| |
 |
Revised VeriSign Registry
Agreements: Appendix R
Posted: 16 April 2001
|
Data Escrow Specification
EXHIBIT A - Task Order and
Statement of Work
TASK ORDER TITLE
Exhibit A to the Registry Data Escrow Agreement
dated _______________.
COMPANY NAME
Data Escrow Provider
STATEMENT OF WORK
Establish an escrow account to deposit
all Registry Data in an electronic format mutually approved by
VeriSign Global Registry Services, and ICANN. More specifically,
to meet the Data Escrow requirements outlined in the Registry
Agreement, VeriSign Global Registry Services will store in escrow
with Data Escrow Provider a complete set of Registry Data in
an electronic format agreed upon by VeriSign Global Registry
Services, and ICANN. Data Escrow Provider will verify that the
data is complete, accurate, and delivered in the intended format
using scripts provided by VeriSign Global Registry Services.
A phased approach will be taken to implement the scripts required
for verification. The short-term escrow process will verify completeness
and integrity (accuracy). A long-term approach is required to
create a script to verify that the file format sent is the format
received by Data Escrow Provider (correctness). Refer to Exhibits
B1 and B2 to review the short and long-term verification processes.
The Introspection validation, defined in Exhibit B2, will be
implemented in a later phase, as mutually agreed by the parties
hereto.
Data will be securely and electronically
transmitted on a daily and weekly basis as follows:
Weekly Escrow Deposits:
VeriSign Global Registry Services will
deposit a complete set of Registry Data into escrow on a weekly
basis by electronically and securely transmitting a snapshot
of each operational Registrar's data (the "Deposit Materials").
The snapshot captures the state of each Registrar's data at the
time the snapshot was created. Specific data elements contained
in the Deposit Materials are identified in Table 1.
Daily Escrow Deposits:
VeriSign Global Registry Services will
securely and electronically deposit a transaction log for each
operational Registrar representing transactions that occurred
over the previous 24 hour period (the "Additional Deposit").
The logs will be escrowed daily, being in the form of Additional
Deposit each Tuesday through Sunday, and being in the form of
the Weekly Deposit Materials each Monday, which shall capture
that Sunday's data. The Daily Additional Deposit will act as
incremental updates to the Weekly Deposit Materials and will
include all Registrar activity, such as add, delete, and transfer
of a domain name. Specific data elements contained in the Additional
Deposit are identified in Table 2.
Electronic Delivery Service Escrow Deposit
Method:
The "Electronic Delivery Service"
escrow deposit method shall mean and refer to the following.
VeriSign Global Registry Services shall transmit the Deposit
Materials and Additional Deposit to a secure server on a weekly
and daily basis, respectively. VeriSign Global Registry Services
shall provide a secure ID and password for Data Escrow Provider.
Data Escrow Provider shall pull the transmitted data from the
server and store it in a secured location. The transmitted data
will be made available to Data Escrow Provider as follows:
Daily Deposits:
Daily transactional data will be made available
at the close of business each Tuesday through Sunday for the
previous calendar day. For example, transactional data created
on Monday would be available to the escrow company on Tuesday
at the close of business. The results of transactions completed
on Sunday will be made available in the Weekly Deposit Materials,
thus no separate Daily Additional Deposit will be made for Sunday
activity.
Weekly Deposits:
Weekly database snapshots taken at midnight
on Sundays will be available not later than 6 p.m. each Monday.
Data Transmission File Sizes:
The Weekly Deposit Materials shall include
4 reports (see Table 1 for details of reports).
Additional Deposits shall include 1 report (see Table 2 for details
of report).
FILE SIZE ESTIMATES
| |
Daily
|
Weekly
|
| Current Data Escrow Size |
up to 10 Megabytes |
up to 750 Megabytes |
| Forecasted 2001 Data Escrow
Size |
up to 75 Megabytes |
up to 1 Gigabytes |
| Total Forecasted Escrow Size |
up to 110 Megabytes |
up to 4 Gigabytes |
Table 1: Weekly Deposit Materials
Format
Registrar Weekly Reports
1. Registrar Domain Report
|
Title:
Registrar Domain Report
Report name:
rgr_domain
Description: This
report contains all domains associated with a specific registrar.
The domain is listed once with each current status and associated
nameserver.
Fields:
domainname
statusname
servername
Examples:
ALPHA.COM:REGISTRY-LOCK:NS1.ALPHA.COM
ALPHA.COM:REGISTRY-LOCK:NS2.ALPHA.COM
ALPHA.COM:REGISTRY-HOLD:NS1.ALPHA.COM
ALPHA.COM:REGISTRY-HOLD:NS2.ALPHA.COM
BETA.COM:ACTIVE:NS1.BETA.COM
BETA.COM:ACTIVE:NS2.BETA.COM
GAMMA.COM::NS1.GAMMA.COM
DELTA.COM:ACTIVE:
|
2. Registrar Nameserver Report - Listed
with IP Address
|
Title: Registrar
Nameserver Report - Listed with IPAddress
Report name:
rgr_nameserver
Description:
This report contains all nameservers associated with a specific
registrar. The nameserver is listed once with each associated
ipaddress.
Fields:
servername
ipaddress
Examples:
NS.ALPHA.COM:111.222.333.001
NS.ALPHA.COM:111.222.333.002
NS.BETA.COM:
|
3. Registrar Nameserver-Domain Hosting
Report
|
Title: Registrar
Nameserver Report - Listed with Domain
Report name:
gr_nameserver_domain
Description:
This report contains domains hosted per nameservers associated
with a specific registrar. The nameserver is listed once with
each associated domainname.
Fields:
servername
domainname
Examples:
NS.ALPHA.COM:ALPHA1.COM
NS.ALPHA.COM:ALPHA2.COM
NS.ALPHA.COM:ALPHA3.COM
NS.BETA.COM:BETA1.COM
NS.BETA.COM:BETA2.COM
NS.GAMMA.COM:
|
4. Registrar Common Report
|
Title: Registrars
Report
Report name:
Registrars
Description:
This report contains one row for each registrar. Fields of the
report contain name, location, contact, financial, and business
information.
Fields:
REGISTRARID
REGISTRARNAME
SECURITYPHRASE
PHONENUMBER
FAXNUMBER
LICENSEEXPIRATIONDATE
CREDITLIMIT
AVAILABLECREDIT
LOWERLIMITPCT
EMAIL
GROSSAMOUNTDUE
NETAMOUNTDUE
ORIGINALDUEDATE
DUEDATE
ADDRESSLINE1
ADDRESSLINE2
ADDRESSLINE3
CITY
STATEPROVINCE
POSTALCODE
COUNTRYCODE
STATUSNAME
DESCRIPTION
CANPLACEORDER
Examples:
123:Alpha
Registrar:Gazpacho is a dish best served cold:(123)456-7890:(123)456-7891:2001.01.01.00.00.00:2000000:218990:.2:registrar@alpha.com:::::123
4th Avenue, 7 1/2th Floor:::NY:NY:10018:US:ACTIVE:Registrar is
active and can use the Registry to issue RRP commands:
|
Table 2: Daily Additional Deposit
Format
Registrar Daily Additional Deposits
1. Registrar Transaction Report
|
Title: Registrar
Transaction Report
Report name:
rgr_transaction
Description:
This report contains transactions associated with a specific
registrar. Domain operations produce one row for each associated
nameserver. Nameserver operations produce one row for each associated
ipaddress. A transactionid is included to allow unique identification
of transactions. The content of columns 3 and 4 is dependent
on the operation in the following ways:
operation
Π(ADD_DOMAIN, MOD_DOMAIN, DEL_DOMAIN) => [domainname][servername]
operation
Π(ADD_NAMESERVER, MOD_ NAMESERVER, DEL_ NAMESERVER) =>
[ipaddress][servername]
operation
Π(TRANSFER_DOMAIN) => [domainname][null]
Only the seven (7) operation types above
are included in the report.
Fields:
transactionid
operationname
domainname
| ipaddress
servername
| null
transactiondate
Examples:
1000010:ADD-DOMAIN:ALPHA.COM:NS.ALPHA.COM:1999.04.25.00.01.08
1000020:ADD-DOMAIN:BETA.COM:NS1.BETA.COM:1999.04.25.00.05.33
1000020:ADD-DOMAIN:BETA.COM:NS2.BETA.COM:1999.04.25.00.05.33
1000030:ADD-DOMAIN:GAMMA.COM::1999.04.25.00.05.34
2000010:ADD-NAMESERVER:111.222.333.001:NS.DELTA.COM:1999.04.25.00.06.48
2000020:ADD-NAMESERVER:444.555.666.001:NS.EPSILON.COM:1999.04.25.00.36.18
2000020:ADD-NAMESERVER:444.555.666.002:NS.EPSILON.COM:1999.04.25.00.36.18
2000030:ADD-NAMESERVER::NS.ZETA.COM:1999.04.25.00.37.31
3000010:TRANSFER_DOMAIN:ETA.COM::1999.04.25.01.37.31
3000020:TRANSFER_DOMAIN:THETA.COM::1999.04.25.02.37.31
3000030:TRANSFER_DOMAIN:IOTA.COM::1999.04.25.03.37.31
3000040:TRANSFER_DOMAIN:KAPPA.COM::1999.04.25.03.37.31
|
1. ADDITIONAL TERMS AND CONDITIONS
For .com agreement:
Registry Operator shall periodically deposit
into escrow all Registry Data on a schedule (not more frequently
than weekly for a complete set of Registry Data, and daily for
incremental updates) and in an electronic format mutually approved
from time to time by Registry Operator and ICANN, such approval
not to be unreasonably withheld by either party. The escrow shall
be maintained, at Registry Operator's expense, by a reputable
escrow agent mutually approved by Registry Operator and ICANN,
such approval also not to be unreasonably withheld by either
party. The schedule, content, format, and procedure for escrow
deposits shall be as established by ICANN from time to time.
The initial schedule, content, format, and procedure shall be
as set forth in Appendix R. Changes to the schedule, content,
format, and procedure may be made only with the mutual written
consent of ICANN and Registry Operator (which neither party shall
unreasonably withhold) or through the establishment of Consensus
Policies as set forth in Definition 1 of this Agreement. The
escrow shall be held under an agreement, substantially in the
form of Appendix S, among ICANN, Registry Operator, and the escrow
agent.
For .net and .org agreements:
Registry Operator shall periodically deposit
into escrow all Registry Data in an electronic format. The escrow
shall be maintained, at Registry Operator's expense, by a reputable
escrow agent mutually approved by Registry Operator and ICANN,
such approval also not to be unreasonably withheld by either
party. The schedule, content, format, and procedure for escrow
deposits shall be as established by ICANN from time to time.
The initial schedule, content, format, and procedure shall be
as set forth in Appendix R. Changes to the schedule, content,
format, and procedure may be made only with the mutual written
consent of ICANN and Registry Operator (which neither party shall
withhold without reason) or in the manner provided in Subsections
4.3 through 4.6. The escrow shall be held under an agreement,
substantially in the form of Appendix S, among ICANN, Registry
Operator, and the escrow agent.
2. PERIOD OF PERFORMANCE
3. Period of Performance shall be as defined
by section 7(a) of this Escrow Agreement. FEE SCHEDULE
Fees to be paid by VeriSign Global Registry
Services shall be as follows:
Initialization fee (one time only) $ _________
*Annual maintenance/storage fee $ _________
*includes two cubic feet of storage space
|
Additional Services Available:
Electronic Updates
Transmitted once daily $ ________
Price quoted is limited to 650 MB per update.
Electronic Updates over 650 MB $ ________
Fee incurred for updates over 650 MB will
be billed on a monthly basis.
Additional Services
Verification / File Listing Services $ ________
(This includes up to one hour of service
for each deposit)
Additional Storage Space $ ________
Payable by Licensee or Producer Only Upon Release Request:
Due Only Upon Licensee's or Producer's
Request for Release of Deposit Materials $ _________
$
___________ .
|
Fees due in full, in US dollars, upon receipt
of signed contract or deposit material, whichever comes first.
Thereafter, fees shall be subject to their current pricing, provided
that such prices shall not increase by more than 10% per year.
The renewal date for this Agreement will occur on the anniversary
of the first invoice. If other currency acceptance is necessary,
please contact your Account Manager to make arrangements.
EXHIBIT B1 - Phase I Escrow
Process
The goal of the Escrow Process is to periodically
encapsulate all Registrar-specific information into a single
Escrow File and to make this file available to a third party
for escrow storage. Existing Daily and Weekly reports as well
as a Registrars Reporta will be used to construct
the Escrow File because these reports, when taken together, describe
completely the entire set of domains, nameservers, and Registrars.
The Escrow Process employs a method of encapsulation whereby
the Daily, Weekly, and Registrar reports are concatenated, compressed,
digitally signed, and digested into a single file. The format
of this encapsulation enables the single file to be verified
for Completenessb and Integrityc
by a third party.
EXHIBIT B1 - Phase I Verification
Process
The goal of the Verification Process is
to verify Completenessb and Integrityc
of an Escrow File. The Verification Process uses layers of meta-data
encapsulated in the Escrow File to construct a Verification
Report. The verification report produced by the Verification
Process indicates whether the data file meets the authentication
requirements. The report has 2 sections, action and results.
Actions describe each of the actions taken against the data file
and whether those actions met success or failure. Results describe
the results of the verification process. If there was a failure
in the Actions section then the Results section will describe
details of the failure and indicate that the Data File is corrupt
and cannot be verified. If no errors are present the Results
section will indicate that the file is valid.
Notes
a. Registrar Report
The existing Daily and Weekly
reports associate Registry data and transactions to specific
Registrars by naming each report with a specific Registrar Id.
The Registrar report provides a mapping between these Registrar
Ids and other associated Registrar information such as name,
credit, billing address, contact info, and location.
b. Completeness
A data file transfer is complete
if all data files transferred from the source machine are present
on the destination machine.
c. Integrity
A data file transfer has integrity
if no data file was altered by a third party while in transit.
Exhibit B2: Phase II Escrow Process
The goal of the Escrow Process is to periodically
encapsulate all Registrar-specific information into a single
Escrow File and to make this file available to a third party
for escrow storage. Existing Daily and Weekly reports as well
as a Registrars Reporta will be used to construct
the Escrow File because these reports, when taken together, describe
completely the entire set of domains, nameservers, and Registrars.
The Escrow Process employs a method of
encapsulation whereby the Daily, Weekly, and Registrar reports
are concatenated, compressed, signed, and digested into a single
file. The format of this encapsulation enables the single file
to be verified for Completenessb , Correctnessc
, and Integrityd by a third party. The Escrow
Process includes data format specification for each report file
using regular expression algebra. This format specification is
stored with the report file itself and is used for format verification
later. The report file along with data format specification is
then digitally signed for authentication, non-repudiation and
message integrity verification.
Exhibit B2: Phase II Verification
Process
The goal of the Verification Process is
to verify Completenessb , Correctnessc
, and Integrityd of an Escrow File. The Verification
Process uses layers of meta-data encapsulated in the Escrow File
to construct a Verification Reportf. The verification
report produced by the verification process indicates whether
the data file meets the authentication requirements. The report
has 2 sections actions and results. Actions section describes
each of the actions taken against the data file and whether those
actions met success or failure. Results section describes the
results of the Verification Process. If there was a failure in
the Actions section then the Results section will describe details
of the failure and indicate that the Data File is corrupt and
cannot be verified. If no errors are present the Results section
will indicate that the file is valid. As part of verification
the data format specification is used to verify the correctness
of the format of each record in the file. To ensure that the
Reports are self-consistent, introspection will be implemented
in a later phase. Introspection will analyze Weekly Reports across
all Registrars to verify that fields referenced from outside
the report are indeed valid entries in other weekly reports.
Notes
a. Registrars Report
The existing Daily and Weekly reports associate Registry data
and transactions to specific Registrars by naming each report
with a specific Registrar Id. The Registrar report provides a
mapping between these Registrar Ids and other associated Registrar
information such as name, credit, billing address, contact info,
and location.
b. Completeness
A data file transfer is complete if all data files transferred
from the source machine are present on the destination machine.
c. Correctness
A data file transfer is correct if each data file on the destination
machine has the same information content as that on source machine.
d. Integrity
A data file transfer has integrity if no data file was altered
by a third party while in transit.
e. Regular Expression Algebra
The regular expression algebra is a powerful data description
language. The data structure description can be as specific or
generic as necessary.
f. Verification Report
Comments concerning the layout, construction and
functionality of this site
should be sent to webmaster@icann.org.
Page Updated 16-April-2001
(c) 2001 The Internet
Corporation for Assigned Names and Numbers.
All rights reserved.
|