Re: [Wg-rms] Stepping down from co-chair role

[Terry Manderson <terry@apnic.net>]

Hi Tim,

On 17/11/2006, at 2:23 PM, Tim Jones wrote:

> Many members currently use "home brewed" IP management systems which
> rely on email updates. Deprecating these would mean costly and time
> consuming rewrites of these systems, which to be quite frank, are
> probably very low on the list of priorities for most small/medium ISPs
> these days.

Do you have any feel for the numbers of your colleagues in the industry 
who actually have IP management systems that use email to update?

To date, I have (personally) heard of very few. Most people I speak 
with actually don't routinely update information(*). And if/when they 
do it is a effort en masse to update their details, assignments and so 
forth prior to applying for more address space.

(*) possibly adding to the issue of whois being inconsistent with 
reality for customer managed data.


> MyAPNIC is already there for those who are concerned about security. I

Additionally, do you think that security in not important when dealing 
with registry data?

Most security exponents would argue that securing one path, but leaving 
another unsecured is asking for a compromise of a system. .. or in this 
case, data.

> see no reason to spend money duplicating this functionality through
> other systems, whilst at the same time removing an existing system 
> which
> is heavily relied upon by the "little guys".

One of my concerns is that while APNIC represents registry data in 
whois, it is not the registry itself. At present the whois framework, 
as you know, certainly provides some functionality for members in 
recording information, it does not provide many of the management 
features that we see escalating in importance in the region and 
globally.

Such things are:
	* language support, whois is strictly ascii english.
	* 4 byte AS
	* DNSSEC
	* Resource Certification
	* Privacy of data
	* end to end security and encryption

Whois has been around a long time, and was the first registry framework 
at APNIC. Unfortunately over time and due to the need for tools and 
features, the ability to furnish those quickly and cheaply in other 
systems has meant that whois is lagging when set against more modern 
tools like MyAPNIC. I think the question could be arguably reframed as:

"Should APNIC spend the member's money duplicating functionality in 
whois that exists in other systems?"

I see that the Registries will always provide a whois service, but as a 
"view" mechanism. The role of whois and the role of a registry system 
are linked, but not the same. WHOIS is a "view", and the registry is a 
"data management" idea.

However that may be a away from the point, germane to the issue is that 
I think that APNIC should be promoting best practice and ease of use, 
with that in mind what other organisations use email for their 
customer' data management? (excluding our RIR sisters).

Is there good experience outside of the RIR frame that would could 
perhaps look to for data management scenarios?

Terry
--
Terry Manderson                         email:      terry@apnic.net
Network Operations Manager, APNIC       sip:    info@voip.apnic.net
http://www.apnic.net                    phone:      +61 7 3858 3100