{"id":129,"date":"2019-03-31T04:09:45","date_gmt":"2019-03-31T04:09:45","guid":{"rendered":"https:\/\/privacystandards.ca\/?page_id=129"},"modified":"2019-03-31T21:19:09","modified_gmt":"2019-03-31T21:19:09","slug":"references-from-the-technical-study-group-report-of-march-6-2019","status":"publish","type":"page","link":"https:\/\/privacystandards.ca\/?page_id=129","title":{"rendered":"Resources for ICANN&#8217;s approach to GDPR compliance"},"content":{"rendered":"\n<p>These resources offer valuable input to developing relevant standards in any potential ICANN access model. They are derived from the <a href=\"https:\/\/www.icann.org\/en\/system\/files\/files\/draft-technical-model-access-non-public-registration-data-06mar19-en.pdf\">Technical Study Group Report of March 6, 2019<\/a><\/p>\n\n\n\n<p>WHOIS Protocol Specification <br><a href=\"https:\/\/datatracker.ietf.org\/doc\/rfc3912\/\">https:\/\/datatracker.ietf.org\/doc\/rfc3912\/<\/a><\/p>\n\n\n\n<p>HTTP Usage\nin the Registration Data Access Protocol (RDAP) <a href=\"https:\/\/datatracker.ietf.org\/doc\/rfc7480\/\">https:\/\/datatracker.ietf.org\/doc\/rfc7480\/<\/a> <\/p>\n\n\n\n<p>Security\nServices for the Registration Data Access Protocol (RDAP) <a href=\"https:\/\/datatracker.ietf.org\/doc\/rfc7481\/\">https:\/\/datatracker.ietf.org\/doc\/rfc7481\/<\/a> <\/p>\n\n\n\n<p>Registration\nData Access Protocol (RDAP) Query Format <a href=\"https:\/\/datatracker.ietf.org\/doc\/rfc7482\/\">https:\/\/datatracker.ietf.org\/doc\/rfc7482\/<\/a> <\/p>\n\n\n\n<p>JSON\nResponses for the Registration Data Access Protocol (RDAP) <a href=\"https:\/\/datatracker.ietf.org\/doc\/rfc7483\/\">https:\/\/datatracker.ietf.org\/doc\/rfc7483\/<\/a> <\/p>\n\n\n\n<p>Finding the\nAuthoritative Registration Data (RDAP) Service <a href=\"https:\/\/datatracker.ietf.org\/doc\/rfc7484\/\">https:\/\/datatracker.ietf.org\/doc\/rfc7484\/<\/a> <\/p>\n\n\n\n<p>Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) <br><a href=\"https:\/\/tools.ietf.org\/html\/rfc7525\">https:\/\/tools.ietf.org\/html\/rfc7525<\/a><\/p>\n\n\n\n<p>OpenID Connect <br><a href=\"https:\/\/openid.net\/connect\/\">https:\/\/openid.net\/connect\/<\/a><\/p>\n\n\n\n<p>OAuth 2.0<br><a href=\"https:\/\/oauth.net\/2\/\">https:\/\/oauth.net\/2\/<\/a><\/p>\n\n\n\n<p>Federated Authentication for the Registration Data Access Protocol (RDAP) using OpenID Connect <br><a href=\"https:\/\/datatracker.ietf.org\/doc\/draft-ietf-regext-rdap-openid\/\">https:\/\/datatracker.ietf.org\/doc\/draft-ietf-regext-rdap-openid\/<\/a><\/p>\n\n\n\n<p>OAuth 2.0 Mutual TLS Client Authentication and Certificate-Bound Access Tokens<br><a href=\"https:\/\/datatracker.ietf.org\/doc\/draft-ietf-oauth-mtls\/\">https:\/\/datatracker.ietf.org\/doc\/draft-ietf-oauth-mtls\/<\/a><\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Appendix 1. Frameworks and Guidelines for Secure Deployment of RDAP<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">Information Security <\/h2>\n\n\n\n<p>ISO\/IEC 27001:2013 Information technology &#8212; Security techniques &#8212; Information security management systems &#8212; Requirements <br><a href=\"https:\/\/www.iso.org\/standard\/54534.html?browse=tc\">https:\/\/www.iso.org\/standard\/54534.html?browse=tc<\/a><\/p>\n\n\n\n<p>ISO\/IEC 27002:2013 Information technology &#8212; Security techniques &#8212; Code of practice for information security controls <br><a href=\"https:\/\/www.iso.org\/standard\/54533.html?browse=tc\">https:\/\/www.iso.org\/standard\/54533.html?browse=tc<\/a><\/p>\n\n\n\n<p>SP 800-171 Rev. 1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations <br><a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-171\/rev-1\/final\">https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-171\/rev-1\/final<\/a><\/p>\n\n\n\n<p>SP 800-53\nRev. 4 Security and Privacy Controls for Federal Information Systems and\nOrganizations <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-53\/rev-4\/final\">https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-53\/rev-4\/final<\/a> <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Risk Management <\/h2>\n\n\n\n<p>ISO\n31000:2018 Risk management &#8212; Guidelines <a href=\"https:\/\/www.iso.org\/standard\/65694.html\">https:\/\/www.iso.org\/standard\/65694.html<\/a> <\/p>\n\n\n\n<p>SP 800-30\nRev. 1 Guide for Conducting Risk Assessments <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-30\/rev-1\/final\">https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-30\/rev-1\/final<\/a> <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Business continuity <\/h2>\n\n\n\n<p>ISO 22301:2012 Societal security &#8212; Business continuity management systems &#8212; Requirements <br><a href=\"https:\/\/www.iso.org\/standard\/50038.html\">https:\/\/www.iso.org\/standard\/50038.html<\/a><\/p>\n\n\n\n<p>SP 800-34\nRev. 1 Contingency Planning Guide for Federal Information Systems <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-34\/rev-1\/final\">https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-34\/rev-1\/final<\/a> <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Incident Response <\/h2>\n\n\n\n<p>ISO\/IEC\n27035-1:2016 Information\ntechnology &#8212; Security techniques &#8212; Information security incident management &#8211;\n&#8211; Part 1: Principles of incident management <a href=\"https:\/\/www.iso.org\/standard\/60803.html\">https:\/\/www.iso.org\/standard\/60803.html<\/a> <\/p>\n\n\n\n<p>ISO\/IEC 27035-2:2016 Information technology &#8212; Security techniques &#8212; Information security incident management &#8211; &#8211; Part 2: Guidelines to plan and prepare for incident response <br><a href=\"https:\/\/www.iso.org\/standard\/62071.html\">https:\/\/www.iso.org\/standard\/62071.html<\/a><\/p>\n\n\n\n<p>ISO\/IEC CD\n27035-3 Information technology &#8212; Security techniques &#8212; Information security\nincident management &#8212; Part 3: Guidelines for incident response operations <a href=\"https:\/\/www.iso.org\/standard\/74033.html\">https:\/\/www.iso.org\/standard\/74033.html<\/a> <\/p>\n\n\n\n<p>SP 800-61\nRev. 2 Computer Security Incident Handling Guide <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-61\/rev-2\/final\">https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-61\/rev-2\/final<\/a> <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Credential Management <\/h2>\n\n\n\n<p>21 SP\n800-63-3 Digital Identity Guidelines <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-63\/3\/final\">https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-63\/3\/final<\/a> <\/p>\n\n\n\n<p>SP 800-63A\nDigital Identity Guidelines: Enrollment and Identity Proofing <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-63a\/final\">https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-63a\/final<\/a> <\/p>\n\n\n\n<p>SP 800-63B\nDigital Identity Guidelines: Authentication and Lifecycle Management <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-63b\/final\">https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-63b\/final<\/a> <\/p>\n\n\n\n<p>SP 800-63C\nDigital Identity Guidelines: Federation and Assertions <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-63c\/final\">https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-63c\/final<\/a> <\/p>\n\n\n\n<p>SAC 074 |\nSSAC Advisory on Registrant Protection: Best Practices for Preserving Security\nand Stability in the Credential Management Lifecycle <a href=\"https:\/\/www.icann.org\/resources\/files\/1194801-2015-11-03-en\">https:\/\/www.icann.org\/resources\/files\/1194801-2015-11-03-en<\/a> <\/p>\n\n\n\n<p>ISO 21188:2018 Public key infrastructure for financial services &#8212; Practices and policy framework <br><a href=\"https:\/\/www.iso.org\/standard\/63134.html\">https:\/\/www.iso.org\/standard\/63134.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>These resources offer valuable input to developing relevant standards in any potential ICANN access model. They are derived from the Technical Study Group Report of March 6, 2019 WHOIS Protocol Specification https:\/\/datatracker.ietf.org\/doc\/rfc3912\/ HTTP Usage in the Registration Data Access Protocol (RDAP) https:\/\/datatracker.ietf.org\/doc\/rfc7480\/ Security Services for the Registration Data Access Protocol (RDAP) https:\/\/datatracker.ietf.org\/doc\/rfc7481\/ Registration Data Access [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"full-width-page-template.php","meta":{"footnotes":""},"class_list":["post-129","page","type-page","status-publish","hentry","missing-thumbnail"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Resources for ICANN&#039;s approach to GDPR compliance - Privacy Standards<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/privacystandards.ca\/?page_id=129\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Resources for ICANN&#039;s approach to GDPR compliance - Privacy Standards\" \/>\n<meta property=\"og:description\" content=\"These resources offer valuable input to developing relevant standards in any potential ICANN access model. They are derived from the Technical Study Group Report of March 6, 2019 WHOIS Protocol Specification https:\/\/datatracker.ietf.org\/doc\/rfc3912\/ HTTP Usage in the Registration Data Access Protocol (RDAP) https:\/\/datatracker.ietf.org\/doc\/rfc7480\/ Security Services for the Registration Data Access Protocol (RDAP) https:\/\/datatracker.ietf.org\/doc\/rfc7481\/ Registration Data Access [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/privacystandards.ca\/?page_id=129\" \/>\n<meta property=\"og:site_name\" content=\"Privacy Standards\" \/>\n<meta property=\"article:modified_time\" content=\"2019-03-31T21:19:09+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/privacystandards.ca\\\/?page_id=129\",\"url\":\"https:\\\/\\\/privacystandards.ca\\\/?page_id=129\",\"name\":\"Resources for ICANN's approach to GDPR compliance - Privacy Standards\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/privacystandards.ca\\\/#website\"},\"datePublished\":\"2019-03-31T04:09:45+00:00\",\"dateModified\":\"2019-03-31T21:19:09+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/privacystandards.ca\\\/?page_id=129#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/privacystandards.ca\\\/?page_id=129\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/privacystandards.ca\\\/?page_id=129#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/privacystandards.ca\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Resources for ICANN&#8217;s approach to GDPR compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/privacystandards.ca\\\/#website\",\"url\":\"https:\\\/\\\/privacystandards.ca\\\/\",\"name\":\"Privacy Standards\",\"description\":\"Standards Development for Third Party Access to Subscriber and Registration Data\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/privacystandards.ca\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Resources for ICANN's approach to GDPR compliance - Privacy Standards","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/privacystandards.ca\/?page_id=129","og_locale":"en_US","og_type":"article","og_title":"Resources for ICANN's approach to GDPR compliance - Privacy Standards","og_description":"These resources offer valuable input to developing relevant standards in any potential ICANN access model. They are derived from the Technical Study Group Report of March 6, 2019 WHOIS Protocol Specification https:\/\/datatracker.ietf.org\/doc\/rfc3912\/ HTTP Usage in the Registration Data Access Protocol (RDAP) https:\/\/datatracker.ietf.org\/doc\/rfc7480\/ Security Services for the Registration Data Access Protocol (RDAP) https:\/\/datatracker.ietf.org\/doc\/rfc7481\/ Registration Data Access [&hellip;]","og_url":"https:\/\/privacystandards.ca\/?page_id=129","og_site_name":"Privacy Standards","article_modified_time":"2019-03-31T21:19:09+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/privacystandards.ca\/?page_id=129","url":"https:\/\/privacystandards.ca\/?page_id=129","name":"Resources for ICANN's approach to GDPR compliance - Privacy Standards","isPartOf":{"@id":"https:\/\/privacystandards.ca\/#website"},"datePublished":"2019-03-31T04:09:45+00:00","dateModified":"2019-03-31T21:19:09+00:00","breadcrumb":{"@id":"https:\/\/privacystandards.ca\/?page_id=129#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/privacystandards.ca\/?page_id=129"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/privacystandards.ca\/?page_id=129#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/privacystandards.ca\/"},{"@type":"ListItem","position":2,"name":"Resources for ICANN&#8217;s approach to GDPR compliance"}]},{"@type":"WebSite","@id":"https:\/\/privacystandards.ca\/#website","url":"https:\/\/privacystandards.ca\/","name":"Privacy Standards","description":"Standards Development for Third Party Access to Subscriber and Registration Data","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/privacystandards.ca\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/privacystandards.ca\/index.php?rest_route=\/wp\/v2\/pages\/129","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/privacystandards.ca\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/privacystandards.ca\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/privacystandards.ca\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/privacystandards.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=129"}],"version-history":[{"count":4,"href":"https:\/\/privacystandards.ca\/index.php?rest_route=\/wp\/v2\/pages\/129\/revisions"}],"predecessor-version":[{"id":203,"href":"https:\/\/privacystandards.ca\/index.php?rest_route=\/wp\/v2\/pages\/129\/revisions\/203"}],"wp:attachment":[{"href":"https:\/\/privacystandards.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=129"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}