IETF 104, REGEXT WG, Monday 2019-03-25 13:50-15:50 Opening by James Galvin and Antoin Verschuren (both! present) Jabber scribe George Michaelson RFC published since last meeting, RFC 8521, 8495, 8543, 8544 Submitted for Evaluation "Registration Fee extension", "Strict bundling registration" Document withdrawal by authors for "Verification Code extension" Newly adopted documents - Federated authentication for RDAP - RDAP Query Parameters for Result Sorting - RDAP Partial Response - RDAP Reverse Search - Login Security Extension for EPP Scott Hollenbeck presents his draft about "Federated Authentication for RDAP". Adam Roach, Scott make sure to make parameters compliant with BCP 190 Andrew Newton, device flow makes things over complicated James Galvin (as individual), how do we handle non browsers if not by device flow? Richard Wilhelm, on going policy in ICANN is not ICANN organisation but the ICANN process Alexander Mayerhofer, do out-of-band for non browsers Jaromir Talir, problem discussion with oauth around restful vs. session Mario Loffredo, presents RDAP Sorting and Paging Jim Gould, is it possible to implement paging without sorting? Mario Loffredo, yes Jim Gould, is it possible to identify what is supported? Jim Gould, would it be benificial to support different version numbers for sorting and paging Andrew Newton, need mechanism for servers to indicate capabilities Jim Gould, seconds Andrew Mario Loffredo, presents RDAP Partial Response Jim Gould, policy in draft, better a mechanism to let server define fieldsets Andrew Newton, thinks normally expected is good enough Mario Loffredo, presents RDAP Reverse Search Stephane Bortzmeyer, privacy considerations is not enough, reverse search is dangerous, Gurshabad Grover, seconds Stephane Alexander Mayerhofer, privacy section not sufficient, should say it is ok to just implement a subset Andrew Newton, MUST NOT do until the user is authenticated Jim Gould, Login Security Extension for EPP Robert Story, password complexity requirements not met should be better; Jim Gould responded that the password complexity requirements are handled in draft-gould-regext-login-security-policy. Martin Casanova (Switch), agent is free text, should maybe be more structured Stephane Bortzmeyer, password recommendations should reference password research document; Jim Gould asked if there are any suggested password documents to reference in draft-ietf-regext-login-security. Milestone review James Galvin, we have two streams RDAP and EPP and struggle to balance between them George Michaelson, RDAP is important now because industry wants to replace whois, we might need two time slots Richard Wilhelm, RDAP has core documents that are important and others that are less important James Galvin, Alexander Mayerhofer, two workstreams have diffrent sice of audience, EPP small audience world wide, RDAP much larger audience in the future Peter Koch, we need in depth review of privacy, Andrew Newton, if two meetings, maybe two working groups James Galvin, stay focused on 5 mile stones at most, proposal to have two milestones per stream and assign the fifth as appropriate Jim Gould, do not split, substantial personal overlap Scott Hollenbeck, do not split, maybe more than 5 milestones James Galvin, maybe we can have adopted documents but not have milestones for them Andrew Newton, George Michaelson, privacy stuff is important, we need an overarching doc for privacy Antoin Verschuren, do we have the expertise in the wg? James Galvin, maybe we can't commit to milestones and find a way to manage discussion to get a document to this point Barry Leiba, documents can be moved between adopted, worked on, milestones as needed Proposed New Work Tom Harrison, presents RDAP Mirroring Protocol Marc Blanchet, Map a registrar ID to the registrar RDAP server URL Andrew Newton, RDAP jcard issues Alexander Mayerhofer, announcing Registry Lock side meeting at IETF104