A Designated ENUM DNS Zone Provisioning Architecture

1
A Designated ENUM DNS Zone Provisioning
Architecture
U.S. Dept of State ITAC-T Advisory Committee,
SG-A AdHoc Meeting on ENUM, Washington DC, 28 Mar
2001
Could be omitted, placing instead the Tier1a
Registry name servers directly in the e164.foo
zone file
Most frequently the local telephone service
provider
Authenticators
Authenticates End Users right to use specific
Subscriber Number(s) assigned within the national
numbering plans of geographical area
DNS
Digital Certificate Option
. root
DNS
foo.
Key Server
DNS
e164.foo.
DNS
1.e164.foo.
2
getdata query
1
4
2
These interfaces are either an undefined
commercial relationship or non-existent if the
Authenticator is also the Tier2 Provider
1
Tier1a Registry
2
6
1
N1.1.e164.foo
DNS
Tier1a Registrars
3
Well-defined API
Tier2 Provider
SMS
SMS
2
3
6
Subscriber
2
5
DNS
4
Tier1a Registries
N2.1.e164.foo
3
SMS
1
DNS
4
1
2
5
3
SMS
Service User
These interfaces are either an undefined
commercial relationship or non-existent if the
Tier2 Provider is also a Tier1a Registrar
LDAP
Tier1a registrars are required to effect some
kind of contractual agreement between the
Registrar and the Registry for which write
permissions are granted
It is unclear where this function belongs and how
it is supported by other providers
Public
Presumably similar to todays EPP protocol for
Registry-Registrar interworking
1
VeriSign-Telcordia
2
Designated ENUM DNS Zone Provisioning Transaction
Interfaces and Notes
ENUM DNS Transaction Interfaces
1 Normal BIND resolution via root, foo, e164.foo, and 1.e164.foo nameservers
2 Normal BIND resolution down to fully qualified ENUM name
3 Normal BIND resolution to ENUM nameserver supporting NAPTR records
4 Service user obtains ENUM URIs. Further service queries using the URI may be necessary but are not covered here.
PKI Authentication Transaction Interfaces
1 Subscriber obtains ENUM Digital Certificate authenticating right to use number using specified Tier2 provider
2 Certificate authority updates key server and when telephone or Tier2 provider service is terminated, revokes the certificate
3 Subscriber (optionally) provides ENUM digital certificate with SMS transaction 1
4 Tier2 provider verifies ENUM digital certificate
5 Tier2 provider (optionally) provides ENUM digital certificate to Tier1a provider with SMS transaction 2
6 Tier1a provider verifies ENUM digital certificate
SMS Transaction Interfaces
1 Subscriber uses some form of Web or phone API to 1) establish the service, or 2) maintain the service
2 Tier2 Provider uses an undefined protocol to Request Tier1a Registrar instantiate ENUM fully qualified ENUM name and NAPTR nameserver inclusion
3 Tier1a Registrar uses EPP to create an ENUM zone file with nameservers, similar to COM domain transactions today
Authentication Transaction Interfaces
1 Tier2 provider (optionally) makes query to verify subscribers right to use number
2 Tier1a Registrar (optionally) makes query to verify subscribers right to use number
Directory Transaction Interfaces
coordinated provisioning
1 Public LDAP query
autonomous