25 Extensible Provisioning Protocol (EPP)

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.MTRMTR Corporation Limitedhkirc.hkView

The purpose of the .MTR gTLD is for branding and exclusive internal use. Since there will not be large number of domain transactions and there will probably be no more than one registrar, there will not be a need for a dedicated EPP system. But in order to satisfy the Specification 6 of the New gTLD Agreement Specification, EPP system can be provided by HKIRC existing Infrastructure and EPP system.

We plan to have 2 EPP servers geographically located in two different sites for failover support.

The EPP server architecture is shown on the attachment A: Q25-A_EPP architecture


Registrar can interact with our registry system through EPP XML interface. In our EPP XML schema, it is indicated that the requirement of RFC3735 and 5730-5734 can be met regarding to the following:-

A. Support URI extension

e.g
〈?xml version=“1.0” encoding=“UTF-8”?〉
〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0”
xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance”
xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0
epp-1.0.xsdʺ〉
〈command〉
〈login〉
〈clID〉ClientX〈⁄clID〉
〈pw〉foo-BAR2〈⁄pw〉
〈newPW〉bar-FOO2〈⁄newPW〉
〈options〉
〈version〉1.0〈⁄version〉
〈lang〉en〈⁄lang〉
〈⁄options〉
〈svcs〉
〈objURI〉urn:ietf:params:xml:ns:domain-1.0〈⁄objURI〉
〈objURI〉urn:ietf:params:xml:ns:contact-1.0〈⁄objURI〉
〈objURI〉urn:ietf:params:xml:ns:host-1.0〈⁄objURI〉
〈svcExtension〉
〈extURI〉urn:ietf:params:xml:ns:ext-1.0〈⁄extURI〉
〈⁄svcExtension〉
〈⁄svcs〉
〈⁄login〉
〈clTRID〉ABC-12345〈⁄clTRID〉
〈⁄command〉
〈⁄epp〉




Support command-response, protocol-level, object-level of extension with XML format

e.g. Domain name transfer function

〈?xml version=“1.0” encoding=“UTF-8”?〉
〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0”
xmlns:xsi=http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0
epp-1.0.xsdʺ〉
〈command〉
〈transfer op=ʺqueryʺ〉
〈domain:transfer xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ
xsi:schemaLocation=ʺurn:ietf:params:xml:ns:domain-1.0
domain-1.0.xsdʺ〉
〈domain:name〉example.com.hk〈⁄domain:name〉
〈domain:authInfo〉
〈domain:pw〉ibvWUOsa 〈domain:pw⁄〉
〈⁄domain:authInfo〉
〈⁄domain:transfer〉
〈⁄transfer〉
〈extension〉
〈ext:extension xmlns:ext=ʺurn:ietf:params:xml:ns:ext-1.0ʺ xsi:schemaLocation=ʺurn:ietf:params:xml:ns:ext-1.0 ext-1.0.xsdʺ〉
〈BundleDomainName〉xn--pssw10apj2b.xn--55qx5d.xn--j6w193g 〈BundleDomainName⁄〉
〈⁄ext:extension〉
〈⁄extension〉
〈clTRID〉ABC-12345〈⁄clTRID〉
〈⁄command〉
〈⁄epp〉


Authentication and security consideration

e.g. Login and Change EPP Password

〈?xml version=“1.0” encoding=“UTF-8”?〉
〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0”
xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance”
xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0
epp-1.0.xsdʺ〉
〈command〉
〈login〉
〈clID〉ClientX〈⁄clID〉
〈pw〉foo-BAR2〈⁄pw〉
〈newPW〉bar-FOO2〈⁄newPW〉
〈options〉
〈version〉1.0〈⁄version〉
〈lang〉en〈⁄lang〉
〈⁄options〉
〈svcs〉
〈objURI〉urn:ietf:params:xml:ns:domain-1.0〈⁄objURI〉
〈objURI〉urn:ietf:params:xml:ns:contact-1.0〈⁄objURI〉
〈objURI〉urn:ietf:params:xml:ns:host-1.0〈⁄objURI〉
〈svcExtension〉
〈extURI〉urn:ietf:params:xml:ns:ext-1.0〈⁄extURI〉
〈⁄svcExtension〉
〈⁄svcs〉
〈⁄login〉
〈clTRID〉ABC-12345〈⁄clTRID〉
〈⁄command〉
〈⁄epp〉



Internalization consideration
e.g. Greeting function

〈?xml version=“1.0” encoding=“UTF-8”?〉
〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0”
xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance”
xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd”〉
〈hello⁄〉
〈⁄epp〉

Domain name and host name mapping

〈?xml version=“1.0” encoding=“UTF-8”?〉
〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0” xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance” xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsdʺ〉
〈response〉
〈result code=ʺ1000ʺ〉
〈msg〉Command completed successfully〈⁄msg〉
〈⁄result〉
〈resData〉
〈domain:infData
Xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ xsi:schemaLocation=ʺurn:ietf:params:xml:ns:domain-1.0 domain-1.0.xsdʺ〉
〈domain:name〉example.com.hk〈⁄domain:name〉
〈domain:roid〉EXAMPLE1-EP〈⁄domain:roid〉
〈domain:status s=ʺokʺ⁄〉
〈domain:registrant〉HK80130T〈⁄domain:registrant〉
〈domain:contact type=ʺadminʺ〉HK80131T〈⁄domain:contact〉
〈domain:contact type=ʺtechʺ〉HK80132T〈⁄domain:contact〉
〈domain:contact type=ʺbillingʺ〉HK80133T〈⁄domain:contact〉
〈domain:ns〉
〈domain:hostObj〉ns1.example.com.hk〈⁄domain:hostObj〉
〈domain:hostObj〉ns1.example.net〈⁄domain:hostObj〉
〈⁄domain:ns〉
〈domain:host〉ns1.example.com.hk〈⁄domain:host〉
〈domain:host〉ns2.example.com.hk〈⁄domain:host〉
〈domain:clID〉ClientX〈⁄domain:clID〉
〈domain:crID〉ClientY〈⁄domain:crID〉
〈domain:crDate〉1999-04-03T22:00:00.0Z〈⁄domain:crDate〉
〈domain:upID〉ClientX〈⁄domain:upID〉
〈domain:upDate〉1999-12-03T09:00:00.0Z〈⁄domain:upDate〉
〈domain:exDate〉2005-04-03T22:00:00.0Z〈⁄domain:exDate〉
〈domain:trDate〉2000-04-08T09:00:00.0Z〈⁄domain:trDate〉
〈domain:authInfo〉
〈domain:pw〉[Undisclosed Information]〈⁄domain:pw〉
〈⁄domain:authInfo〉
〈⁄domain:infData〉
〈⁄resData〉

Contact mapping

〈response〉
〈result code=ʺ1000ʺ〉
〈msg〉Command completed successfully〈⁄msg〉
〈⁄result〉
〈resData〉
〈contact:infData xmlns:contact=“urn:ietf:params:xml:ns:contact-1.0”
xsi:schemaLocation=“urn:ietf:params:xml:ns:contact-1.0 contact-1.0.xsdʺ〉
〈contact:id〉HK80130T〈⁄contact:id〉
〈contact:roid〉HK80130T〈⁄contact:roid〉
〈contact:status s=ʺokʺ⁄〉
〈contact:postalInfo type=ʺintʺ〉
〈contact:name〉John〈⁄contact:name〉
〈contact:org〉Example Inc.〈⁄contact:org〉
〈contact:addr〉
〈contact:street〉123 Example Dr.〈⁄contact:street〉
〈contact:street〉Suite 100〈⁄contact:street〉
〈contact:city⁄〉
〈contact:sp⁄〉
〈contact:pc〉20166-6503〈⁄contact:pc〉
〈contact:cc〉US〈⁄contact:cc〉
〈⁄contact:addr〉
〈⁄contact:postalInfo〉
〈contact:voice x=ʺ1234ʺ〉+1.7035555555〈⁄contact:voice〉
〈contact:fax〉+1.7035555556〈⁄contact:fax〉
〈contact:email〉jdoe@example.com.hk〈⁄contact:email〉
〈contact:clID〉ClientY〈⁄contact:clID〉
〈contact:crID〉ClientX〈⁄contact:crID〉
〈contact:crDate〉1999-04-03T22:00:00.0Z〈⁄contact:crDate〉
〈contact:upID〉ClientX〈⁄contact:upID〉
〈contact:upDate〉1999-12-03T09:00:00.0Z〈⁄contact:upDate〉
〈contact:trDate〉2000-04-08T09:00:00.0Z〈⁄contact:trDate〉
〈⁄contact:infData〉
〈⁄resData〉




HKIRC’s EPP has been in production for quite some time. The below documents are provided as attachments. They are being used for HKIRC’s registrars to setup their EPP and pass the registrar accreditation test.

For information on testing the HKIRC EPP, please refer to attachment
(Q25-B_20111101_DNRS2 Registrar Operations Test Evaluation Guideline.doc)

For the programming guide for registrar’s implementation, please refer to attachment (Q25-D_20120213 HK-SDK-Prog-Guide.doc)

EPP template and schema
Please refer to attachment (Q25-C_20120203 EPP XML v1.0.6.doc)

Resourcing plans (number and description of personnel roles allocated to this area).

HKIRC will provide resources for the initial implementation of the systems, as well as the long term operation of the systems. These resource are already available as part of the Technical Team who is operating the .hk and .香港 domain.

In order to support .MTR from the point of view of initial implementation and continuous technical operation, we propose the following teams:

Initial implementation:

IT Project Manager x 1, responsible for project planning and co-ordination.
System Engineer x 2, responsible for initial project setup, system implementation and carrying out System Acceptance Test
Database Administrator x 1, initial project setup and system implementation and carrying out System Acceptance Test
Analyst Programmer x 1, will be responsible for initial system development and implementation.

Technical Operation Team:

IT Manager x 1
IT Project Manager x 1
System Engineer x 1
Database Administrator x 1

The Technical Operation Team will carry out day to day operation of the .MTR domain with typical duty including:

One IT Manager
- Who will be responsible for the overall operation of the Technical Department
- Direct the team to implement the policy, security review, audit and management processes and cycles.
- Report the status of the IT operation to the senior management

IT Project Manager:

- Lead a team of IT Specialists to manage systems and networks services
- Provide lead in technical as well as management for System & Network Team
- Ensure the team is properly skilled for the work on hand and future, through training and other mean
- Ensure the System & Network Team are properly staff for the work on hand and future
- Establish policies, guidelines and procedures for system management, system administration and operations, as well as system security.
- Regular review and update of policies, guidelines and procedures for system management, system administration and operations, as well as system security
- Ensure all users and team member are award of the above policies, guidelines and procedures for system management, system administration and operations, as well as system security.
- Ensure all member of team perform all operation according to the above policies, guidelines and procedures
- Undertake IT process review and re-engineering, service and system quality assurance, information security evaluation and risk assessment within the organization in-house and with vendors.
- Manage system⁄security projects including vendor⁄product evaluation and implementation
- Perform system and security configuration checking and documentation on various systems.
- Perform system and application vulnerability scanning and compliance testing
- Foster information security awareness within the organization
- Perform day-to-day security operations

System Engineer⁄Database Administrator:

- Perform daily system monitoring and operation tasks, assist system administration, planning and technology evolution
- Service⁄Server Performance Monitoring
- Carry out regular maintenance on system to ensure proper and efficient operation. These may include;
SSL Certificate Renewal
Regular data backup
Patch review and up-keep for all database
Database Security implementation based on the companyʹs Security Guidelines & Policy
- Carry out daily system health checks including;
Network traffic monitoring
DNS health checks
System loading check
Email health check, Public Blacklist check
Anti-virus update checks
Database System loading check
Backup system health check
Service Alert check
- Roster duty for non-office hour technical support
- Undertake system and network infrastructure enhancements in-house and with outsourced vendors
- Conduct system implementation, system testing and user acceptance testing
- Set up and conduct proof-of-concept testing and evaluation on test-beds for assessing new technology, technical standards and products
- Maintain documentation and develop reports for system implementation and infrastructure changes

All our staff has also qualified with varies certifications. These included:

- ITIL v3 Foundation
- Certified Information Systems Security Professional (CISSP)
- Certify Ethical Hacker (CEH)
- VMware Certify Professional (VCP)
- Sun Certified System Administrator (SCSA)
- Sun Certified Network Administrator (SCNA)
- Oracle Certify Professional (OCP)
- Cisco Certify Network Associate (CCNA)
- Cisco Certify Network Professional (CCNP)
- Checkpoint Certified Security Expert (CCSE)

HKIRC will utilise existing staffing so to leverage the in house expertise in the field of Internet and Domain Name registration. The current IT Operation team consists of experience project manager (more 20 years in the IT field and more than 15 years in the UNIX and Networking) and engineers (with at least 5 to 7 years in IT field, of which at least 5 or more years in UNIX, networking and database field).

HKIRC is currently providing a 24x7, all year round support and monitoring service for the .hk and . 香港 domain SRS system, either through the own staff or through external party (NOC). The systems and services are monitoring through an industry standard Infrastructure Monitoring system (Nagios and Cacti for performance monitoring), as well as custom monitoring system for specify function, e.g. VIP DIG check, GENZONE and Zone transfer alert etc. All the staff are on roster duty to provide 24x7 technical support hotline service.

The EPP specific servers program will be setup and maintained by the analyst programmer.

The daily operation of the EPP servers will be managed by the system engineer.

Attachments
Q25-A_EPP architecture.pdf

Q25-B_20111101_DNRS2 Registrar Operations Test Evaluation Guideline.pdf

Q25-C_20120203 EPP XML v1.0.6.pdf

Q25-D_20120213 HK-SDK-Prog-Guide.pdf


Similar gTLD applications: (0)

gTLDFull Legal NameE-mail suffixzDetail