Discuss mailing list

[Martin C <martin AT mchomenet.com>]

> - API list (which functionality will be supported)
Though most of the functions are just filler/TODO at the moment, you can 
see it on github that I have a few planned: check, register, update, 
transfer, delete and assist.

"assist" because it was mentioned yesterday about being able to reach 
TLD administrators in a hurry. I think it would be good as well for 
registrars to notify an admin of a TLD registration/server problem that 
the administrator might not yet be aware of themselves. Or something 
like that.

As all commands are up for discussion already, assist is another one 
which we need to figure out if we need or not.

> - How security will be integrated into the spec.
My idea for this is simply that a separate data set is used to keep 
track of registrars, which is referenced in the userid of the domain 
table. The separate dataset will have:
username - used for registrars to login with, not for the API.
password - used for registrars to login, but not used with the API.
usertag - this will be used like a "callsign", and is only used during 
API use, not for account use.
userkey - like a registrar password, but system admins for the 
registrars will be able to see this as they implement the calling system 
on their side.
Plus the commands up above.

All passwords can be MD5 or SHA1, either doesn't bother me. As to where 
they are stored, either they are hosted by the specified TLD admin, or 
within the inner-core of the OpenNIC network. Perhaps even, the 
authentication is passed off to OpenNIC, while the domain operations 
themselves stay with the TLD server.

This allows for a centralised login so registrars do not need to 
register with every TLD manager for access to the API, they 
automatically gain access to every TLD within OpenNIC. I know Julian has 
mentioned setting up a central login database, so the API could pass of 
user verification to that. That would be simpler.

> - communication between registrars (PKI)
I already have a basic idea for this, but as far as I can tell, this is 
only really needed for domain transfers, unless I am overlooking 
something important (quite likely). I envisioned a system that would 
work along the lines of how EPP codes are used today.

Martin.