Network Working Group                                          A. Newton
Internet-Draft                                                      ARIN
Intended status: Standards Track                           S. Hollenbeck
Expires: May 30, June 21, 2013                                     Verisign Labs
                                                       November 26,
                                                       December 18, 2012

         Unified

             Registration Data Access Protocol Query Format
                    draft-ietf-weirds-rdap-query-01
                    draft-ietf-weirds-rdap-query-02

Abstract

   This document describes uniform patterns to construct HTTP URLs that
   may be used to retrieve registration information from registries
   (including both Regional Internet Registries (RIRs) and Domain Name
   Registries (DNRs)) using "RESTful" web access patterns.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on May 30, June 21, 2013.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Conventions Used in This Document  . . . . . . . . . . . . . .  3
     1.1.  Acronyms and Abbreviations . . . . . . . . . . . . . . . .  3
   2.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  Path Segment Specification . . . . . . . . . . . . . . . . . .  4
     3.1.  IP Network Path Segment Specification  . . . . . . . . . .  4
     3.2.  Autonomous System Path Segment Specification . . . . . . .  5
     3.3.  Domain Path Segment Specification  . . . . . . . . . . . .  5
     3.4.  Name Server Path Segment Specification . . . . . . . . . .  6
     3.5.  Entity Path Segment Specification  . . . . . . . . . . . .  6
   4.  Extensibility  . . . . . . . . . . . . . . . . . . . . . . . .  6
   5.  Internationalization Considerations  . . . . . . . . . . . . .  7
   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  7
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . .  7
   8.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .  7
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . .  8
     9.1.  Normative References . . . . . . . . . . . . . . . . . . .  8
     9.2.  Informative References . . . . . . . . . . . . . . . . . .  9
   Appendix A.  Path Segment Specification for Search Queries . . . .  9
   Appendix B.  Change Log  . . . . . . . . . . . . . . . . . . . . . 10
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10

1.  Conventions Used in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

1.1.  Acronyms and Abbreviations

      DNR: Domain Name Registry
      RDAP: Registration Data Access Protocol
      RIR: Regional Internet Registry

2.  Introduction

   This document describes a specification for querying registration
   data using a RESTful web service and uniform query patterns.  The
   service is implemented using the Hypertext Transfer Protocol (HTTP)
   [RFC2616].

   The protocol described in this specification is intended to address
   deficiencies with the WHOIS protocol [RFC3912] that have been
   identified over time, including:

   o  Lack of standardized command structures,
   o  lack of standardized output and error structures,
   o  lack of support for internationalization and localization, and
   o  lack of support for user identification, authentication, and
      access control.

   The patterns described in this document purposefully do not encompass
   all of the methods employed in the WHOIS and RESTful web services of
   all of the RIRs and DNRs.  The intent of the patterns described here
   are to enable lookups of networks by IP address, autonomous system
   numbers by number, reverse DNS meta-data by domain, domains by name,
   name servers by name, registrars by name, and entities (such as
   contacts) by identifier.  It is envisioned that each registry will
   continue to maintain NICNAME/WHOIS and/or RESTful web services
   specific to their needs and those of their constituencies, and the
   information retrieved through the patterns described here may
   reference such services.

   Likewise, future IETF standards may add additional patterns for
   additional query types (for example, "/domains" for a domain search
   query).  And Section 4 defines a simple pattern namespacing scheme to
   accomodate custom extensions that will not interfere with the
   patterns defined in this document or patterns defined in future IETF
   standards.

   WHOIS services, in general, are read-only services.  Therefore URL
   [RFC3986] patterns presented here are only applicable to the HTTP
   [RFC2616] GET and HEAD methods.

   This document does not describe the results or entities returned from
   issuing the described URLs with an HTTP GET.  It is envisioned that
   other documents will describe these entities in various serialization
   formats, such as JavaScript Object Notation (JSON, [RFC4627]).

   Additionally, resource management, provisioning and update functions
   are out of scope for this document.  Registries have various and
   divergent methods covering these functions, and it is unlikely a
   uniform approach for these functions will ever be possible.

   While

   HTTP contains mechanisms for servers to authenticate clients and for
   clients to authenticate servers (from which authorization schemes may
   be built), both authentication of clients built) so such mechanisms are not described in this document.
   Policy, provisioning, and servers processing of authentication and
   authorization for access to data are out-of-scope of for this document.
   In general, these matters require "policy" and are not document as deployments will
   have to make choices based on local criteria.  So long as the domain
   solution chosen makes use of
   technical standards bodies. the HTTP mechanisms, implementations
   ought to be interoperable.

3.  Path Segment Specification

   The uniform patterns start with a base URL [RFC3986] specified by
   each registry or any other service provider offering this service.
   The base URL will be appended with resource type specific is followed by a resource-type-specific path
   segments. segment.
   The base URL may contain its own path segments (e.g.
   http://example.com/... or http://example.com/restful-WHOIS/... ).

   The resource type path segments are:
   o  'ip': IP networks and associated data referenced using either an
      IPv4 or IPv6 address.
   o  'autnum': Autonomous system registrations and associated data
      referenced using an AS Plain autonomous system number.
   o  'domain': Reverse DNS (RIR) or domain name (DNR) information and
      associated data referenced using a fully-qualified domain name.
   o  'nameserver': Used to identify a name server information query.
   o  'entity': Used to identify an entity information query.

3.1.  IP Network Path Segment Specification

   Syntax: ip/<IP address> or ip/<CIDR prefix>/<CIDR length>

   Queries for information about IP networks are of the form /ip/XXX/...
   or /ip/XXX/YY/... where the path segment following 'ip' is either an
   IPv4 [RFC1166] or IPv6 [RFC5952] address (i.e.  XXX) or an IPv4 or
   IPv6 CIDR [RFC4632] notation address block (i.e.  XXX/YY).
   Semantically, the simpler form using the address can be thought of as
   a CIDR block with a bitmask length of 32 for IPv4 and a bitmask
   length of 128 for IPv6.  A given specific address or CIDR may fall
   within multiple IP networks in a hierarchy of networks, therefore
   this query targets the "most-specific" or lowest smallest IP network which
   completely encompasses it in a hierarchy of IP networks.

   This is an example URL for the most specific network containing
   192.0.2.0:

   /ip/192.0.2.0

   This is an example of a URL the most specific network containing
   192.0.2.0/24:

   /ip/192.0.2.0/24

3.2.  Autonomous System Path Segment Specification

   Syntax: autnum/<autonomous system number>

   Queries for information regarding autonomous system number
   registrations are of the form /autnum/XXX/... where XXX is an asplain
   autonomous system number [RFC5396].  In some registries, registration
   of autonomous system numbers is done on an individual number basis,
   while other registries may register blocks of autonomous system
   numbers.  The semantics of this query is are such that if a number falls
   within a range of registered blocks, the target of the query is the
   block registration, and that individual number registrations are
   considered a block of numbers with a size of 1.

   For example, to find information on autonomous system number 65551,
   the following path would be used:

   /autnum/65551

3.3.  Domain Path Segment Specification

   Syntax: domain/<domain name>

   Queries for domain information are of the form /domain/XXXX/...,
   where XXXX is a fully-qualified domain name [RFC4343] in either the
   in-addr.arpa or ip6.arpa zones (for RIRs) or a fully-qualified domain
   name in a zone administered by the server operator (for DNRs).
   Internationalized domain names represented in A-label format
   [RFC5890] are also valid domain names.

   The following path would be used to find information describing the
   zone serving the network 192.0.2/24:

   /domain/2.0.192.in-addr.arpa

   The following path would be used to find information for the
   example.com domain name:

   /domain/example.com

3.4.  Name Server Path Segment Specification

   Syntax: nameserver/<name server name>

   The <name server name> parameter represents a fully qualified name as
   specified in RFC 952 [RFC0952] and RFC 1123 [RFC1123].
   Internationalized names represented in A-label format [RFC5890] are
   also valid name server names.

   The following path would be used to find information for the
   ns1.example.com name server:

   /nameserver/ns1.example.com

3.5.  Entity Path Segment Specification

   Syntax: entity/<handle>

   The <handle> parameter represents an entity (such as a contact,
   registrant, or registrar) identifier.  For example, for some DNRs
   contact identifiers are specified in RFC 5730 [RFC5730] and RFC 5733
   [RFC5733].

   The following path would be used to find information for the entity
   associated with handle CID-4005:

   /entity/CID-4005

4.  Extensibility

   This document describes path segment specifications for a limited
   number of objects commonly registered in both RIRs and DNRs.  It does
   not attempt to describe path segments for all of the objects
   registered in all registries.  Custom path segments can be created
   for objects not specified here using the process described in Section
   TBD of "Using HTTP for RESTful Whois Services by Internet Registries"
   [I-D.ietf-weirds-using-http].

   Custom path segments can be created by prefixing the segment with a
   unique identifier followed by an underscore character (0x5F).  For
   example, a custom entity path segment could be created by prefixing
   "entity" with "custom_", producing "custom_entity".  Servers SHOULD
   ignore MUST
   return an appropriate failure status code for a request with an
   unrecognized path segments. segment.

5.  Internationalization Considerations

   There is value in supporting the ability to submit either a U-label
   (Unicode form of an IDN label) or an A-label (ASCII form of an IDN
   label) as a query argument to an RDAP service.  Clients with
   graphical user interfaces may prefer a U-label since this is more
   visually recognizable and familiar than A-label strings, but clients
   of programmatic interfaces may wish to submit and display A-labels or
   may not be able to input U-labels with their keyboard configuration.
   In the interest of protocol simplicity, A-labels (the "wire format"
   of IDNs) are the only labels supported by this specification.

   Internationalized domain and name server names can contain character
   variants and variant labels as described in RFC 4290 [RFC4290].
   Clients that support queries for internationalized domain and name
   server names MUST accept service provider responses that describe
   variants as specified in "JSON Responses for the Registration Data
   Access Protocol" [I-D.ietf-weirds-json-response].

6.  IANA Considerations

   This document does not specify any IANA actions.

7.  Security Considerations

   Security services for the operations specified in this document are
   described in "Security Services for the Registration Data Access
   Protocol" [I-D.ietf-weirds-rdap-sec].  As we identify specific use
   cases for which security services are needed they will be described
   here.

8.  Acknowledgements

   This document is derived from original work on RIR query formats
   developed by Byron J. Ellacott of APNIC, Arturo L. Servin of LACNIC,
   Kaveh Ranjbar of the RIPE NCC, and Andrew L. Newton of ARIN.
   Additionally, this document incorporates DNR query formats originally
   described by Francisco Arias and Steve Sheng of ICANN and Scott
   Hollenbeck of Verisign.

   The authors would like to acknowledge the following individuals for
   their contributions to this document: TBD. Francisco Arias, Edward Lewis,
   and John Levine.

9.  References

9.1.  Normative References

   [I-D.ietf-weirds-json-response]
              Newton, A. and S. Hollenbeck, "JSON Responses for the
              Registy
              Registration Data Access Protocol (RDAP)",
              draft-ietf-weirds-json-response-00
              draft-ietf-weirds-json-response-01 (work in progress),
              September
              December 2012.

   [I-D.ietf-weirds-rdap-sec]
              Hollenbeck, S. and N. Kong, "Security Services for the
              Registration Data Access Protocol",
              draft-ietf-weirds-rdap-sec-00
              draft-ietf-weirds-rdap-sec-01 (work in progress),
              September
              November 2012.

   [I-D.ietf-weirds-using-http]
              Newton, A., Ellacott, B., and N. Kong, "Using the
              Registration Data Access Protocol (RDAP) with HTTP",
              draft-ietf-weirds-using-http-00
              draft-ietf-weirds-using-http-01 (work in progress),
              September
              December 2012.

   [RFC0952]  Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet
              host table specification", RFC 952, October 1985.

   [RFC1123]  Braden, R., "Requirements for Internet Hosts - Application
              and Support", STD 3, RFC 1123, October 1989.

   [RFC1166]  Kirkpatrick, S., Stahl, M., and M. Recker, "Internet
              numbers", RFC 1166, July 1990.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2616]  Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
              Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
              Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

   [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
              Resource Identifier (URI): Generic Syntax", STD 66,
              RFC 3986, January 2005.

   [RFC4290]  Klensin, J., "Suggested Practices for Registration of
              Internationalized Domain Names (IDN)", RFC 4290,
              December 2005.

   [RFC4343]  Eastlake, D., "Domain Name System (DNS) Case Insensitivity
              Clarification", RFC 4343, January 2006.

   [RFC4632]  Fuller, V. and T. Li, "Classless Inter-domain Routing
              (CIDR): The Internet Address Assignment and Aggregation
              Plan", BCP 122, RFC 4632, August 2006.

   [RFC5396]  Huston, G. and G. Michaelson, "Textual Representation of
              Autonomous System (AS) Numbers", RFC 5396, December 2008.

   [RFC5730]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)",
              STD 69, RFC 5730, August 2009.

   [RFC5733]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
              Contact Mapping", STD 69, RFC 5733, August 2009.

   [RFC5890]  Klensin, J., "Internationalized Domain Names for
              Applications (IDNA): Definitions and Document Framework",
              RFC 5890, August 2010.

   [RFC5952]  Kawamura, S. and M. Kawashima, "A Recommendation for IPv6
              Address Text Representation", RFC 5952, August 2010.

9.2.  Informative References

   [RFC3912]  Daigle, L., "WHOIS Protocol Specification", RFC 3912,
              September 2004.

   [RFC4627]  Crockford, D., "The application/json Media Type for
              JavaScript Object Notation (JSON)", RFC 4627, July 2006.

URIs

   [1]  <https://www.arin.net/resources/whoisrws/whois_api.html>

   [2]  <http://www.w3.org/DesignIssues/MatrixURIs.html>

   [3]  <http://whois.arin.net/ui>

   [4]  <http://dnrd.verisignlabs.com/dnrd-ap/>

Appendix A.  Path Segment Specification for Search Queries

   All of the path segments described in this document identify patterns
   for exact-match lookups of data elements.  We have explicitly omitted
   specifications for search queries in the interest of first focusing
   on more basic protocol operations.  Once we understand how exact-
   match queries will work we will attempt to define specifications for
   search queries.

   It is important to note that there are already multiple
   implementations of RESTful RDAP-like prototypes that provide search
   capabilities.  For example:

   ARIN:   The American Registry for Internet Numbers (ARIN) has
      published an API [1] (see Section 4.4.2) that describes using
      plural forms of path segment identifiers (e.g. "domains") and
      Matrix URIs [2] to indicate that a client is requesting a list of
      values when searching for RIR registration data.  A prototype
      service [3] that implements this API is up and running.
   Verisign:   Verisign has deployed a prototype service [4] that
      implements searches for DNR registration data using HTML query
      strings (e.g. "?_PRE") to identify search parameters.  For
      example,
      "http://dnrd.verisignlabs.com/dnrd-ap/domain/verisign?_PRE"
      performs a search for domain names with a "verisign" prefix.

   The specifications that are eventually added to this document will
   likely combine features from these and other examples of running
   code.

Appendix B.  Change Log

   Initial -00:  Adopted as working group document.
   -01:  Added "Conventions Used in This Document" section.  Added
      normative reference to draft-ietf-weirds-rdap-sec and some
      wrapping text in the Security Considerations section.
   -02:  Removed "unified" from the title.  Rewrote the last paragraph
      of section 2.  Edited the first paragraph of section 3 to more
      clearly note that only one path segement is provided.  Added
      "bitmask" to "length" in section 3.1.  Changed "lowest IP network"
      to "smallest IP network" in section 3.1.  Added "asplain" to the
      description of autonomous system numbers in section 3.2.  Minor
      change from "semantics is" to "semantics are" in section 3.2.
      Changed the last sentence in section 4 to more clearly specify
      error response behavior.  Added acknowledgements.  Added a
      paragraph in the introduction regarding future IETF standards and
      extensibility.

Authors' Addresses

   Andrew Lee Newton
   American Registry for Internet Numbers
   3635 Concorde Parkway
   Chantilly, VA  20151
   US

   Email: andy@arin.net
   URI:   http://www.arin.net

   Scott Hollenbeck
   Verisign Labs
   12061 Bluemont Way
   Reston, VA  20190
   US

   Email: shollenbeck@verisign.com
   URI:   http://www.verisignlabs.com/