Back

25 Extensible Provisioning Protocol (EPP)

gTLDFull Legal NameE-mail suffixDetail
.gdnJoint Stock Company ʺNavigation-information systemsʺnis-glonass.ruView
Extensible Provisioning Protocol (EPP): provide a detailed description of the interface with registrars, including how the applicant will comply with Extensible Provisioning Protocol in the relevant RFCs, including but not limited to: RFCs 3735, and 5730-5734. Provide the EPP templates and schemas that will be used. Include resourcing plans (number and description of personnel roles allocated to this area).

Qinetics deploys real time Interface between registry and registrar based on EPP implementation. EPP implements a thick model registry where WHOIS information is stored in registry main database as contact set. Every registration requires a set of contacts to be submitted to registry system. The EPP commands and responses are compliance to RFC 5730 to RFC 5734. The EPP supports all Login Commands (login, logout), Query Commands (check, info, poll, transfer) and Object Transform Commands (create, delete, renew, transfer, update). The supported commands in the system are:

Greeting, Hello, Login, Logout, Poll, Domain Check, Domain Info, Domain Create, Domain Update, Domain Delete, Domain Renew, Domain Transfer, Contact Check, Contact Info, Contact Create, Contact Update, Contact Delete, Contact Transfer, Host Check, Host Info, Host Create, Host Update, Host Delete

The full set of commands and responses syntax are in a 30 pages document which can be furnished on demand.

The system utilizes EPP statuses stated in the RFC as follows:
Domain Action Statuses:
- clientDeleteProhibited: Requests to delete the object must be rejected.
- serverDeleteProhibited: Requests to delete the object must be rejected.
- clientHold: Delegation information must be withheld from publication in the objectʹs nominal zone.
- serverHold: Delegation information must be withheld from publication in the objectʹs nominal zone.
- clientRenewProhibited: Requests to renew the object must be rejected.
- serverRenewProhibited: Requests to renew the object must be rejected.
- clientTransferProhibited: Requests to transfer the object must be rejected.
- serverTransferProhibited: Requests to transfer the object must be rejected.
- clientUpdateProhibited: Requests to update the object (other than to remove this status) must be rejected.
- serverUpdateProhibited: Requests to update the object (other than to remove this status) must be rejected.

Domain State Statuses:
- ok: This is the nominal status value for a domain object at all times, whether or not the domain has prohibition of operation statuses.
- Expired: This is the domain status when the domain fall into auto renew grace period
- RedemptionPeriod: The domain has fall out of renewal grace period into redemption grace period
- pendingRestore: A restore request has been received for the object, and completion of the request is pending.
- pendingDelete: A delete request has been received for the object, but the object has not yet been purged from the server database.
- pendingTransfer: A transfer request has been received for the object, and completion of the request is pending.

When the requested action has been completed, the pendingDelete, pendingTransfer, or pendingRestore status value are removed. All clients involved in the transaction will be notified using a service message (Poll Command) that the action has been completed and that the status of the object has changed.

Below are conditions where domain statuses cannot co exist:
- ʺokʺ status cannot be combined with any other status.
- ʺpendingDeleteʺ status is cannot be combined with either ʺclientDeleteProhibitedʺ or ʺserverDeleteProhibitedʺ status.
- ʺpendingTransferʺ status is cannot be combined with either ʺclientTransferProhibitedʺ or ʺserverTransferProhibitedʺ status.

The pendingDelete, pendingTransfer, and pendingRestore status values cannot be combined with each other.

All Client statuses can be performed by registry or registrar, all server statuses can only be performed by registry.

Domain Transfer State Statuses:
Pending - The domain transfer request is initiated
clientApproved - Domain Transfer is approved by losing registrar
clientCancelled - Gaining registrar cancel domain transfer request
clientRejected - Losing registrar rejected the domain trainsfer request
serverApproved - Domain Transfer is approved by system after transfer grace
serverCancelled - Domain transfer is cancelled by registry system

Registrar will be required to download the EPP SDK (bundled with documentation) to establish connection to EPP Server. Procedure of TCP connection:
a. Post SSL request
b. SSL Handshaking
c. SSL session established
d. Send Greeting command
e. Greeting acknowledgment
f. Send login information
g. Authentication process
h. TCP over SSL connection established
i. Send command for operation such as Domain check command
j. Send Poll command to keep connection alive
k. Session will be closed automatically after 20 minutes if Poll command is not issued
l. Send logout command
m. Session closed

XML parser will be used against request and response to ensure integrity of the data and detect corruption of data. Once data is found to be loss or corrupted, EPP command fail response will be sent to the requestor.

SSL
The EPP handshake requires exchange of certificates between the client and the server. Qinetics implementation accepts any certificates issued by authorized Certificate Authority (CA). The authorized CA list supported: Verisign, Thawte, GeoTrust, EnTrust, Comodo, GlobalTrust, DigiCert, USERTrust, CyberTrust, Microsoft

Qinetics provides a self signed certificate as optional to the registrar for better security. Registrars can file in a request through email for Qinetics generated certificate.

Once SSL handshake is established, registrar shall send in a Login command with username and password to access the EPP services. The EPP services implements IP address check before responding to the client. 2 Tier IP check are implemented in firewall and the EPP services respectively to provide double protection.

Operation and Test Environment (OTE)
As part of the standard procedure, registrar will be given access to the OTE environment only. Registrar will have to download the OTE guideline and program according to the documentation.

Registrar will then send a request to start OTE test at a predefined time slot. Once the registrar pass the test, the production username and password will be sent to the registrar technical contact.

Registration Tools
• EPP 1.0 client SDK and documentation; and
• Tools are downloadable from registrar interface.

EPP Extensions Schemas
The EPP shall not implement and extension except for DNSSEC according to RFC 5910 and IDN according to RFC 3735. The extensions are applied to the following commands only:
• Domain Info
• Domain Create
• Domain Update

The table detailing the XML for the EPP commands and responses are as follows:

Domain Info
- Request
〈?xml version=“1.0” encoding=“UTF-8”?〉 〈epp xmlns=ʺurn:ietf:params:xml:ns:epp-1.0ʺ xmlns:xsi=ʺhttp:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance xsi:schemaLocation=ʺurn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsdʺ〉 〈command〉 〈info〉 〈domain:info xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ xsi:schemaLocation=ʺurn:ietf:params:xml:ns:domain-1.0 domain-1.0.xsdʺ〉 〈domain:name hosts=ʺallʺ〉example.com〈⁄domain:name〉 〈⁄domain:info〉 〈⁄info〉 〈clTRID〉ABC-12345〈⁄clTRID〉 〈⁄command〉 〈⁄epp〉

- Response
〈?xml version=“1.0” encoding=“UTF-8”?〉 〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0” xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance” xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsdʺ〉 〈response〉 〈result code=ʺ1000ʺ〉 〈msg〉Command completed successfully〈⁄msg〉 〈⁄result〉 〈resData〉 〈domain:infData Xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ xsi:schemaLocation=ʺurn:ietf:params:xml:ns:domain-1.0 domain-1.0.xsdʺ〉 〈domain:name〉example.com〈⁄domain:name〉 〈domain:roid〉EXAMPLE1-EP〈⁄domain:roid〉 〈domain:status s=ʺokʺ⁄〉 〈domain:registrant〉jd1234〈⁄domain:registrant〉 〈domain:contact type=ʺadminʺ〉sh8013〈⁄domain:contact〉 〈domain:contact type=ʺtechʺ〉sh8013〈⁄domain:contact〉 〈domain:ns〉 〈domain:hostObj〉ns1.example.com〈⁄domain:hostObj〉 〈domain:hostObj〉ns1.example.net〈⁄domain:hostObj〉 〈⁄domain:ns〉 〈domain:host〉ns1.example.com〈⁄domain:host〉 〈domain:host〉ns2.example.com〈⁄domain:host〉 〈domain:clID〉ClientX〈⁄domain:clID〉 〈domain:crID〉ClientY〈⁄domain:crID〉 〈domain:crDate〉1999-04-03T22:00:00.0Z〈⁄domain:crDate〉 〈domain:upID〉ClientX〈⁄domain:upID〉 〈domain:upDate〉1999-12-03T09:00:00.0Z〈⁄domain:upDate〉 〈domain:exDate〉2005-04-03T22:00:00.0Z〈⁄domain:exDate〉 〈domain:trDate〉2000-04-08T09:00:00.0Z〈⁄domain:trDate〉 〈domain:authInfo〉 〈domain:pw〉2fooBAR〈⁄domain:pw〉 〈⁄domain:authInfo〉 〈⁄domain:infData〉 〈⁄resData〉 〈extension〉 〈secDNS:infData xmlns:secDNS=ʺurn:ietf:params:xml:ns:secDNS-1.1ʺ〉 〈secDNS:dsData〉 〈secDNS:keyTag〉12345〈⁄secDNS:keyTag〉 〈secDNS:alg〉3〈⁄secDNS:alg〉 〈secDNS:digestType〉1〈⁄secDNS:digestType〉 〈secDNS:digest〉49FD46E6C4B45C55D4AC〈⁄secDNS:digest〉 (Below are optional) 〈secDNS:keyData〉 〈secDNS:flags〉257〈⁄secDNS:flags〉 〈secDNS:protocol〉3〈⁄secDNS:protocol〉 〈secDNS:alg〉1〈⁄secDNS:alg〉 〈secDNS:pubKey〉AQPJ⁄⁄⁄⁄4Q==〈⁄secDNS:pubKey〉 〈⁄secDNS:keyData〉 〈⁄secDNS:dsData〉 〈⁄secDNS:infData〉 〈⁄extension〉 〈trID〉 〈clTRID〉ABC-12345〈⁄clTRID〉 〈svTRID〉54322-XYZ〈⁄svTRID〉 〈⁄trID〉 〈⁄response〉 〈⁄epp〉

Domain Create (IDN)
- Request
〈?xml version=“1.0” encoding=“UTF-8”?〉 〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0” xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance” xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsdʺ〉 〈command〉 〈create〉 〈domain:create xmlns:domain=“urn:ietf:params:xml:ns:domain-1.0” xsi:schemaLocation=“urn:ietf:params:xml:ns:domain-1.0 domain-1.0.xsdʺ〉 〈domain:name〉xn--asjeiu3h34jhew.com〈⁄domain:name〉 〈domain:period unit=ʺyʺ〉2〈⁄domain:period〉 〈domain:ns〉 〈domain:hostObj〉ns1.example.com〈⁄domain:hostObj〉 〈domain:hostObj〉ns1.example.net〈⁄domain:hostObj〉 〈⁄domain:ns〉 〈domain:registrant〉jd1234〈⁄domain:registrant〉 〈domain:contact type=ʺadminʺ〉sh8013〈⁄domain:contact〉 〈domain:contact type=ʺtechʺ〉sh8013〈⁄domain:contact〉 〈domain:authInfo〉 〈domain:pw〉2fooBAR〈⁄domain:pw〉 〈⁄domain:authInfo〉 〈⁄domain:create〉 〈⁄create〉 〈extension〉 〈ext:extension xmlns:ext=ʺurn:ietf:params:xml:ns:ext-1.0ʺ xsi:schemaLocation=ʺurn:ietf:params:xml:ns:ext-1.0 ext-1.0.xsdʺ〉 〈langtag〉CHI〈⁄langtag〉 〈⁄ext:extension〉 〈⁄extension〉 〈clTRID〉ABC-12345〈⁄clTRID〉 〈⁄command〉 〈⁄epp〉

- Response
〈?xml version=“1.0” encoding=“UTF-8”?〉 〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0” xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance” xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsdʺ〉 〈response〉 〈result code=ʺ1000ʺ〉 〈msg〉Command completed successfully〈⁄msg〉 〈⁄result〉 〈resData〉 〈domain:creData xmlns:domain=“urn:ietf:params:xml:ns:domain-1.0” xsi:schemaLocation=“urn:ietf:params:xml:ns:domain-1.0 domain-1.0.xsdʺ〉 〈domain:name〉 xn--asjeiu3h34jhew.com 〈⁄domain:name〉 〈domain:crDate〉1999-04-03T22:00:00.0Z〈⁄domain:crDate〉 〈domain:exDate〉2001-04-03T22:00:00.0Z〈⁄domain:exDate〉 〈⁄domain:creData〉 〈⁄resData〉 〈trID〉 〈clTRID〉ABC-12345〈⁄clTRID〉 〈svTRID〉54321-XYZ〈⁄svTRID〉 〈⁄trID〉 〈⁄response〉 〈⁄epp〉

Domain Create (DNSSEC)
-Request
〈?xml version=“1.0” encoding=“UTF-8”?〉 〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0” xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance” xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsdʺ〉 〈command〉 〈create〉 〈domain:create xmlns:domain=“urn:ietf:params:xml:ns:domain-1.0” xsi:schemaLocation=“urn:ietf:params:xml:ns:domain-1.0 domain-1.0.xsdʺ〉 〈domain:name〉example.com〈⁄domain:name〉 〈domain:period unit=ʺyʺ〉2〈⁄domain:period〉 〈domain:ns〉 〈domain:hostObj〉ns1.example.com〈⁄domain:hostObj〉 〈domain:hostObj〉ns1.example.net〈⁄domain:hostObj〉 〈⁄domain:ns〉 〈domain:registrant〉jd1234〈⁄domain:registrant〉 〈domain:contact type=ʺadminʺ〉sh8013〈⁄domain:contact〉 〈domain:contact type=ʺtechʺ〉sh8013〈⁄domain:contact〉 〈domain:authInfo〉 〈domain:pw〉2fooBAR〈⁄domain:pw〉 〈⁄domain:authInfo〉 〈⁄domain:create〉 〈⁄create〉 〈extension〉 〈secDNS:create xmlns:secDNS=ʺurn:ietf:params:xml:ns:secDNS-1.1ʺ〉 〈secDNS:maxSigLife〉604800〈⁄secDNS:maxSigLife〉 〈secDNS:dsData〉 〈secDNS:keyTag〉12345〈⁄secDNS:keyTag〉 〈secDNS:alg〉3〈⁄secDNS:alg〉 〈secDNS:digestType〉1〈⁄secDNS:digestType〉 〈secDNS:digest〉49FD46E6C4B45C55D4AC〈⁄secDNS:digest〉 (below are optional) 〈secDNS:keyData〉 〈secDNS:flags〉257〈⁄secDNS:flags〉 〈secDNS:protocol〉3〈⁄secDNS:protocol〉 〈secDNS:alg〉1〈⁄secDNS:alg〉 〈secDNS:pubKey〉AQPJ⁄⁄⁄⁄4Q==〈⁄secDNS:pubKey〉 〈⁄secDNS:keyData〉 〈⁄secDNS:dsData〉 〈⁄secDNS:create〉 〈⁄extension〉 〈clTRID〉ABC-12345〈⁄clTRID〉 〈⁄command〉 〈⁄epp〉

- Response
〈?xml version=“1.0” encoding=“UTF-8”?〉 〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0” xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance” xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsdʺ〉 〈response〉 〈result code=ʺ1000ʺ〉 〈msg〉Command completed successfully〈⁄msg〉 〈⁄result〉 〈resData〉 〈domain:creData xmlns:domain=“urn:ietf:params:xml:ns:domain-1.0” xsi:schemaLocation=“urn:ietf:params:xml:ns:domain-1.0 domain-1.0.xsdʺ〉 〈domain:name〉example.com〈⁄domain:name〉 〈domain:crDate〉1999-04-03T22:00:00.0Z〈⁄domain:crDate〉 〈domain:exDate〉2001-04-03T22:00:00.0Z〈⁄domain:exDate〉 〈⁄domain:creData〉 〈⁄resData〉 〈trID〉 〈clTRID〉ABC-12345〈⁄clTRID〉 〈svTRID〉54321-XYZ〈⁄svTRID〉 〈⁄trID〉 〈⁄response〉 〈⁄epp〉

Domain Update
-Request
〈?xml version=“1.0” encoding=“UTF-8”?〉 〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0” xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance” xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsdʺ〉 〈command〉 〈update〉 〈domain:update xmlns:domain=“urn:ietf:params:xml:ns:domain-1.0” xsi:schemaLocation=“urn:ietf:params:xml:ns:domain-1.0 domain-1.0.xsdʺ〉 〈domain:name〉example.com〈⁄domain:name〉 〈domain:add〉 〈domain:ns〉 〈domain:hostObj〉ns2.example.com〈⁄domain:hostObj〉 〈⁄domain:ns〉 〈domain:contact type=ʺtechʺ〉mak21〈⁄domain:contact〉 〈domain:status s=ʺclientHoldʺ lang=ʺenʺ〉Payment overdue.〈⁄domain:status〉 〈⁄domain:add〉 〈domain:rem〉 〈domain:ns〉 〈domain:hostObj〉ns1.example.com〈⁄domain:hostObj〉 〈⁄domain:ns〉 〈domain:contact type=ʺtechʺ〉sh8013〈⁄domain:contact〉 〈domain:status s=ʺclientUpdateProhibitedʺ⁄〉 〈⁄domain:rem〉 〈domain:chg〉 〈domain:registrant〉sh8013〈⁄domain:registrant〉 〈domain:authInfo〉 〈domain:pw〉2BARfoo〈⁄domain:pw〉 〈⁄domain:authInfo〉 〈⁄domain:chg〉 〈domain:add〉 〈domain:status s=ʺclientHoldʺ⁄〉 〈⁄domain:add〉 〈⁄domain:update〉 〈⁄update〉 〈extension〉 〈secDNS:update xmlns:secDNS=ʺurn:ietf:params:xml:ns:secDNS-1.1ʺ〉 〈secDNS:rem〉 〈secDNS:dsData〉 〈secDNS:keyTag〉12345〈⁄secDNS:keyTag〉 〈secDNS:alg〉3〈⁄secDNS:alg〉 〈secDNS:digestType〉1〈⁄secDNS:digestType〉 〈secDNS:digest〉38EC35D5B3A34B33C99B〈⁄secDNS:digest〉 〈⁄secDNS:dsData〉 〈⁄secDNS:rem〉 〈secDNS:add〉 〈secDNS:dsData〉 〈secDNS:keyTag〉12346〈⁄secDNS:keyTag〉 〈secDNS:alg〉3〈⁄secDNS:alg〉 〈secDNS:digestType〉1〈⁄secDNS:digestType〉 〈secDNS:digest〉38EC35D5B3A34B44C39B〈⁄secDNS:digest〉 (below are optional) 〈secDNS:keyData〉 〈secDNS:flags〉257〈⁄secDNS:flags〉 〈secDNS:protocol〉3〈⁄secDNS:protocol〉 〈secDNS:alg〉1〈⁄secDNS:alg〉 〈secDNS:pubKey〉AQPJ⁄⁄⁄⁄4Q==〈⁄secDNS:pubKey〉 〈⁄secDNS:keyData〉 〈⁄secDNS:dsData〉 〈⁄secDNS:add〉 〈⁄secDNS:update〉 〈⁄extension〉 〈clTRID〉ABC-12345〈⁄clTRID〉 〈⁄command〉 〈⁄epp〉

-Response

〈?xml version=“1.0” encoding=“UTF-8”?〉 〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0” xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance” xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsdʺ〉 〈response〉 〈result code=ʺ1000ʺ〉 〈msg〉Command completed successfully〈⁄msg〉 〈⁄result〉 〈trID〉 〈clTRID〉ABC-12345〈⁄clTRID〉 〈svTRID〉54321-XYZ〈⁄svTRID〉 〈⁄trID〉 〈⁄response〉 〈⁄epp〉

Resource and Operation Plan
Qinetics will deploy the Registry Service of The registry using its existing system and infrastructure. During the implementation of The registry, new server hardware will be provisioned for EPP services. Our Data Center Engineer will perform the server provisioning and installation of OS. Once the hardware is provisioned, System Administrator shall continue to install the required software and perform security configurations. The assigned Software Developer will configure the rules and policies into the EPP system. Once done, our Test Engineer will perform rigorous testing procedures to ensure the system performs according to specifications. Upon the testing is fully completed, the EPP system shall be hand-over to System Administrator to perform deployment to production environment. Throughout the process, a Project Manager is assigned to perform project management and overall control on the implementation. The Project Manager will conduct training to the registry users on the functionalities of the system. The EPP setup shall be completed within a month.

The system will be in maintenance mode after the System is deployed. The EPP will be supported by general helpdesk support for enquiries. Any support issue related to EPP will be escalated to the Application Support Engineer for trouble shooting. System Administrator is tasked to monitor the EPP availability. Whenever there is a support ticket, Application Support Engineer and System Administrator will further escalate the support request base on severity. The emergency response team will be triggered whenever there is a catastrophe scenario at the highest severity.

Once a remedy is identified, Test Engineer will perform testing on the fixes before deployment by System Administrator. During maintenance, the out sourcing party has committed 4 resources for the 24 x 7 helpdesk, 4 data center engineers, 2 application support engineers, 1 support manager, 1 test engineer and 2 system administrators. As part of on going policy changes, a team of software developer is available for any standards upgrade to the EPP and the changes will trigger the change request procedure in accordance to CMMI standards.

EPP Server Capacity Plan
System performance depends heavily on the application server capability and the processes required for completing a transaction. As the transaction load increases, the system performance can be increased by tuning the application server, upgrade the hardware of the server or increase the number of servers and utilizing load balancers. A test has been carried out using the below hardware for the capacity planning:

- 1 x Dual Core CPU 1.6GHz
- 2G RAM

The test results recorded with a database of 180,000 names and 100 concurrent EPP connections for each commands (in parallel 1500 commands posting) in our test environment are as follows:

EPP Queries
- Average 1.5 seconds response time for query transactions
- Average 4 seconds response time after 90% line

EPP transactions
- Average 1.5 seconds response time for transactional commands
- Average 5 seconds response time after 90% line

The results are shown in the screen shot below. According to the result, more than 90% of online transactions take less than 2 seconds in average to response and the remaining of 10% (more time-consuming) transactions can also be completed in 5 seconds as per expectation.

Based on the proposed 2 EPP server hardware which is 4 times more powerful than the test server, the system can handle up to 500 concurrent connections easily. The number of servers will be increased based on the growth of number of registrars or change in the maximum number of connections allocated.

Shall the number of registrars increase, new servers will be provisioned into shared pool. Each registrar will have equal access to the shared pool of connections. The shared pool will serve registrars on First Come First Serve basis.
gTLDFull Legal NameE-mail suffixDetail
.thaiBetter Living Management Company Limitedregistryasp.comView
Qinetics deploys real time Interface between registry and registrar based on EPP implementation. EPP implements a thick model registry where WHOIS information is stored in registry main database as contact set. Every registration requires a set of contacts to be submitted to registry system. The EPP commands and responses are compliance to RFC 5730 to RFC 5734. The EPP supports all Login Commands (login, logout), Query Commands (check, info, poll, transfer) and Object Transform Commands (create, delete, renew, transfer, update). The supported commands in the system are:

Greeting, Hello, Login, Logout, Poll, Domain Check, Domain Info, Domain Create, Domain Update, Domain Delete, Domain Renew, Domain Transfer, Contact Check, Contact Info, Contact Create, Contact Update, Contact Delete, Contact Transfer, Host Check, Host Info, Host Create, Host Update, Host Delete

The full set of commands and responses syntax are in a 30 pages document which can be furnished on demand.

The system utilizes EPP statuses stated in the RFC as follows:
Domain Action Statuses:
- clientDeleteProhibited: Requests to delete the object must be rejected.
- serverDeleteProhibited: Requests to delete the object must be rejected.
- clientHold: Delegation information must be withheld from publication in the objectʹs nominal zone.
- serverHold: Delegation information must be withheld from publication in the objectʹs nominal zone.
- clientRenewProhibited: Requests to renew the object must be rejected.
- serverRenewProhibited: Requests to renew the object must be rejected.
- clientTransferProhibited: Requests to transfer the object must be rejected.
- serverTransferProhibited: Requests to transfer the object must be rejected.
- clientUpdateProhibited: Requests to update the object (other than to remove this status) must be rejected.
- serverUpdateProhibited: Requests to update the object (other than to remove this status) must be rejected.

Domain State Statuses:
- ok: This is the nominal status value for a domain object at all times, whether or not the domain has prohibition of operation statuses.
- Expired: This is the domain status when the domain fall into auto renew grace period
- RedemptionPeriod: The domain has fall out of renewal grace period into redemption grace period
- pendingRestore: A restore request has been received for the object, and completion of the request is pending.
- pendingDelete: A delete request has been received for the object, but the object has not yet been purged from the server database.
- pendingTransfer: A transfer request has been received for the object, and completion of the request is pending.

When the requested action has been completed, the pendingDelete, pendingTransfer, or pendingRestore status value are removed. All clients involved in the transaction will be notified using a service message (Poll Command) that the action has been completed and that the status of the object has changed.

Below are conditions where domain statuses cannot co exist:
- ʺokʺ status cannot be combined with any other status.
- ʺpendingDeleteʺ status is cannot be combined with either ʺclientDeleteProhibitedʺ or ʺserverDeleteProhibitedʺ status.
- ʺpendingTransferʺ status is cannot be combined with either ʺclientTransferProhibitedʺ or ʺserverTransferProhibitedʺ status.

The pendingDelete, pendingTransfer, and pendingRestore status values cannot be combined with each other.

All Client statuses can be performed by the Registry or registrar, all server statuses can only be performed by the Registry.

Domain Transfer State Statuses:
Pending - The domain transfer request is initiated
clientApproved - Domain Transfer is approved by losing registrar
clientCancelled - Gaining registrar cancel domain transfer request
clientRejected - Losing registrar rejected the domain trainsfer request
serverApproved - Domain Transfer is approved by system after transfer grace
serverCancelled - Domain transfer is cancelled by registry system

Registrar will be required to download the EPP SDK (bundled with documentation) to establish connection to EPP Server. Procedure of TCP connection:
a. Post SSL request
b. SSL Handshaking
c. SSL session established
d. Send Greeting command
e. Greeting acknowledgment
f. Send login information
g. Authentication process
h. TCP over SSL connection established
i. Send command for operation such as Domain check command
j. Send Poll command to keep connection alive
k. Session will be closed automatically after 20 minutes if Poll command is not issued
l. Send logout command
m. Session closed

XML parser will be used against request and response to ensure integrity of the data and detect corruption of data. Once data is found to be loss or corrupted, EPP command fail response will be sent to the requestor.

SSL
The EPP handshake requires exchange of certificates between the client and the server. Qinetics implementation accepts any certificates issued by authorized Certificate Authority (CA). The authorized CA list supported: Verisign, Thawte, GeoTrust, EnTrust, Comodo, GlobalTrust, DigiCert, USERTrust, CyberTrust, Microsoft

Qinetics provides a self signed certificate as optional to the registrar for better security. Registrars can file in a request through email for Qinetics generated certificate.

Once SSL handshake is established, registrar shall send in a Login command with username and password to access the EPP services. The EPP services implements IP address check before responding to the client. 2 Tier IP check are implemented in firewall and the EPP services respectively to provide double protection.

Operation and Test Environment (OTE)
As part of the standard procedure, registrar will be given access to the OTE environment only. Registrar will have to download the OTE guideline and program according to the documentation.

Registrar will then send a request to start OTE test at a predefined time slot. Once the registrar pass the test, the production username and password will be sent to the registrar technical contact.

Registration Tools
• EPP 1.0 client SDK and documentation; and
• Tools are downloadable from registrar interface.

EPP Extensions Schemas
The EPP shall not implement and extension except for DNSSEC according to RFC 5910 and IDN according to RFC 3735. The extensions are applied to the following commands only:
• Domain Info
• Domain Create
• Domain Update

The table detailing the XML for the EPP commands and responses are as follows:

Domain Info
- Request
〈?xml version=“1.0” encoding=“UTF-8”?〉
〈epp xmlns=ʺurn:ietf:params:xml:ns:epp-1.0ʺ xmlns:xsi=ʺhttp:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance xsi:schemaLocation=ʺurn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsdʺ〉
〈command〉
〈info〉
〈domain:info xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ
xsi:schemaLocation=ʺurn:ietf:params:xml:ns:domain-1.0 domain-1.0.xsdʺ〉
〈domain:name hosts=ʺallʺ〉example.com〈⁄domain:name〉
〈⁄domain:info〉
〈⁄info〉
〈clTRID〉ABC-12345〈⁄clTRID〉
〈⁄command〉
〈⁄epp〉


- Response
〈?xml version=“1.0” encoding=“UTF-8”?〉
〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0” xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance” xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsdʺ〉
〈response〉
〈result code=ʺ1000ʺ〉
〈msg〉Command completed successfully〈⁄msg〉
〈⁄result〉
〈resData〉
〈domain:infData
Xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ xsi:schemaLocation=ʺurn:ietf:params:xml:ns:domain-1.0 domain-1.0.xsdʺ〉
〈domain:name〉example.com〈⁄domain:name〉
〈domain:roid〉EXAMPLE1-EP〈⁄domain:roid〉
〈domain:status s=ʺokʺ⁄〉
〈domain:registrant〉jd1234〈⁄domain:registrant〉
〈domain:contact type=ʺadminʺ〉sh8013〈⁄domain:contact〉
〈domain:contact type=ʺtechʺ〉sh8013〈⁄domain:contact〉
〈domain:ns〉
〈domain:hostObj〉ns1.example.com〈⁄domain:hostObj〉
〈domain:hostObj〉ns1.example.net〈⁄domain:hostObj〉
〈⁄domain:ns〉
〈domain:host〉ns1.example.com〈⁄domain:host〉
〈domain:host〉ns2.example.com〈⁄domain:host〉
〈domain:clID〉ClientX〈⁄domain:clID〉
〈domain:crID〉ClientY〈⁄domain:crID〉
〈domain:crDate〉1999-04-03T22:00:00.0Z〈⁄domain:crDate〉
〈domain:upID〉ClientX〈⁄domain:upID〉
〈domain:upDate〉1999-12-03T09:00:00.0Z〈⁄domain:upDate〉
〈domain:exDate〉2005-04-03T22:00:00.0Z〈⁄domain:exDate〉
〈domain:trDate〉2000-04-08T09:00:00.0Z〈⁄domain:trDate〉
〈domain:authInfo〉
〈domain:pw〉2fooBAR〈⁄domain:pw〉
〈⁄domain:authInfo〉
〈⁄domain:infData〉
〈⁄resData〉
〈extension〉
〈secDNS:infData xmlns:secDNS=ʺurn:ietf:params:xml:ns:secDNS-1.1ʺ〉
〈secDNS:dsData〉
〈secDNS:keyTag〉12345〈⁄secDNS:keyTag〉
〈secDNS:alg〉3〈⁄secDNS:alg〉
〈secDNS:digestType〉1〈⁄secDNS:digestType〉
〈secDNS:digest〉49FD46E6C4B45C55D4AC〈⁄secDNS:digest〉

(Below are optional)
〈secDNS:keyData〉
〈secDNS:flags〉257〈⁄secDNS:flags〉
〈secDNS:protocol〉3〈⁄secDNS:protocol〉
〈secDNS:alg〉1〈⁄secDNS:alg〉
〈secDNS:pubKey〉AQPJ⁄⁄⁄⁄4Q==〈⁄secDNS:pubKey〉
〈⁄secDNS:keyData〉
〈⁄secDNS:dsData〉
〈⁄secDNS:infData〉
〈⁄extension〉
〈trID〉
〈clTRID〉ABC-12345〈⁄clTRID〉
〈svTRID〉54322-XYZ〈⁄svTRID〉
〈⁄trID〉
〈⁄response〉
〈⁄epp〉


Domain Create (IDN)
- Request
〈?xml version=“1.0” encoding=“UTF-8”?〉
〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0” xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance” xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsdʺ〉
〈command〉
〈create〉
〈domain:create xmlns:domain=“urn:ietf:params:xml:ns:domain-1.0”
xsi:schemaLocation=“urn:ietf:params:xml:ns:domain-1.0
domain-1.0.xsdʺ〉
〈domain:name〉xn--asjeiu3h34jhew.com〈⁄domain:name〉
〈domain:period unit=ʺyʺ〉2〈⁄domain:period〉
〈domain:ns〉
〈domain:hostObj〉ns1.example.com〈⁄domain:hostObj〉
〈domain:hostObj〉ns1.example.net〈⁄domain:hostObj〉
〈⁄domain:ns〉
〈domain:registrant〉jd1234〈⁄domain:registrant〉
〈domain:contact type=ʺadminʺ〉sh8013〈⁄domain:contact〉
〈domain:contact type=ʺtechʺ〉sh8013〈⁄domain:contact〉
〈domain:authInfo〉
〈domain:pw〉2fooBAR〈⁄domain:pw〉
〈⁄domain:authInfo〉
〈⁄domain:create〉
〈⁄create〉
〈extension〉
〈ext:extension xmlns:ext=ʺurn:ietf:params:xml:ns:ext-1.0ʺ xsi:schemaLocation=ʺurn:ietf:params:xml:ns:ext-1.0 ext-1.0.xsdʺ〉
〈langtag〉CHI〈⁄langtag〉
〈⁄ext:extension〉
〈⁄extension〉
〈clTRID〉ABC-12345〈⁄clTRID〉
〈⁄command〉
〈⁄epp〉


- Response
〈?xml version=“1.0” encoding=“UTF-8”?〉
〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0” xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance” xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0
epp-1.0.xsdʺ〉
〈response〉
〈result code=ʺ1000ʺ〉
〈msg〉Command completed successfully〈⁄msg〉
〈⁄result〉
〈resData〉
〈domain:creData
xmlns:domain=“urn:ietf:params:xml:ns:domain-1.0”
xsi:schemaLocation=“urn:ietf:params:xml:ns:domain-1.0
domain-1.0.xsdʺ〉
〈domain:name〉 xn--asjeiu3h34jhew.com 〈⁄domain:name〉
〈domain:crDate〉1999-04-03T22:00:00.0Z〈⁄domain:crDate〉
〈domain:exDate〉2001-04-03T22:00:00.0Z〈⁄domain:exDate〉
〈⁄domain:creData〉
〈⁄resData〉
〈trID〉
〈clTRID〉ABC-12345〈⁄clTRID〉
〈svTRID〉54321-XYZ〈⁄svTRID〉
〈⁄trID〉
〈⁄response〉
〈⁄epp〉


Domain Create (DNSSEC)
-Request
〈?xml version=“1.0” encoding=“UTF-8”?〉
〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0” xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance” xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsdʺ〉
〈command〉
〈create〉
〈domain:create xmlns:domain=“urn:ietf:params:xml:ns:domain-1.0”
xsi:schemaLocation=“urn:ietf:params:xml:ns:domain-1.0
domain-1.0.xsdʺ〉
〈domain:name〉example.com〈⁄domain:name〉
〈domain:period unit=ʺyʺ〉2〈⁄domain:period〉
〈domain:ns〉
〈domain:hostObj〉ns1.example.com〈⁄domain:hostObj〉
〈domain:hostObj〉ns1.example.net〈⁄domain:hostObj〉
〈⁄domain:ns〉
〈domain:registrant〉jd1234〈⁄domain:registrant〉
〈domain:contact type=ʺadminʺ〉sh8013〈⁄domain:contact〉
〈domain:contact type=ʺtechʺ〉sh8013〈⁄domain:contact〉
〈domain:authInfo〉
〈domain:pw〉2fooBAR〈⁄domain:pw〉
〈⁄domain:authInfo〉
〈⁄domain:create〉
〈⁄create〉
〈extension〉
〈secDNS:create xmlns:secDNS=ʺurn:ietf:params:xml:ns:secDNS-1.1ʺ〉
〈secDNS:maxSigLife〉604800〈⁄secDNS:maxSigLife〉
〈secDNS:dsData〉
〈secDNS:keyTag〉12345〈⁄secDNS:keyTag〉
〈secDNS:alg〉3〈⁄secDNS:alg〉
〈secDNS:digestType〉1〈⁄secDNS:digestType〉
〈secDNS:digest〉49FD46E6C4B45C55D4AC〈⁄secDNS:digest〉

(below are optional)
〈secDNS:keyData〉
〈secDNS:flags〉257〈⁄secDNS:flags〉
〈secDNS:protocol〉3〈⁄secDNS:protocol〉
〈secDNS:alg〉1〈⁄secDNS:alg〉
〈secDNS:pubKey〉AQPJ⁄⁄⁄⁄4Q==〈⁄secDNS:pubKey〉
〈⁄secDNS:keyData〉
〈⁄secDNS:dsData〉
〈⁄secDNS:create〉
〈⁄extension〉
〈clTRID〉ABC-12345〈⁄clTRID〉
〈⁄command〉
〈⁄epp〉

- Response
〈?xml version=“1.0” encoding=“UTF-8”?〉
〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0” xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance” xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0
epp-1.0.xsdʺ〉
〈response〉
〈result code=ʺ1000ʺ〉
〈msg〉Command completed successfully〈⁄msg〉
〈⁄result〉
〈resData〉
〈domain:creData
xmlns:domain=“urn:ietf:params:xml:ns:domain-1.0”
xsi:schemaLocation=“urn:ietf:params:xml:ns:domain-1.0
domain-1.0.xsdʺ〉
〈domain:name〉example.com〈⁄domain:name〉
〈domain:crDate〉1999-04-03T22:00:00.0Z〈⁄domain:crDate〉
〈domain:exDate〉2001-04-03T22:00:00.0Z〈⁄domain:exDate〉
〈⁄domain:creData〉
〈⁄resData〉
〈trID〉
〈clTRID〉ABC-12345〈⁄clTRID〉
〈svTRID〉54321-XYZ〈⁄svTRID〉
〈⁄trID〉
〈⁄response〉
〈⁄epp〉


Domain Update
-Request
〈?xml version=“1.0” encoding=“UTF-8”?〉
〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0”
xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance”
xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0
epp-1.0.xsdʺ〉
〈command〉
〈update〉
〈domain:update
xmlns:domain=“urn:ietf:params:xml:ns:domain-1.0”
xsi:schemaLocation=“urn:ietf:params:xml:ns:domain-1.0
domain-1.0.xsdʺ〉
〈domain:name〉example.com〈⁄domain:name〉
〈domain:add〉
〈domain:ns〉
〈domain:hostObj〉ns2.example.com〈⁄domain:hostObj〉
〈⁄domain:ns〉
〈domain:contact type=ʺtechʺ〉mak21〈⁄domain:contact〉
〈domain:status s=ʺclientHoldʺ
lang=ʺenʺ〉Payment overdue.〈⁄domain:status〉
〈⁄domain:add〉
〈domain:rem〉
〈domain:ns〉
〈domain:hostObj〉ns1.example.com〈⁄domain:hostObj〉
〈⁄domain:ns〉
〈domain:contact type=ʺtechʺ〉sh8013〈⁄domain:contact〉
〈domain:status s=ʺclientUpdateProhibitedʺ⁄〉
〈⁄domain:rem〉
〈domain:chg〉
〈domain:registrant〉sh8013〈⁄domain:registrant〉
〈domain:authInfo〉
〈domain:pw〉2BARfoo〈⁄domain:pw〉
〈⁄domain:authInfo〉
〈⁄domain:chg〉
〈domain:add〉
〈domain:status s=ʺclientHoldʺ⁄〉
〈⁄domain:add〉
〈⁄domain:update〉
〈⁄update〉
〈extension〉
〈secDNS:update xmlns:secDNS=ʺurn:ietf:params:xml:ns:secDNS-1.1ʺ〉
〈secDNS:rem〉
〈secDNS:dsData〉
〈secDNS:keyTag〉12345〈⁄secDNS:keyTag〉
〈secDNS:alg〉3〈⁄secDNS:alg〉
〈secDNS:digestType〉1〈⁄secDNS:digestType〉
〈secDNS:digest〉38EC35D5B3A34B33C99B〈⁄secDNS:digest〉
〈⁄secDNS:dsData〉
〈⁄secDNS:rem〉
〈secDNS:add〉
〈secDNS:dsData〉
〈secDNS:keyTag〉12346〈⁄secDNS:keyTag〉
〈secDNS:alg〉3〈⁄secDNS:alg〉
〈secDNS:digestType〉1〈⁄secDNS:digestType〉
〈secDNS:digest〉38EC35D5B3A34B44C39B〈⁄secDNS:digest〉

(below are optional)
〈secDNS:keyData〉
〈secDNS:flags〉257〈⁄secDNS:flags〉
〈secDNS:protocol〉3〈⁄secDNS:protocol〉
〈secDNS:alg〉1〈⁄secDNS:alg〉
〈secDNS:pubKey〉AQPJ⁄⁄⁄⁄4Q==〈⁄secDNS:pubKey〉
〈⁄secDNS:keyData〉
〈⁄secDNS:dsData〉
〈⁄secDNS:add〉
〈⁄secDNS:update〉
〈⁄extension〉
〈clTRID〉ABC-12345〈⁄clTRID〉
〈⁄command〉
〈⁄epp〉


-Response

〈?xml version=“1.0” encoding=“UTF-8”?〉
〈epp xmlns=“urn:ietf:params:xml:ns:epp-1.0”
xmlns:xsi=“http:⁄⁄www.w3.org⁄2001⁄XMLSchema-instance”
xsi:schemaLocation=“urn:ietf:params:xml:ns:epp-1.0
epp-1.0.xsdʺ〉
〈response〉
〈result code=ʺ1000ʺ〉
〈msg〉Command completed successfully〈⁄msg〉
〈⁄result〉
〈trID〉
〈clTRID〉ABC-12345〈⁄clTRID〉
〈svTRID〉54321-XYZ〈⁄svTRID〉
〈⁄trID〉
〈⁄response〉
〈⁄epp〉


Resource and Operation Plan
Qinetics will deploy the registry service for the Registry using its existing system and infrastructure. During the implementation of the registry system, new server hardware will be provisioned for EPP services. The Data Center Engineer will perform the server provisioning and installation of OS. Once the hardware is provisioned, System Administrator shall continue to install the required software and perform security configurations. The assigned Software Developer will configure the rules and policies into the EPP system. Once done, the Test Engineer will perform rigorous testing procedures to ensure the system performs according to specifications. Upon the testing is fully completed, the EPP system shall be hand-over to System Administrator to perform deployment to production environment. Throughout the process, a Project Manager is assigned to perform project management and overall control on the implementation. The Project Manager will conduct training to the Registry users on the functionalities of the system. The EPP setup shall be completed within a month.

The system will be in maintenance mode after the System is deployed. The EPP will be supported by general helpdesk support for enquiries. Any support issue related to EPP will be escalated to the Application Support Engineer for trouble shooting. System Administrator is tasked to monitor the EPP availability. Whenever there is a support ticket, Application Support Engineer and System Administrator will further escalate the support request base on severity. The emergency response team will be triggered whenever there is a catastrophe scenario at the highest severity.

Once a remedy is identified, Test Engineer will perform testing on the fixes before deployment by System Administrator. During maintenance, the outsourced party has committed 4 resources for the 24 x 7 helpdesk, 4 data center engineers, 2 application support engineers, 1 support manager, 1 test engineer and 2 system administrators. As part of on going policy changes, a team of software developer is available for any common upgrade to the EPP and the changes will trigger the change request procedure in accordance to CMMI standards.

EPP Server Capacity Plan
System performance depends heavily on the application server capability and the processes required for completing a transaction. As the transaction load increases, the system performance can be increased by tuning the application server, upgrade the hardware of the server or increase the number of servers and utilizing load balancers. A test has been carried out using the below hardware for the capacity planning:

- 1 x Dual Core CPU 1.6GHz
- 2G RAM

The test results recorded with a database of 180,000 names and 100 concurrent EPP connections for each commands (in parallel 1500 commands posting) in our test environment are as follows:

EPP Queries
- Average 1.5 seconds response time for query transactions
- Average 4 seconds response time after 90% line

EPP transactions
- Average 1.5 seconds response time for transactional commands
- Average 5 seconds response time after 90% line

The results are shown in the screen shot below. According to the result, more than 90% of online transactions take less than 2 seconds in average to response and the remaining of 10% (more time-consuming) transactions can also be completed in 5 seconds as per expectation.

Based on the proposed 2 EPP server hardware which is 4 times more powerful than the test server, the system can handle up to 500 concurrent connections easily. The number of servers will be increased based on the growth of number of registrars or change in the maximum number of connections allocated.

Shall the number of registrars increase, new servers will be provisioned into shared pool. Each registrar will have equal access to the shared pool of connections. The shared pool will serve registrars on First Come First Serve basis.