re #1 GoDaddy has an Admin function that allows you to invite other GD clients (your staff*) to admin specific folders (domains) without exposing your (the firm's) creds. Everyone works on the businesses domains under their own ID - as per your invites. Works great for 3rd party website developers but I didn't see [wasn't looking] for an API to LDAP or other ACL from outside GD so ask - I don't know if that will scale enough for you.
*as in have those that are going to be doing work get their own GD accounts (don't need to buy anything) the rest of your list sounds pretty standard for registrars - so look at tierra.net too. On Sat, Oct 4, 2014 at 6:49 PM, Phil Pennock <[email protected]> wrote: > Folks, > > I know which registrars I like for personal use, there's a few which are > competent, but I'm having a hard time finding someone "not broken" for > corporate use by my employer. Suggestions welcome, but please see the > requirements. > > Requirements: > > 0. Registrar only; whether or not they do DNS, SSL certs, whatever is > irrelevant, as long as we can set DNS servers to point to our own > selection of NS hosts. > 1. No shared passwords; each user authorized to access the registrar > has their own account, with their own password. > 2. Strong desire that it also support 2FA, with admin overviews of who > does or does not have 2FA enabled; we'll reluctantly let this one > slide if we can find a provider who meets the other reqs. > 3. The user who signs in is not "the contact" in whois: role contacts > should be set for each publicly visible contact, _multiple_ people > able to make technical changes, etc. > 4. Whois privacy service available (for those TLDs which allow it). > 5. Ideally, billing-only accounts, who can manage corporate > credit-cards on file, etc, but not make tech changes (and tech > accounts which can't retrieve billing details); but this one, again, > we can let slide. > > The bare minimum threshold is points 1 and 3 -- basically, competent > account management for the idea that the person accessing the service is > not "the customer" but "someone working at the customer". This is not a > high bar. Even in the SSL CA business, the DNS business and the CDN > business, it's not hard to find companies who can manage these points. > When the SSL CA business can pass the bar, I know it's not a high bar. > > Price is not a primary driver. > > Gandi is decent for personal use, but their way to implement 1 is to > fail on 3, because they've associated public NIC handle too closely with > user accounts. We do not want SPOFs in staff, not even for me ;) > because I could be hit by a bus sliding down a Pittsburgh hill in the > snow and become a pancake. Given that a modern Internet company has > their domain as a critical corporate asset, it's unacceptable to only > have a "shared known password" as the only protection on the domain. > > Please, who is there out there for companies, to have half-way competent > domain registration and access controls? > > Thanks, > -Phil > > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
