I have to agree with some of what Kris is saying here. There should be a way for the registrar (including an OpenSRS reseller) to modify/update the entire record in the CIRA system without having to have authentication directly from the admin contact of the domain.
Saying that we should make ourselves the admin contact when we register the domain, thereby letting the client know that we're doing what we're doing is absurb. It's the admin contact that the legal agreement is with, and they're the 'owners' of the domain. If anyone has a problem with the way a domain is being used, it's the admin contact that will be legally responsible. If the client is trusting us with their credit card info, and whatever else, it doesn't seem unreasonable that they'd trust us with their domain management either. I don't like the way the CIRA works for several reasons, one of which is that it creates database inconsistencies that it's trying to prevent. Sure the CIRA database may contain a higher percentage of correct information, but now that information will be different from ours. Example: I have a user interface that all of my clients use to update their domains. Anytime someone wants to update their contact information for example, they log into my interface, select their domain, and update the contact information. I use the opensrs u/p and send the correct xml requests to update the opensrs db, when I get a positive ack, I update my db. If something fails, I don't update my db and I inform the client. Now with CIRA, I'll get a positive ack that opensrs changed the info, so I'll update my db. Now CIRA sends an email to the admin contact asking for confirmation of the change. For whatever reason, client stupidity, spam filter, or just plain luck, the admin doesn't approve the change. CIRA doesn't change the info in it's db and now our two db's reflect different information. There appears to be no way for me to know that the change wasn't approved. Dave On Wed, 30 Jan 2002, Kris Benson wrote: > Paul Andersen wrote: > > > > Does this mean that OpenSRS who will only send the OpenSRS username and > > password to the admin contact for dot-com is stupid too? > > > > Just a question. > > No, because that is information that we put in. We maintain the U:P combo > for our customers, providing it to them when they ask. <snipped a lot>
