A Clear View of Internet Data: The Framework and Model

Setting the Stage

The world of internet data has a lot of moving parts. At the center are Service Providers, who collect and manage information from Registrants—the people or organizations that own domain names. But there are other players in this space too:

  • Requestors: Groups that need access to this data for their own purposes.
  • Policy Authorities: Organizations, like governments and non-profits, that ensure data is protected and used for the public good.

Our framework lays out who these players are and how they interact. Our model describes the data involved and how it gets stored and accessed.

The Internet Identifier Registration Framework

Registries manage the creation of a domain name. For example, .com is managed by a specific registry, and in some countries like the UK, different registries manage sub-domains (like .co.uk). Registrants buy domain names through Registrars, who connect with the Registry to complete the process.

The relationship between Registrants, Registrars, and Registries forms the core of how domain names work.

What About Rules and Policies?

Domain registries fall into two main groups:

  • Country Code Top-Level Domains (ccTLDs): Tied to specific countries, like .uk.
  • Generic Top-Level Domains (gTLDs): Not linked to any country and governed by the Internet Corporation for Assigned Names and Numbers (ICANN).

Each registry and registrar operates under both national laws and global policies from bodies like ICANN. These rules dictate how registration data is collected, protected, and disclosed.

Collecting and Sharing Data

At the heart of our framework is the idea that everyone involved has their own rules for collecting and sharing data. Registrars are responsible for gathering this data, which is guided by their policies, the Registry’s rules, and the regulations set by Policy Authorities.

Our framework helps map out and document these policies, showing how they interact.

The Internet Identifier Registration Data Model

Our model includes a comprehensive dictionary of data elements—about 100 in total. These cover everything from basic contact info (like name, email, and phone) to more sensitive details (like payment information). The idea is to capture all data that might be collected, with robust controls on who can access what.

Wide Aperture Principle: We include all possible data elements, even highly sensitive ones, but tightly manage who can see what through detailed disclosure controls.

Data Attributes and Validation

Each Service Provider has rules for handling data, including:

  • Collection: Whether a data element is required, optional, or not collected.
  • Validation: How accurate the data needs to be, ranging from no validation to detailed identity checks.
  • Sensitivity: How private the data is, determining who can access it.
  • Storage: Where are copies of the data element to be stored, i.e. the Registrar, Registry, and/or Policy Authority.

For validation, we use a scale from basic checks (like verifying an email works) to more thorough identity verification.

Managing Sensitivity Levels

Privacy isn’t black-and-white. We use four sensitivity levels:

  1. Public: Open to anyone.
  2. Private: Restricted access for certain Requestors.
  3. Very Private: Access limited even further.
  4. Ultra Private: Only shared under legal orders.

Each data element is tagged with a sensitivity level, helping ensure it’s only disclosed when appropriate.

Flexibility and Compatibility

Not every player in this ecosystem has the same rules. Our model allows each party—like Registrars and Registries—to set ranges of acceptable values for things like data collection and sensitivity. This flexibility ensures that different policies can coexist while still working together.

Bringing It All Together

The framework and model we’ve built simplify a complex web of relationships and rules. By defining clear structures and giving flexibility where needed, we make sure everyone from Registrants to governments can work within a consistent, manageable system.

Conclusion: This approach isn’t just theoretical. It’s designed for real-world application, helping stakeholders streamline how they collect, protect, and disclose data while respecting privacy and legal obligations. Let’s build a safer, more transparent internet together.