Leo Vegoda wrote:
Denis,
On 15 Jun 2007, at 12:44pm, Denis Walker wrote:
[...]
So before we go too far down the road on issues of authentication, authorisation, permissions and contracts, maybe we need to answer these basic questions:
* what personal data do we need * who needs access to it and by what means * what do we need it for
Surely this last question should be considered before the other two. Depending on the answer to it the other two many not apply at all. For instance, if the main purpose is to provide contact information to third parties who many need it for network troubleshooting purposes, role information may be sufficient and personal data is not needed at all. That would eliminate the need for the first question.
This is why I think we should focus attention first of all on these questions. But I don't think this is a simple as it looks. Maybe the original wording of policies said we need contact information for troubleshooting. The world has moved on a lot since then. Now accountability is also important. Governments and LEAs want to know "who" is responsible for Internet resources. A faceless role object will not be good enough. cheers Denis RIPE NCC
Regards,
--Leo Vegoda IANA Numbers Liaison