
property value, which is array position 3: | property value, which is array position 3: | |||
"redacted": [ | "redacted": [ | |||
{ | { | |||
"name": { | "name": { | |||
"description": "Registrant Name" | "description": "Registrant Name" | |||
}, | }, | |||
"postPath": "$.entities[?(@.roles[0]=='registrant')]. | "postPath": "$.entities[?(@.roles[0]=='registrant')]. | |||
vcardArray[1][?(@[0]=='fn')][3]", | vcardArray[1][?(@[0]=='fn')][3]", | |||
"pathLang": "jsonpath", | "pathLang": "jsonpath", | |||
"method": "emptyValue", | "method": "emptyValue", | |||
"reason": { | "reason": { | |||
"description": "Server policy" | "description": "Server policy" | |||
} | } | |||
} | } | |||
] | ] | |||
Figure 3: Redacted Registrant Name using Array Position | Figure 3: Redacted Registrant Name Using an Array Position | |||
3.3. Redaction by Partial Value Method | 3.3. Redaction by Partial Value Method | |||
The Redaction by Partial Value Method is when a redacted field is not | The Redaction by Partial Value Method is when a redacted field is not | |||
removed, but its value has a portion of the data removed, such as for | removed but its value has a portion of the data removed, such as for | |||
the "label" or "fn" jCard [RFC7095] properties. The partial values | the "label" or "fn" jCard [RFC7095] properties. The partial values | |||
are referenced in the "redacted" member in place of the property name | are referenced in the "redacted" member in place of the property name | |||
in a array, such as referencing the "fn" jCard [RFC7095] property | in an array, such as referencing the "fn" jCard [RFC7095] property | |||
value at position 3 instead of referencing the "fn" jCard property | value at position 3 instead of referencing the "fn" jCard property | |||
name at position 0. The Redaction by Partial Value Method SHOULD be | name at position 0. The Redaction by Partial Value Method SHOULD be | |||
used only when redacting JSON response fields that use a formatted | used only when redacting JSON response fields that use a formatted | |||
value, where a portion of the value is removed. | value, where a portion of the value is removed. | |||
An example of the "label" jCard property in Figure 15 of [RFC7095] | An example of the "label" jCard property in Figure 15 of [RFC7095] | |||
that redacts "123 Maple Ave\nSuite 901\n": | that redacts "123 Maple Ave\nSuite 901\n": | |||
["adr", | ["adr", | |||
{ | { | |||
"type":"home", | "type":"home", | |||
"label":"Vancouver\nBC\n1239\n" | "label":"Vancouver\nBC\n1239\n" | |||
}, | }, | |||
"text", | "text", | |||
[ | [ | |||
"", "", "", "", "", "", "" | "", "", "", "", "", "", "" | |||
] | ] | |||
] | ] | |||
Figure 4: Redacted "label" jCard property | Figure 4: Redacted "label" jCard Property | |||
An example of the "redacted" member for the redacted "label" jCard | An example of the "redacted" member for the redacted "label" jCard | |||
property value, based on Figure 15 of [RFC7095]: | property value, based on Figure 15 of [RFC7095]: | |||
"redacted": [ | "redacted": [ | |||
{ | { | |||
"name": { | "name": { | |||
"description": "Home Address Label" | "description": "Home Address Label" | |||
}, | }, | |||
"postPath": "$.vcardArray[1][?(@[0]=='adr')][1].label", | "postPath": "$.vcardArray[1][?(@[0]=='adr')][1].label", | |||
"pathLang": "jsonpath", | "pathLang": "jsonpath", | |||
"method": "partialValue", | "method": "partialValue", | |||
"reason": { | "reason": { | |||
"description": "Server policy" | "description": "Server policy" | |||
} | } | |||
} | } | |||
] | ] | |||
Figure 5: Redacted Label using the Redaction by Partial Value Method | Figure 5: Redacted Label Using the Redaction by Partial Value Method | |||
3.4. Redaction by Replacement Value Method | 3.4. Redaction by Replacement Value Method | |||
The Redaction by Replacement Value Method is when a redacted field is | The Redaction by Replacement Value Method is when a redacted field is | |||
not removed, but its value is replaced with a different value, such | not removed but its value is replaced with a different value, such as | |||
as protecting the "email" jCard [RFC7095] property value with an | protecting the "email" jCard [RFC7095] property value with an | |||
anonymized email "text" value or the use of an alternative "uri" | anonymized email "text" value or the use of an alternative "uri" | |||
value to a web form. Replacing a property value is a form of | value to a web form. Replacing a property value is a form of | |||
redaction, since it protects the true property value for privacy | redaction, since it protects the true property value for privacy | |||
reasons. | reasons. | |||
An example of the redacted "email" jCard property using the Redaction | An example of the redacted "email" jCard property using the Redaction | |||
by Replacement Value Method with an anonymized email: | by Replacement Value Method with an anonymized email: | |||
[ | [ | |||
"email", | "email", | |||
{}, | {}, | |||
"text", | "text", | |||
"anonymized123@example.com" | "anonymized123@example.com" | |||
] | ] | |||
Figure 6: Redacted "email" jCard property using Redaction by | Figure 6: Redacted "email" jCard Property Using the Redaction by | |||
Replacement Value Method with an anonymized email | Replacement Value Method with an Anonymized Email | |||
An example of the "redacted" member for the redacted registrant | An example of the "redacted" member for the redacted registrant | |||
"email" jCard property value with an anonymized "text" value. | "email" jCard property value with an anonymized "text" value: | |||
"redacted": [ | "redacted": [ | |||
{ | { | |||
"name": { | "name": { | |||
"description": "Registrant Email" | "description": "Registrant Email" | |||
}, | }, | |||
"postPath": "$.entities[?(@.roles[0]=='registrant')]. | "postPath": "$.entities[?(@.roles[0]=='registrant')]. | |||
vcardArray[1][?(@[0]=='email')][3]", | vcardArray[1][?(@[0]=='email')][3]", | |||
"pathLang": "jsonpath", | "pathLang": "jsonpath", | |||
"method": "replacementValue", | "method": "replacementValue", | |||
} | } | |||
] | ] | |||
Figure 7: Redacted Email using Replacement Value with an | Figure 7: Redacted Email Using a Replacement Value with an | |||
anonymized "text" value | Anonymized "text" Value | |||
An example of the redacted "email" jCard property using the Redaction | An example of the redacted "email" jCard property using the Redaction | |||
by Replacement Value Method with a [RFC8605] "contact-uri" jCard | by Replacement Value Method with a "contact-uri" [RFC8605] jCard | |||
property to a web form: | property to a web form: | |||
[ | [ | |||
"contact-uri", | "contact-uri", | |||
{}, | {}, | |||
"uri", | "uri", | |||
"https://email.example.com/123" | "https://email.example.com/123" | |||
] | ] | |||
Figure 8: Redacted "email" jCard property using Redaction by | Figure 8: Redacted "email" jCard Property Using the Redaction by | |||
Replacement Value Method with a "contact-uri" jCard property to a | Replacement Value Method with a "contact-uri" jCard Property to a | |||
web form | Web Form | |||
An example of the "redacted" member for the redacted registrant | An example of the "redacted" member for the redacted registrant | |||
"email" jCard property with a [RFC8605] "contact-uri" jCard property | "email" jCard property with a "contact-uri" [RFC8605] jCard property | |||
to a web form: | to a web form: | |||
"redacted": [ | "redacted": [ | |||
{ | { | |||
"name": { | "name": { | |||
"description": "Registrant Email" | "description": "Registrant Email" | |||
}, | }, | |||
"prePath": "$.entities[?(@.roles[0]=='registrant')]. | "prePath": "$.entities[?(@.roles[0]=='registrant')]. | |||
vcardArray[1][?(@[0]=='email')]", | vcardArray[1][?(@[0]=='email')]", | |||
"replacementPath": "$.entities[?(@.roles[0]=='registrant')]. | "replacementPath": "$.entities[?(@.roles[0]=='registrant')]. | |||
vcardArray[1][?(@[0]=='contact-uri')]", | vcardArray[1][?(@[0]=='contact-uri')]", | |||
"pathLang": "jsonpath", | "pathLang": "jsonpath", | |||
"method": "replacementValue", | "method": "replacementValue", | |||
} | } | |||
] | ] | |||
Figure 9: Redacted Email using Replacement Value with a "contact- | Figure 9: Redacted Email Using a Replacement Value with a | |||
uri" jCard property to a web form | "contact-uri" jCard Property to a Web Form | |||
4. Redacted RDAP Response | 4. Redacted RDAP Response | |||
4.1. RDAP Conformance | 4.1. RDAP Conformance | |||
RDAP responses that contain values described in this document MUST | RDAP responses that contain values described in this document MUST | |||
indicate conformance with this specification by including an | indicate conformance with this specification by including an | |||
"rdapConformance" ([RFC9083]) value of "redacted". The "redacted" | "rdapConformance" [RFC9083] value of "redacted". The "redacted" | |||
extension identifier is described in Section 6.1. | extension identifier is described in Section 6.1. | |||
Example "rdapConformance" member with the redacted extension: | Example "rdapConformance" member with the redacted extension: | |||
"rdapConformance": [ | "rdapConformance": [ | |||
"rdap_level_0", | "rdap_level_0", | |||
"redacted" | "redacted" | |||
] | ] | |||
Figure 10: "rdapConformance" with Redacted Extension | Figure 10: "rdapConformance" with Redacted Extension | |||
4.2. "redacted" Member | 4.2. "redacted" Member | |||
The "redacted" member MUST be added to the RDAP response when there | The "redacted" member MUST be added to the RDAP response when there | |||
is one or more redacted fields. The "redacted" member is included as | is one or more redacted fields. The "redacted" member is included as | |||
a member of the object instance in a lookup response, such as the | a member of the object instance in a lookup response, such as the | |||
object classes defined in [RFC9083], and as a member of the object | object classes defined in [RFC9083], and as a member of the object | |||
instances in a search response. | instances in a search response. | |||
The server including a redacted signal provides an unauthorized | The server, including a redacted signal, provides an unauthorized | |||
client additional information related to the existence of data and | client additional information related to the existence of data and | |||
MAY exclude the redacted members for RDAP fields that are considered | MAY exclude the redacted members for RDAP fields that are considered | |||
a privacy issue in providing a data existence signal. The server MAY | a privacy issue in providing a data existence signal. The server MAY | |||
choose to publish a redaction policy describing how this extension is | choose to publish a redaction policy describing how this extension is | |||
implemented for their constituency. The contents of such a policy | implemented for their constituency. The contents of such a policy | |||
are outside the scope of this specification. | are outside the scope of this specification. | |||
The "redacted" member contains an array of objects with the following | The "redacted" member contains an array of objects with the following | |||
child members: | child members: | |||
skipping to change at page 10, line 27 ¶ | skipping to change at line 413 ¶ | |||
name used for the redacted field is up to server policy. The | name used for the redacted field is up to server policy. The | |||
logical name is defined using an object with a "type" field | logical name is defined using an object with a "type" field | |||
denoting a registered redacted name (see Section 6.2) or a | denoting a registered redacted name (see Section 6.2) or a | |||
"description" field denoting an unregistered redacted name. The | "description" field denoting an unregistered redacted name. The | |||
registered redacted names and the chosen unregistered names can | registered redacted names and the chosen unregistered names can | |||
meet the needs of different RDAP services or industries. | meet the needs of different RDAP services or industries. | |||
"prePath": OPTIONAL JSON path expression referencing a redacted JSON | "prePath": OPTIONAL JSON path expression referencing a redacted JSON | |||
field in the pre-redacted response. The "prePath" member MAY be | field in the pre-redacted response. The "prePath" member MAY be | |||
set when the redacted field does not exist in the redacted | set when the redacted field does not exist in the redacted | |||
response for the Redaction By Removal Method (Section 3.1) and | response for the Redaction by Removal Method (Section 3.1) and | |||
the Redaction by Replacement Value Method (Section 3.4). The | the Redaction by Replacement Value Method (Section 3.4). The | |||
"prePath" member MUST NOT be set when the "postPath" member is | "prePath" member MUST NOT be set when the "postPath" member is | |||
set. | set. | |||
"postPath": OPTIONAL JSON path expression referencing a redacted | "postPath": OPTIONAL JSON path expression referencing a redacted | |||
JSON field in the redacted (post-redacted) response. The | JSON field in the redacted (post-redacted) response. The | |||
"postPath" member MUST be set when the redacted field does exist | "postPath" member MUST be set when the redacted field does exist | |||
in the redacted response for the Redaction by Empty Value Method | in the redacted response for the Redaction by Empty Value Method | |||
(Section 3.2), the Redaction by Partial Value Method | (Section 3.2), the Redaction by Partial Value Method | |||
(Section 3.3), and the Redaction by Replacement Value Method | (Section 3.3), and the Redaction by Replacement Value Method | |||
(Section 3.4). The "postPath" member MUST NOT be set when the | (Section 3.4). The "postPath" member MUST NOT be set when the | |||
"prePath" member is set. | "prePath" member is set. | |||
"replacementPath": OPTIONAL JSON path expression of the replacement | "replacementPath": OPTIONAL JSON path expression of the replacement | |||
field of the redacted field with the Redaction by Replacement | field of the redacted field with the Redaction by Replacement | |||
Value Method (Section 3.4), using the expression language defined | Value Method (Section 3.4), using the expression language defined | |||
by the "pathLang" member. | by the "pathLang" member. | |||
"pathLang": OPTIONAL JSON path expression language used, with the | "pathLang": OPTIONAL JSON path expression language used, with the | |||
default value of "jsonpath" for JSONPath | default value of "jsonpath" for JSONPath [RFC9535]. Other JSON | |||
([I-D.ietf-jsonpath-base]). Other JSON path expression languages | path expression languages registered with the "redacted | |||
registered with the "redacted expression language" RDAP JSON | expression language" Type in the "RDAP JSON Values" registry MAY | |||
Values Registry Type MAY be used based on server policy. | be used based on server policy. | |||
"method": OPTIONAL redaction method used; with one of the following | "method": OPTIONAL redaction method used, with one of the following | |||
values: | values: | |||
* "removal" indicating the Redaction By Removal Method | * "removal" indicating the Redaction by Removal Method | |||
(Section 3.1), | (Section 3.1), | |||
* "emptyValue" indicating the Redaction by Empty Value Method | * "emptyValue" indicating the Redaction by Empty Value Method | |||
(Section 3.2), or | (Section 3.2), | |||
* "partialValue" indicating the Redaction by Partial Value | * "partialValue" indicating the Redaction by Partial Value | |||
Method (Section 3.3), or | Method (Section 3.3), or | |||
* "replacementValue" indicating the Redaction by Replacement | * "replacementValue" indicating the Redaction by Replacement | |||
Value Method. (Section 3.4) | Value Method (Section 3.4). | |||
The default value is "removal" when not provided. | The default value is "removal" when not provided. | |||
"reason": OPTIONAL human readable reason(s) for the redacted field | "reason": OPTIONAL human-readable reason(s) for the redacted field | |||
in the language defined by the [RFC9083] "lang" member. The | in the language defined by the "lang" [RFC9083] member. The | |||
default language is "en" if the [RFC9083] "lang" member is not | default language is "en" if the "lang" [RFC9083] member is not | |||
specified. The reason is defined using an object with an | specified. The reason is defined using an object with an | |||
OPTIONAL "type" field denoting a registered redacted reason (see | OPTIONAL "type" field denoting a registered redacted reason (see | |||
see Section 6.2) and an OPTIONAL "description" field denoting an | Section 6.2) and an OPTIONAL "description" field denoting an | |||
unregistered redacted reason. The "description" field MUST NOT | unregistered redacted reason. The "description" field MUST NOT | |||
be a client processing dependency. | be a client processing dependency. | |||
Example unredacted version of an RDAP lookup response: | Example of the unredacted version of an RDAP lookup response: | |||
{ | { | |||
"rdapConformance": [ | "rdapConformance": [ | |||
"rdap_level_0" | "rdap_level_0" | |||
], | ], | |||
"objectClassName": "domain", | "objectClassName": "domain", | |||
"handle": "ABC123", | "handle": "ABC123", | |||
"ldhName": "example.com", | "ldhName": "example.com", | |||
"secureDNS": { | "secureDNS": { | |||
"delegationSigned": false | "delegationSigned": false | |||
skipping to change at page 19, line 42 ¶ | skipping to change at line 861 ¶ | |||
"status": [ | "status": [ | |||
"server delete prohibited", | "server delete prohibited", | |||
"server update prohibited", | "server update prohibited", | |||
"server transfer prohibited", | "server transfer prohibited", | |||
"client transfer prohibited" | "client transfer prohibited" | |||
] | ] | |||
} | } | |||
Figure 11: Unredacted RDAP Lookup Response | Figure 11: Unredacted RDAP Lookup Response | |||
Example redacted version of an RDAP lookup response: | Example of the redacted version of an RDAP lookup response: | |||
{ | { | |||
"rdapConformance": [ | "rdapConformance": [ | |||
"rdap_level_0", | "rdap_level_0", | |||
"redacted" | "redacted" | |||
], | ], | |||
"objectClassName": "domain", | "objectClassName": "domain", | |||
"ldhName": "example.com", | "ldhName": "example.com", | |||
"secureDNS": { | "secureDNS": { | |||
"delegationSigned": false | "delegationSigned": false | |||
skipping to change at page 28, line 19 ¶ | skipping to change at line 1270 ¶ | |||
"method": "removal", | "method": "removal", | |||
"reason": { | "reason": { | |||
"description": "Refer to the registrant contact" | "description": "Refer to the registrant contact" | |||
} | } | |||
} | } | |||
] | ] | |||
} | } | |||
Figure 12: Redacted RDAP Lookup Response | Figure 12: Redacted RDAP Lookup Response | |||
Example unredacted version of an RDAP search response: | Example of the unredacted version of an RDAP search response: | |||
{ | { | |||
"rdapConformance": [ | "rdapConformance": [ | |||
"rdap_level_0" | "rdap_level_0" | |||
], | ], | |||
"domainSearchResults":[ | "domainSearchResults":[ | |||
{ | { | |||
"objectClassName": "domain", | "objectClassName": "domain", | |||
"handle": "ABC121", | "handle": "ABC121", | |||
"ldhName": "example1.com", | "ldhName": "example1.com", | |||
skipping to change at page 30, line 5 ¶ | skipping to change at line 1320 ¶ | |||
"href":"https://example.com/rdap/domain/example2.com", | "href":"https://example.com/rdap/domain/example2.com", | |||
"type":"application/rdap+json" | "type":"application/rdap+json" | |||
} | } | |||
] | ] | |||
} | } | |||
] | ] | |||
} | } | |||
Figure 13: Unredacted RDAP Search Response | Figure 13: Unredacted RDAP Search Response | |||
Example redacted version of an RDAP search response: | Example of the redacted version of an RDAP search response: | |||
{ | { | |||
"rdapConformance": [ | "rdapConformance": [ | |||
"rdap_level_0", | "rdap_level_0", | |||
"redacted" | "redacted" | |||
], | ], | |||
"domainSearchResults":[ | "domainSearchResults":[ | |||
{ | { | |||
"objectClassName": "domain", | "objectClassName": "domain", | |||
"ldhName": "example1.com", | "ldhName": "example1.com", | |||
skipping to change at page 31, line 34 ¶ | skipping to change at line 1397 ¶ | |||
} | } | |||
] | ] | |||
} | } | |||
] | ] | |||
} | } | |||
Figure 14: Redacted RDAP Search Response | Figure 14: Redacted RDAP Search Response | |||
5. JSONPath Considerations | 5. JSONPath Considerations | |||
JSONPath [I-D.ietf-jsonpath-base] is the default JSON path expression | JSONPath [RFC9535] is the default JSON path expression language. | |||
language. This section includes JSONPath considerations for clients | This section includes JSONPath considerations for clients and | |||
and servers. | servers. | |||
5.1. JSONPath Client Considerations | 5.1. JSONPath Client Considerations | |||
This section covers considerations for clients that receive responses | This section covers considerations for clients that receive responses | |||
from servers using [I-D.ietf-jsonpath-base] to identify redacted RDAP | from servers using JSONPath [RFC9535] to identify redacted RDAP | |||
fields with the "prePath" or "postPath" member of redacted objects in | fields with the "prePath" or "postPath" member of redacted objects in | |||
the "redacted" member. The list of JSONPath client considerations | the "redacted" member. The list of JSONPath client considerations | |||
include: | include: | |||
1. When the server is using the Redaction By Removal Method | 1. When the server is using the Redaction by Removal Method | |||
(Section 3.1) or the Redaction by Replacement Value Method | (Section 3.1) or the Redaction by Replacement Value Method | |||
(Section 3.4) with an alternative field value, the JSONPath | (Section 3.4) with an alternative field value, the JSONPath | |||
expression of the "prePath" member will not resolve successfully | expression of the "prePath" member will not resolve successfully | |||
with the redacted response. The client can key off the "name" | with the redacted response. The client can key off the "name" | |||
member for display logic related to the redaction. | member for display logic related to the redaction. | |||
5.2. JSONPath Server Considerations | 5.2. JSONPath Server Considerations | |||
This section covers considerations for servers using | This section covers considerations for servers using JSONPath | |||
[I-D.ietf-jsonpath-base] to identify redacted RDAP fields with the | [RFC9535] to identify redacted RDAP fields with the "prePath" or | |||
"prePath" or "postPath" member of redacted objects in the "redacted" | "postPath" member of redacted objects in the "redacted" member. The | |||
member. The list of JSONPath considerations include: | list of JSONPath considerations include: | |||
1. Use absolute paths with the '$' JSONPath element. An example is | 1. Use absolute paths with the '$' JSONPath element. An example is | |||
"$.handle" for the "Registry Domain ID" in a lookup response or | "$.handle" for the "Registry Domain ID" in a lookup response or | |||
"$.domainSearchResults[0].handle" in a search response. | "$.domainSearchResults[0].handle" in a search response. | |||
2. Validate a JSONPath expression with the non-redacted RDAP | 2. Validate a JSONPath expression with the non-redacted RDAP | |||
response when using the "prePath" member, where evaluating the | response when using the "prePath" member, where evaluating the | |||
expression results in returning the redacted field. | expression results in returning the redacted field. | |||
3. Reference the removed object field when redacting an entire | 3. Reference the removed object field when redacting an entire | |||
object by the Redaction by Removal Method (Section 3.1), where | object by the Redaction by Removal Method (Section 3.1), where | |||
all of the object's child fields are explicitly removed. An | all of the object's child fields are explicitly removed. An | |||
example is "$.entities[?(@.roles[0]=='administrative')]" for the | example is "$.entities[?(@.roles[0]=='administrative')]" for the | |||
entire "Administrative Contact". | entire "Administrative Contact". | |||
4. It is possible for there to be multiple bases for the redaction | ||||
of certain content. For example, if server policy is such that | 4. Use multiple bases for the redaction of certain content. For | |||
all administrative-role entities are redacted and all technical- | example, if server policy is such that all administrative-role | |||
role entities are redacted, then an entity having both the | entities are redacted and all technical-role entities are | |||
administrative role and the technical role could be redacted for | redacted, then an entity having both the administrative role and | |||
two different reasons. In this situation, a server is required | the technical role could be redacted for two different reasons. | |||
to include at least one "redacted" entry, but should consider | In this situation, a server is required to include at least one | |||
including a separate "redacted" entry for each applicable basis | "redacted" entry, but it should consider including a separate | |||
for redaction, so as to clearly document the server policies that | "redacted" entry for each applicable basis for redaction to | |||
are relevant to redaction in each instance. | clearly document the server policies that are relevant to | |||
redaction in each instance. | ||||
5. Reference the removed field when using the Redaction by Removal | 5. Reference the removed field when using the Redaction by Removal | |||
Method (Section 3.1). An example is "$.handle" for the "Registry | Method (Section 3.1). An example is "$.handle" for the "Registry | |||
Domain ID". | Domain ID". | |||
6. Reference index 0 of the jCard [RFC7095] property array, which is | 6. Reference index 0 of the jCard [RFC7095] property array, which is | |||
the jCard [RFC7095] "name" property, with a filter expression | the jCard [RFC7095] "name" property, with a filter expression | |||
containing the name of the field, when redacting a jCard | containing the name of the field when redacting a jCard [RFC7095] | |||
[RFC7095] field using the Redaction by Removal Method | field using the Redaction by Removal Method (Section 3.1). An | |||
(Section 3.1). An example is "$.entities[?(@.roles[0]=='registra | example is "$.entities[?(@.roles[0]=='registrant')].vcardArray[1] | |||
nt')].vcardArray[1][?(@[0]=='email')]" for the "Registrant | [?(@[0]=='email')]" for the "Registrant Email". | |||
Email". | ||||
7. Reference jCard [RFC7095] field value or values redacted by array | 7. Reference the jCard [RFC7095] field value or values redacted by | |||
index 3 and greater, when redacting a jCard [RFC7095] field using | array index 3 and greater when redacting a jCard [RFC7095] field | |||
the Redaction by Empty Value Method (Section 3.2). The jCard | using the Redaction by Empty Value Method (Section 3.2). The | |||
[RFC7095] property array index 3 and greater contain the property | jCard [RFC7095] property array index 3 and greater contain the | |||
values, where the property values set with an empty value are | property values, where the property values set with an empty | |||
referenced directly in place of the jCard [RFC7095] property | value are referenced directly in place of the jCard [RFC7095] | |||
name. Servers can then systematically redact jCard [RFC7095] | property name. Servers can then systematically redact the jCard | |||
field value or values based on the JSONPath expressions and | [RFC7095] field value or values based on the JSONPath | |||
clients will directly know which jCard [RFC7095] property values | expressions, and clients will directly know which jCard [RFC7095] | |||
have been redacted. An example is "$.entities[?(@.roles[0]=='reg | property values have been redacted. An example is "$.entities[?( | |||
istrant')].vcardArray[1][?(@[0]=='fn')][3]" for the "Registrant | @.roles[0]=='registrant')].vcardArray[1][?(@[0]=='fn')][3]" for | |||
Name" or "$.entities[?(@.roles[0]=='registrant')].vcardArray[1][? | the "Registrant Name" or "$.entities[?(@.roles[0]=='registrant')] | |||
(@[0]=='adr')][3][5]" for the "Registrant Postal Code". | .vcardArray[1][?(@[0]=='adr')][3][5]" for the "Registrant Postal | |||
Code". | ||||
8. RDAP extensions should define any special JSONPath considerations | 8. RDAP extensions should define any special JSONPath considerations | |||
required to identify redacted RDAP fields if these considerations | required to identify redacted RDAP fields if these considerations | |||
are insufficient. | are insufficient. | |||
6. IANA Considerations | 6. IANA Considerations | |||
6.1. RDAP Extensions Registry | 6.1. RDAP Extensions Registry | |||
IANA is requested to register the following value in the RDAP | IANA has registered the following value in the "RDAP Extensions" | |||
Extensions Registry: | registry: | |||
Extension Identifier: redacted | ||||
Registry Operator: Any | ||||
Specification: RFC 9537 | ||||
Extension identifier: redacted | ||||
Registry operator: Any | ||||
Published specification: This document. | ||||
Contact: IESG <iesg@ietf.org> | Contact: IESG <iesg@ietf.org> | |||
Intended usage: This extension identifies the redacted fields in an | ||||
Intended Usage: This extension identifies the redacted fields in an | ||||
RDAP response. | RDAP response. | |||
6.2. RDAP JSON Values Registry | 6.2. RDAP JSON Values Registry | |||
Section 10.2 of [RFC9083] defines the RDAP JSON Values Registry with | Section 10.2 of [RFC9083] defines the "RDAP JSON Values" registry | |||
pre-defined Type field values and the use of the "Expert Review" | with predefined Type field values and a registration policy of Expert | |||
policy defined in [RFC8126]. This specification defines three new | Review [RFC8126]. This specification defines three new Type field | |||
RDAP JSON Values Registry Type field values that can be used to | values that can be used to register predefined redacted name, reason, | |||
register pre-defined redacted name, reason, and expression language | and expression language values. IANA has updated the "RDAP JSON | |||
values. IANA is instructed to update the RDAP JSON Values Registry | Values" registry to accept these additional Type field values as | |||
to accept these additional type field values as follows: | follows: | |||
"redacted name": Redacted name being registered. The registered | "redacted name": Redacted name being registered. The registered | |||
redacted name is referenced using the "type" field of the | redacted name is referenced using the "type" field of the | |||
redacted "name" field. | redacted "name" field. | |||
"redacted reason": Redacted reason being registered. The registered | "redacted reason": Redacted reason being registered. The registered | |||
redacted reason is referenced using the "type" field of the | redacted reason is referenced using the "type" field of the | |||
redacted "reason" field. | redacted "reason" field. | |||
"redacted expression language": Redacted expression language being | "redacted expression language": Redacted expression language being | |||
registered. The registered redacted expression language is | registered. The registered redacted expression language is | |||
referenced using the "pathLang" field. | referenced using the "pathLang" field. | |||
The following values should be registered by the IANA in the RDAP | IANA has also listed this document as a reference for the "RDAP JSON | |||
JSON Values Registry described in [RFC9083]: | Values" registry and has registered the following value: | |||
Value: jsonpath | Value: jsonpath | |||
Type: redacted expression language | ||||
Description: JSON path expression language, as defined in draft- | ||||
ietf-jsonpath-base. | ||||
Registrant Name: IETF | Type: redacted expression language | |||
Registrant Contact Information: iesg@ietf.org | ||||
7. Implementation Status | ||||
Note to RFC Editor: Please remove this section and the reference to | ||||
RFC 7942 [RFC7942] before publication. | ||||
This section records the status of known implementations of the | ||||
protocol defined by this specification at the time of posting of this | ||||
Internet-Draft, and is based on a proposal described in RFC 7942 | ||||
[RFC7942]. The description of implementations in this section is | ||||
intended to assist the IETF in its decision processes in progressing | ||||
drafts to RFCs. Please note that the listing of any individual | ||||
implementation here does not imply endorsement by the IETF. | ||||
Furthermore, no effort has been spent to verify the information | ||||
presented here that was supplied by IETF contributors. This is not | ||||
intended as, and must not be construed to be, a catalog of available | ||||
implementations or their features. Readers are advised to note that | ||||
other implementations may exist. | ||||
According to RFC 7942 [RFC7942], "this will allow reviewers and | ||||
working groups to assign due consideration to documents that have the | ||||
benefit of running code, which may serve as evidence of valuable | ||||
experimentation and feedback that have made the implemented protocols | ||||
more mature. It is up to the individual working groups to use this | ||||
information as they see fit". | ||||
7.1. IIT-CNR/Registro.it RDAP Server | ||||
Responsible Organization: Institute of Informatics and Telematics of | ||||
National Research Council (IIT-CNR)/Registro.it | ||||
Location: https://rdap.pubtest.nic.it/ | ||||
Description: This implementation includes support for RDAP queries | Description: JSON path expression language, as defined in RFC 9535. | |||
using data from the public test environment of .it ccTLD. The | ||||
"redacted" array can be returned in the response to the domain lookup | ||||
that is the only available to anonymous users. | ||||
Level of Maturity: This is an "alpha" test implementation. | Registrant: IETF | |||
Coverage: This implementation includes all of the features described | Contact Information: iesg@ietf.org | |||
in this specification. | ||||
Contact Information: Mario Loffredo, mario.loffredo@iit.cnr.it | Reference: RFC 9537 | |||
8. Security Considerations | 7. Security Considerations | |||
The extension described in this document does not provide any | The extension described in this document does not provide any | |||
security services beyond those described by [RFC9083]. | security services beyond those described by [RFC9083]. | |||
9. Acknowledgements | 8. References | |||
The authors wish to thank the following persons for their feedback | ||||
and suggestions: Marc Blanchet, Tom Harrison, Scott Hollenbeck, Pawel | ||||
Kowalik, Mario Loffredo, Gustavo Lozano, Andy Newton, Jasdip Singh, | ||||
and Rick Wilhelm. | ||||
10. References | ||||
10.1. Informative References | ||||
[I-D.ietf-regext-rdap-jscontact] | ||||
Loffredo, M. and G. Brown, "Using JSContact in | ||||
Registration Data Access Protocol (RDAP) JSON Responses", | ||||
Work in Progress, Internet-Draft, draft-ietf-regext-rdap- | ||||
jscontact-16, 6 June 2023, | ||||
<https://datatracker.ietf.org/doc/html/draft-ietf-regext- | ||||
rdap-jscontact-16>. | ||||
[RFC8605] Hollenbeck, S. and R. Carney, "vCard Format Extensions: | ||||
ICANN Extensions for the Registration Data Access Protocol | ||||
(RDAP)", RFC 8605, DOI 10.17487/RFC8605, May 2019, | ||||
<https://www.rfc-editor.org/info/rfc8605>. | ||||
10.2. Normative References | ||||
[I-D.ietf-jsonpath-base] | 8.1. Normative References | |||
Gössner, S., Normington, G., and C. Bormann, "JSONPath: | ||||
Query expressions for JSON", Work in Progress, Internet- | ||||
Draft, draft-ietf-jsonpath-base-21, 24 September 2023, | ||||
<https://datatracker.ietf.org/doc/html/draft-ietf- | ||||
jsonpath-base-21>. | ||||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
<https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
[RFC6350] Perreault, S., "vCard Format Specification", RFC 6350, | [RFC6350] Perreault, S., "vCard Format Specification", RFC 6350, | |||
DOI 10.17487/RFC6350, August 2011, | DOI 10.17487/RFC6350, August 2011, | |||
<https://www.rfc-editor.org/info/rfc6350>. | <https://www.rfc-editor.org/info/rfc6350>. | |||
[RFC7095] Kewisch, P., "jCard: The JSON Format for vCard", RFC 7095, | [RFC7095] Kewisch, P., "jCard: The JSON Format for vCard", RFC 7095, | |||
DOI 10.17487/RFC7095, January 2014, | DOI 10.17487/RFC7095, January 2014, | |||
<https://www.rfc-editor.org/info/rfc7095>. | <https://www.rfc-editor.org/info/rfc7095>. | |||
[RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running | ||||
Code: The Implementation Status Section", BCP 205, | ||||
RFC 7942, DOI 10.17487/RFC7942, July 2016, | ||||
<https://www.rfc-editor.org/info/rfc7942>. | ||||
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | |||
Writing an IANA Considerations Section in RFCs", BCP 26, | Writing an IANA Considerations Section in RFCs", BCP 26, | |||
RFC 8126, DOI 10.17487/RFC8126, June 2017, | RFC 8126, DOI 10.17487/RFC8126, June 2017, | |||
<https://www.rfc-editor.org/info/rfc8126>. | <https://www.rfc-editor.org/info/rfc8126>. | |||
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
[RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data | [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data | |||
skipping to change at page 36, line 42 ¶ | skipping to change at line 1579 ¶ | |||
[RFC9082] Hollenbeck, S. and A. Newton, "Registration Data Access | [RFC9082] Hollenbeck, S. and A. Newton, "Registration Data Access | |||
Protocol (RDAP) Query Format", STD 95, RFC 9082, | Protocol (RDAP) Query Format", STD 95, RFC 9082, | |||
DOI 10.17487/RFC9082, June 2021, | DOI 10.17487/RFC9082, June 2021, | |||
<https://www.rfc-editor.org/info/rfc9082>. | <https://www.rfc-editor.org/info/rfc9082>. | |||
[RFC9083] Hollenbeck, S. and A. Newton, "JSON Responses for the | [RFC9083] Hollenbeck, S. and A. Newton, "JSON Responses for the | |||
Registration Data Access Protocol (RDAP)", STD 95, | Registration Data Access Protocol (RDAP)", STD 95, | |||
RFC 9083, DOI 10.17487/RFC9083, June 2021, | RFC 9083, DOI 10.17487/RFC9083, June 2021, | |||
<https://www.rfc-editor.org/info/rfc9083>. | <https://www.rfc-editor.org/info/rfc9083>. | |||
Appendix A. Change History | [RFC9535] Gössner, S., Ed., Normington, G., Ed., and C. Bormann, | |||
Ed., "JSONPath: Query Expressions for JSON", RFC 9535, | ||||
A.1. Change from 00 to 01 | DOI 10.17487/RFC9535, February 2024, | |||
<https://www.rfc-editor.org/info/rfc9535>. | ||||
1. Changed rdapConformance to use pointed "redacted_0.1" value to | ||||
support structural changes of the extension up to the target of | ||||
"redacted_1.0". | ||||
2. Updates based on the Gustavo Lozano feedback: | ||||
1. Updated the language to change the special treatment of jCard | ||||
to be more generic for future RDAP extensions that leverage | ||||
fixed length JSON arrays. | ||||
2. Added "RDAP extensions should define any special JSONPath | ||||
considerations required to identify redacted RDAP fields if | ||||
the these considerations are insufficient." to the JSONPath | ||||
Considerations section to generalize it. | ||||
3. Updates based on the Marc Blanchet feedback: | ||||
1. Added a reference to draft-ietf-regext-rdap-jscontact as an | ||||
example of an RDAP extension that is suited for the Redaction | ||||
by Removal Method based on the lack of dependency on | ||||
positional JSON arrays. | ||||
2. Added support for registered and unregistered (free-form) | ||||
redaction reasons by changing the "reason" property to be a | ||||
JSON object with the "type" and "description" properties. | ||||
The "type" property includes registration in the IANA JSON | ||||
Values Registry. | ||||
3. Added a "JSON Values Registry" section in the IANA | ||||
Considersations section to define the "redaction reason" JSON | ||||
Values Registry Type values to support the registration of | ||||
redaction reasons. | ||||
4. Updates based on the Mario Loffredo feedback: | ||||
1. Added support for registered and unregistered (free-form) | ||||
redaction names by changing the "reason" property to be a | ||||
JSON object with the "type" and "description" properties. | ||||
The "type" property includes registration in the IANA JSON | ||||
Values Registry. | ||||
2. Added a "JSON Values Registry" section in the IANA | ||||
Considersations section to define the "redaction name" JSON | ||||
Values Registry Type values to support the registration of | ||||
redaction names. | ||||
3. Added a JSONPath Considerations item associated with handling | ||||
entities with multiple roles. | ||||
4. Added language to restrict the extension to responses. | ||||
A.2. Change from 01 to 02 | ||||
1. Updates to add support for RDAP search responses: | ||||
1. Replaced "RDAP lookup response" with "RDAP response" | ||||
throughout the draft to expand the scope to include search. | ||||
2. Updated the description in the second paragraph of the | ||||
Introduction to cover both a lookup response and a search | ||||
response. | ||||
3. Added an example of the use of an absoluate path for a search | ||||
response to the "JSONPath Considerations" section. | ||||
4. Added a description of the placement of the "redacted" member | ||||
in a lookup response and a search response in the ""redacted" | ||||
Member" section. | ||||
5. Added an example of an unredacted search response and a | ||||
redacted search response in the ""redacted" Member" section. | ||||
A.3. Change from 02 to 03 | ||||
1. Fixed mismatch of the extension identifier, which was updated to | ||||
"redacted_0.1" throughout the draft based on feedback from Mario | ||||
Loffredo. | ||||
2. Added the JSONPath Considerations item associated with redacting | ||||
fields for multiple entities with the same role based on | ||||
implementation feedback from Mario Loffredo. | ||||
3. Added the Implementation Status section that includes the server | ||||
implementation by Mario Loffredo. | ||||
4. Added use of numbered figures for easy reference for JSON Values | ||||
Registry registrations. | ||||
5. Updated the example unredacted and redacted lookup responses to | ||||
include the "objectClassName" and "handle" members. | ||||
6. Changed RFC7482 and RFC7483 references to RFC9082 and RFC9083, | ||||
respectively. | ||||
A.4. Change from 03 to 04 | ||||
1. Changed the extension identifier to be "redacted" instead of a | ||||
versioned value, which will be leveraged for both the | ||||
rdapConformance value and the JSON Values. | ||||
2. Changed the RDAP Conformance to be "redacted_level_0.2", which | ||||
leveraged the extension identifier as a prefix along with | ||||
"_level_" and a pointed version number. The version number will | ||||
become "1.0" once the draft passes WGLC. | ||||
3. Added the Redaction by Replacement Value Method. | ||||
A.5. Change from 04 to 05 | ||||
1. Update the RDAP Extensions Registry entries to include the | ||||
identifier that is used for the RDAP conformance value and to | ||||
include the "redacted" prefix indentifier to use for the JSON | ||||
response member. | ||||
2. Changed the RDAP Conformance to be "redacted_level_0_3", which is | ||||
registered in the RDAP Extensions Registry. The RDAP Conformance | ||||
value will become "redacted_level_1" once the draft passes WGLC. | ||||
A.6. Change from 05 to 06 | ||||
1. Fixed a couple nits. | ||||
2. Updated the Redaction by Replacement Value Method email web form | ||||
examples to use the "contact-uri" jCard property of RFC 8605. | ||||
A.7. Change from 06 to 07 | ||||
1. Added the optional replacementPath child member for use with the | ||||
Redaction by Replacement Value Method. | ||||
A.8. Change from 07 to 08 | ||||
1. Updates based on the Rick Wilhelm feedback: | ||||
1. Updated the definition of a redacted RDAP field in the | ||||
Introduction section. | ||||
2. Updated the reference to three methods instead of two in the | ||||
Redaction Methods section. | ||||
3. Created a new paragraph for the example in the Redaction by | ||||
Removal Method section. | ||||
4. Explicitly specified one or more redacted fields for | ||||
inclusion of the "redacted" member in the "redacted" Member | ||||
section. | ||||
5. Updated the description of the "method" member in the | ||||
"redacted" Member section. | ||||
A.9. Change from 08 to 09 | ||||
1. Updated the RDAP extensions Registry registration and RDAP | ||||
conformance to match the working group consensus that does not | ||||
include a version with "redacted". | ||||
A.10. Change from 09 to 10 | ||||
1. Updates based on the Pawel Kowalik feedback: | ||||
1. Changed "placeholder text value will not match the format | ||||
requirements" to "placeholder text value may not match the | ||||
format requirements" in Section 3. | ||||
2. Changed the "path" member OPTIONAL and added "The "path" | ||||
member MUST be set when the redacted field does exist in the | ||||
redacted response" to cover when it's required. | ||||
3. Added the definition of the "redacted expression language" | ||||
JSON Values Registry Type in the IANA Considerations and pre- | ||||
registered the "jsonpath" "redacted expression language" | ||||
value. | ||||
4. In the definition of the "path" member, added clarification | ||||
whether the "path" member expression refers to the pre- | ||||
redacted response field or the redacted response field based | ||||
on the redaction method. | ||||
5. Replaced "The Redaction by Removal Method MUST NOT be used to | ||||
remove a field using the position in a fixed length array to | ||||
signal the redacted field" with "The Redaction by Removal | ||||
Method MUST NOT be used to remove an element of an array | ||||
where the position of the element in the array determines | ||||
semantic meaning" in Section 3.1. | ||||
6. Added the "JSONPath Client Considerations" and "JSONPath | ||||
Server Considerations" subsections to the "JSONPath | ||||
Considerations" section. | ||||
2. Updates based on the Mario Loffredo feedback: | ||||
1. Revised Figure 7 to reference the "email" property and the | ||||
"contract-uri" property instead of the value elements of the | ||||
properties. | ||||
2. Rephrased the sentence in section 4.2 to 'The "redacted" | ||||
member contains an array of objects with the following child | ||||
members'. | ||||
3. Added the Redaction by Partial Value Method for redaction of | ||||
a portion of a formatted property, such as the jCard "fn" and | ||||
"label" properties. | ||||
A.11. Change from 10 to 11 | ||||
1. Updated Abstract and first sentence of Introduction to "This | ||||
document describes an RDAP extension for specifying methods of | ||||
redaction of RDAP responses and explicitly identifying redacted | ||||
RDAP response fields, using JSONPath as the default expression | ||||
language.", based on feedback by Pawel Kowalik. | ||||
2. Changed "path" member to a "prePath" and "postPath" member to | ||||
indicate whether the path expression applies to the pre-redacted | ||||
or post-redacted response, based on feedback by Pawel Kowalik. | ||||
A.12. Change from 11 to 12 | ||||
1. Updates based on the Andy Newton feedback: | ||||
1. Added section "The resulting redacted RDAP response MUST | ||||
comply with the RDAP RFCs, such as [RFC9083]" as second | ||||
sentence of Section 3. | ||||
2. Updates based on the Tom Harrison feedback: | ||||
1. Added clarification in Section 2 "Conventions Used in This | ||||
Document" that the JSONPath expressions in the examples are | ||||
for illustration purposes with single-role entities and the | ||||
exact expressions to use by the server are out-of-scope. | ||||
2. Replaced consideration #4 "When an entity has multiple | ||||
roles..." in Section 5.2 "JSONPath Server Considerations" | ||||
with the recommended language starting with "It is possible | ||||
for there to be muliple bases for redaction..." | ||||
3. Revised the sentence "The client can first key off the "name" | ||||
member for display logic and utilize a template RDAP response | ||||
overlaid with the redacted response to successfully resolve | ||||
the JSONPath expression." in Section 5.1 "JSONPath Client | ||||
Considers" to "The client can key off the "name" member for | ||||
display logic related to the redaction.". | ||||
4. Replaced "type" with "description" for the example redaction | ||||
"name" and "reason" members, so not to infer that they are | ||||
being registered for use. | ||||
5. Changed "Two new JSON Values Registry Type field values are | ||||
used to register pre-defined redacted name and reason values" | ||||
in Section 6.2 "JSON Values Registry" to "Three new JSON | ||||
Values Registry Type field values are used to register pre- | ||||
defined redacted name, reason, and expression language | ||||
values". | ||||
3. Updates based on validating each of the draft examples: | ||||
1. Added missing comma between the "Administrative Contact" and | ||||
"Billing Contact" "redacted" members. | ||||
2. Removed consideration #5 in Section 5.2 "JSONPath Server | ||||
Considerations" since the use of the JSONPath expression | ||||
"$.entities[?(@.roles[0]=='technical')][0]" is not valid and | ||||
the exact JSONPath expression to use is out-of-scope. | ||||
A.13. Change from 12 to 13 | ||||
1. Updates based on the Jasdip Singh feedback: | ||||
1. In Section 1, replaced the sentence "The redacted JSON fields | ||||
will either be removed or have empty values in the RDAP | ||||
response" with "The redacted JSON fields will either be | ||||
removed, have empty values, have partial values, or be | ||||
replaced in the RDAP response.". | ||||
2. In Section 3, changed the reference of three categories to | ||||
four categories. | ||||
3. In Section 3.1, changed ", which is the preferred method" to | ||||
", which is the default method" to clarify the Removal Method | ||||
as the default redaction method. | ||||
4. In Section 4.2, updated the sentence to read "The "redacted" | ||||
member is included as a member of the object instance in a | ||||
lookup response, for the object classes defined in [RFC9083], | ||||
and as a member of the array of object instances in a search | ||||
response.". | ||||
5. In Section 4.2, explicitly defined the "name" member as | ||||
REQUIRED". | ||||
A.14. Change from 13 to 14 | ||||
1. Replaced RFC 7483 reference with RFC 9083 based on the Document | ||||
Shepherd review by Andy Newton. | ||||
2. Replaced the "Registrant Name" "IESG" value with "IETF" for the | ||||
"RDAP JSON Values Registry" registrations. | ||||
3. Updates based on the Murray Kucherawy AD evaluation feedback: | ||||
1. Combined sentences on the use of placeholder text in | ||||
Section 3 "Redaction Methods" for clarification. | ||||
2. Changed the two SHOULDs to MUSTs in Section 3.2 "Redaction by | ||||
Empty Value Method". | ||||
3. Changed "alternate" to "alternative" in Section 3.4 | ||||
"Redaction by Replacement Value Method". | ||||
4. Changed "JSON expression" to "JSON path expression" in | ||||
Section 4.2 " | ||||
5. Changed references of "JSON Values Registry" to "RDAP JSON | 8.2. Informative References | |||
Values Registry" to match the IANA registry name. | ||||
A.15. Change from 14 to 15 | [RDAP-JSCONTACT] | |||
Loffredo, M. and G. Brown, "Using JSContact in | ||||
Registration Data Access Protocol (RDAP) JSON Responses", | ||||
Work in Progress, Internet-Draft, draft-ietf-regext-rdap- | ||||
jscontact-17, 7 December 2023, | ||||
<https://datatracker.ietf.org/doc/html/draft-ietf-regext- | ||||
rdap-jscontact-17>. | ||||
1. Based on feedback from Paul Wouters, moved the Security | [RFC8605] Hollenbeck, S. and R. Carney, "vCard Format Extensions: | |||
Considerations language to Section 4.2 ""redacted" Member", since | ICANN Extensions for the Registration Data Access Protocol | |||
exclusion of a "redacted" child member due to privacy is a | (RDAP)", RFC 8605, DOI 10.17487/RFC8605, May 2019, | |||
feature. The Security Considerations section was made generic. | <https://www.rfc-editor.org/info/rfc8605>. | |||
2. Revised the RDAP JSON Values Registry IANA Considerations used to | ||||
register pre-register the pre-defined redacted name, redacted | ||||
reason, and redacted expression language values based on Scott | ||||
Hollenbeck's expert review feedback. | ||||
A.16. Change from 15 to 16 | Acknowledgements | |||
1. Updates based on feedback from Roman Danyliw: | The authors wish to thank the following persons for their feedback | |||
1. Updated "Redaction in RDAP can be handled in multiple ways. | and suggestions: Marc Blanchet, Tom Harrison, Scott Hollenbeck, Pawel | |||
The resulting redacted RDAP response MUST comply with the | Kowalik, Mario Loffredo, Gustavo Lozano, Andy Newton, Jasdip Singh, | |||
RDAP RFCs, such as [RFC9083]" to "Redaction in RDAP can be | and Rick Wilhelm. | |||
handled in multiple ways. The resulting redacted RDAP | ||||
response MUST comply with the format defined in the RDAP RFCs | ||||
with the RDAP RFCs, such as [RFC9083] and updates" | ||||
2. Add "The server MAY choose to publish a redaction policy | ||||
describing how this extension is implemented for their | ||||
constituency. The contents of such a policy are outside the | ||||
scope of this specification." to Section 4.2 ""redacted" | ||||
Member". | ||||
Authors' Addresses | Authors' Addresses | |||
James Gould | James Gould | |||
VeriSign, Inc. | VeriSign, Inc. | |||
12061 Bluemont Way | 12061 Bluemont Way | |||
Reston, VA 20190 | Reston, VA 20190 | |||
United States of America | United States of America | |||
Email: jgould@verisign.com | Email: jgould@verisign.com | |||
URI: http://www.verisigninc.com | URI: http://www.verisigninc.com | |||
skipping to change at page 43, line 4 ¶ | skipping to change at line 1623 ¶ | |||
Email: jgould@verisign.com | Email: jgould@verisign.com | |||
URI: http://www.verisigninc.com | URI: http://www.verisigninc.com | |||
David Smith | David Smith | |||
VeriSign, Inc. | VeriSign, Inc. | |||
12061 Bluemont Way | 12061 Bluemont Way | |||
Reston, VA 20190 | Reston, VA 20190 | |||
United States of America | United States of America | |||
Email: dsmith@verisign.com | Email: dsmith@verisign.com | |||
URI: http://www.verisigninc.com | URI: http://www.verisigninc.com | |||
Jody Kolker | Jody Kolker | |||
GoDaddy Inc. | GoDaddy Inc. | |||
14455 N. Hayden Rd. #219 | 14455 N. Hayden Rd., #219 | |||
Scottsdale, AZ 85260 | Scottsdale, AZ 85260 | |||
United States of America | United States of America | |||
Email: jkolker@godaddy.com | Email: jkolker@godaddy.com | |||
URI: http://www.godaddy.com | URI: http://www.godaddy.com | |||
Roger Carney | Roger Carney | |||
GoDaddy Inc. | GoDaddy Inc. | |||
14455 N. Hayden Rd. #219 | 14455 N. Hayden Rd., #219 | |||
Scottsdale, AZ 85260 | Scottsdale, AZ 85260 | |||
United States of America | United States of America | |||
Email: rcarney@godaddy.com | Email: rcarney@godaddy.com | |||
URI: http://www.godaddy.com | URI: http://www.godaddy.com | |||
End of changes. 86 change blocks. | ||||
559 lines changed or deleted | 218 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. |