GDPR Compliant RDAP service
This is a early test and evaluation implementation of RDAP (Registration Data Access Protocol).
This is an early release intended to solicit feedback. In particular the RyCE specific implementation attempts to be General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) compliant.
Feedback and comments are very welcome at firstname.lastname@example.org.
Implemented RDAP Objects
Support is provided for the following objects:
- domain https://rdap-otande.ryce-rsp.com/rdap/domain/nic.wien/
- entity (In progress, curently included in the domain query)
- nameserver (In progress, curently included in the domain query)
Comments and features
This is still at an early stage. There are still bugs and missing fields. The data is from our OT&E system and is synced every 30 minutes.
- A contact entity with an Organisation field is assumed to be a public contact and by default does not get privacy enforced.
- RFC5733 contact:disclose data is honored. If the field is true data will ALWAYS be displayed. If false it will never be displayed
- The Authinfo field is commonly used during transfers. We use this as an authentication method
either via HTTP basic authentication or via a GET parameter.
For example compare https://rdap-otande.ryce-rsp.com/rdap/domain/nic.wien?authinfo=test
with the one above.
- The billing contact is a person not an organisation so by default full privacy is provided.
- The admin contact has email and phone numbers private using contact:disclose.
- When the authinfo code is provided all fields are displayed.
- Certificate based authentication will be provided once a standard has been agreed on.
Additions enhancements / known bugs
- Support Entity and nameserver queries. (ETA 28 February 2018)
- RFC8056 status mappings not in place yet. (ETA 28 February 2018)
- TLSA record missing (ETA 28 February 2018)
- Port 43 and 80 WHOIS services using the same data as the RDAP service (ETA 25 May 2018)
- RFC5733 - EPP Contact Mapping for the contact:disclose data
- RFC7480 - HTTP Usage in the Registration Data Access Protocol
- RFC7481 - Security Services for the Registration Data Access Protocol
- RFC7482 - Registration Data Access Protocol (RDAP) Query Format
- RFC7483 - JSON Responses for the Registration Data Access Protocol
- RFC7484 - Finding the Authoritative Registration Data Service
- RFC7485 - Inventory and Analysis of WHOIS Registration Objects
- RFC7095 - jCard: The JSON Format for vCard
- RFC8056 - Extensible Provisioning Protocol (EPP) and Registration Data Access Protocol (RDAP) Status Mapping