GDPR - Registrant: Enable user to update contact data of their domain contacts #849
Comments
vohmar
changed the title
|
"GDPR - Registrant" in the title means UI in registrant portal? |
|
Does EPP API remain unaffected? |
|
Yes Registrant means portal for regsitrant, GDPR there to make it look more important - refering to the policy this functionality was called after. EPP API will remain unaffected for time being as the portal should use REPP API to provide this. |
|
@vohmar A call to I suggest:
See also https://github.com/internetee/registry/blob/master/doc/repp/v1/contact.md#response |
@vohmar Could you elaborate? How is it connected to a domain? I probably misunderstood the point. Please describe the workflow from Registrant Portal user's perspective. |
|
As I see it, it should look like this (correct me if I am wrong) As a Registrant Portal user, who has Estonian ID-card I:
As I understand, currently there is no reuse, so there will be multiple contacts associated with my ID code, so this complicates a process a bit. Perhaps it's worth to eliminate duplicate contacts? |
Why it's needed to notify registrars? Is it safe to rely on a draft version? Perhaps we could implement same feature in REST API? |
|
Returned fields are open for discussion we have a choice to follow EPP response or expand by looking at what would be beneficial. Minimum set (with ident data):
extra:
legacy_id can be dropped Workflow for update contact information
Notifying registrar is necessary because the object it self still is owned by the registrar so they might be interested if their client updates their contact data. We do not have better alternative to use than the draft version of the change poll rfc - so we will accept the risk that the solution may change before becoming a standard. |
|
According to this view http://prntscr.com/jtvnpl (https://projects.invisionapp.com/share/T7HB9WYZSYV#/screens/287337990 not sure if this link points to the correct view; see previous one to be 100% sure we're on the same page) there is a separate page for managing contacts, but you mentioned "domain details" view instead. Does it mean it should be possible to edit contacts from both places? Please review this question again: #849 (comment) The main point of that question: is it really needed to enable managing all those contacts http://prntscr.com/jtvp0y, given they all will probably contain same data (I login with ID-card, so I will only see contacts connected to my ID code, it means they all will share same address, same email etc)?Correct me if I am wrong. |
|
In general, I would start with a blank state (instead of EPP) and add additional fields as needed. Say it is not clear, why do we need these fields:
|
I would like to see the workflow of editing contact details. I guess the one you mentioned is not directly connected to the latter? |
we cannot do this if we would like the registrars to be able to use this api as well.
Updated the workflow in the comment: #849 (comment) |
I don't see a point of such confirmation dialog. 99% of users will click "OK" without even reading it. |
These columns have nothing to do with PaperTrail. How an end user could benefit from them?
Can you clarify this? |
This field contains user, not registrar. Did you mean the former? Why is it needed? These are connected to PaperTrail. If we use them, it will be more difficult and time consuming to extract it later. |
It is important to let user know that they will reveal their personal data on multiple domains if that is true. That is their decision to read the notice or not.
Registrars have a right to know that their domain data has been edited, when and by whom
If registrant changes its contacts using portal for registrants we will put registrant down as the updator - the id of the registrar. So registrant Jaan updates their contact details regarding the domain jaan.ee using the portal for registrants. after the update domain and contact details will show 2018.06.21 10:21 as the last update time and "Registrant" as the updator. But If you are saying that it is api user that is revealed there then that is not ideal and you can hide that until we have a replacement for Papertrail. |
These contacts need to be updated separate, we cannot unify them. A very typical case:
|
@vohmar I guess the same applies to fax? |
As discussed, those will be returned regardless of respective settings. |
|
if i update my contacts from registrant portal, i will get error: |
|
I am sorry, I forgot to mention that registry/config/application-example.yml Line 100 in 029bd10 #850 is to eliminate such issues (@vohmar FYI). It's worth mentioning that currently HTTPS in that URL is not supported. I guess it's needed to implement it still. For this we probably need new config entries to specify key paths for Registrant API, since In the meanwhile, you could test it using plain HTTP. |
|
this error: |
|
Most probably. It does not work with HTTPS yet anyway. |
Yes cert_path and key_path are used in registrar application to access epp. |
|
Done. registry/config/application-example.yml Line 101 in 9ff1523 |
|
i understand the need for certificates if some other application will access (remotely) registrnat portal api, but why this contact update fails if its IN registrant portal? and how can certificates improve that? |
|
I am not sure whether the error above is just because of previously unsupported HTTPS, but in general, Registrant Portal uses Registrant API exactly in the same way as any other client. It is in fact a client. It is designed to be used remotely. Let me know if the error persists even after latest commit, I will investigate further. |
|
I hope we will soon extract Registrant Portal from |
|
@artur-beljajev problem remains. Please contact @ratM1n to discuss and explain the current solution. The necessity of separate certificates is still unclear. |
|
attempts to edit contact data still fail
|
|
now receiving timeout on update attempt |
|
@ratM1n What |
|
@artur-beljajev |
|
documentation not updated: https://github.com/internetee/registry/tree/master/doc/epp |
|
See #849 (comment) What exactly should be updated? |
|
doc updated |
The goal is to enable users to update their own domain contact data without the need to turn to registrar - each person owns their personal data and should have control over it.
To update the data in the registry db the contact update functionality should be implemented in rest-epp api.
Identically to epp contact update request the user can update only contact data - name, email. phone nr and if postall address processing is enabled postal address as well. User cannot change ident data (ident code, ident type and ident country code)
User can update only their own contact data if a domain has different admin and/or tech contact the user has to turn to registrar to update these details.
To notify registrar about change in domain/contact data we should implement change poll on the epp api (rfc draft: https://tools.ietf.org/html/draft-ietf-regext-change-poll-08).
https://github.com/james-f-gould/EPP-Change-Poll
The text was updated successfully, but these errors were encountered: