Dear working group,

Regarding this:

On 01 Jan 2017, at 18:02, Horváth Ágoston János <horvath.agoston@gmail.com> wrote:

I think what you really want is being able to authenticate via REST
API, so that you would be able to query and update your own objects
without any kind of dummification or accounting process. Maybe even be
able to use an APIKEY over https for a simple way of authentication?

There is work being done in the IETF on using OpenID Connect (which is based on OAuth v2) for authenticated queries in RDAP:
https://tools.ietf.org/html/draft-hollenbeck-regext-rdap-openid-02

The primary use case for this draft is to allow users of a Web UI to do authenticated queries against RDAP back-ends, e.g. allowing them to see more details (which in our case could include the MNTNER auth attributes). However, it can also be leveraged by scripts (section 5). I believe that it would be useful to look at this as an option for authenticated queries, as well as updates, on the REST API.

Kind regards

Tim Bruijnzeels