A Designated ENUM DNS Zone Provisioning Architecture
-
Upload
brandon-dennis -
Category
Documents
-
view
15 -
download
0
description
Transcript of A Designated ENUM DNS Zone Provisioning Architecture
DNS
DNS
DNS
A Designated ENUM DNS Zone Provisioning Architecture
Tier2 Provider
Tier1a Registry
Tier1a Registrars
Subscriber
Tier1a Registries
Authenticators
DNS
SMS
DNS
SMS
N1.1.e164.foo
N2.1.e164.foo
Digital Certificate OptionKey Server
SMS
SMS
Most frequently the local telephone service provider
Authenticates End User’s right to use specific Subscriber Number(s) assigned within the national numbering plans of geographical area
getdata query
These interfaces are either an undefined commercial relationship or non-existent if the Authenticator is also the Tier2 Provider
These interfaces are either an undefined commercial relationship or non-existent if the Tier2 Provider is also a Tier1a Registrar
Presumably similar to today’s EPP protocol for
Registry-Registrar interworking
2
Tier1a registrars are required to
effect some kind of contractual agreement
between the Registrar and the
Registry for which write permissions
are granted
1
1
2
6
3
3
3
LDAP
2
Service User
DNS
1
3
4
1
4
2
5
5
42
1
62
PublicIt is unclear where this function belongs and how it is supported by other providers
1
Well-defined API
DNS
U.S. Dept of State ITAC-T Advisory Committee, SG-A AdHoc Meeting on ENUM, Washington DC, 28 Mar 2001
VeriSign-Telcordia
. [root]foo.
e164.foo.
[1.e164.foo.]
Could be omitted, placing instead the Tier1a Registry name servers directly in the e164.foo zone file
Designated ENUM DNS Zone Provisioning Transaction Interfaces and Notes
1 Normal BIND resolution via root, foo, e164.foo, and 1.e164.foo nameservers
2 Normal BIND resolution down to fully qualified ENUM name
3 Normal BIND resolution to ENUM nameserver supporting NAPTR records
4 Service user obtains ENUM URIs. Further service queries using the URI may be necessary but are not covered here.
1 Subscriber uses some form of Web or phone API to: 1) establish the service, or 2) maintain the service
2 Tier2 Provider uses an undefined protocol to Request Tier1a Registrar instantiate ENUM fully qualified ENUM name and NAPTR nameserver inclusion
3 Tier1a Registrar uses EPP to create an ENUM zone file with nameservers, similar to COM domain transactions today
1 Public LDAP query
SMS Transaction Interfaces
Directory Transaction Interfaces
ENUM DNS Transaction Interfaces
1 Subscriber obtains ENUM Digital Certificate authenticating right to use number using specified Tier2 provider
2 Certificate authority updates key server; and when telephone or Tier2 provider service is terminated, revokes the certificate
3 Subscriber (optionally) provides ENUM digital certificate with SMS transaction 1
4 Tier2 provider verifies ENUM digital certificate
5 Tier2 provider (optionally) provides ENUM digital certificate to Tier1a provider with SMS transaction 2
6 Tier1a provider verifies ENUM digital certificate
1 Tier2 provider (optionally) makes query to verify subscriber’s right to use number
2 Tier1a Registrar (optionally) makes query to verify subscriber’s right to use number
Authentication Transaction Interfaces
PKI Authentication Transaction Interfaces
= coordinated provisioning
= autonomous