| Internet-Draft | RPP Data Objects | March 2026 |
| Kowalik & Wullink | Expires 3 September 2026 | [Page] |
This document defines data objects for the RESTful Provisioning Protocol (RPP) and sets up IANA RPP Data Object Registry to describe and catalogue them. Specifically, it details the logical structure, constraints, and protocol operations (including their inputs, outputs and business logic) for foundational resources: domain names, contacts, and hosts. In accordance with the RPP architecture [I-D.kowalik-rpp-architecture], these definitions focus entirely on the semantics, remaining independent of any specific data representation or media type (e.g., JSON or XML).¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 3 September 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The RESTful Provisioning Protocol (RPP) defines a set of data objects used to represent and manage foundational registry resources, including domain names, contacts, and hosts. This initial list is not exhaustive; additional resource and component objects MAY be defined in future revisions or introduced via IANA registration to support new features and operational needs.¶
In accordance with the RPP architecture [I-D.kowalik-rpp-architecture], a core architectural principle is the clear distinction between the abstract data model and its concrete data representation. The data model defines the logical structure, relationships, and constraints of the objects, independent of formatting. The data representation defines how these abstract concepts are expressed in specific formats (e.g., JSON, XML, or YAML).¶
This document focuses on the data model of RPP objects and operations on them, including the data model of operation inputs, outputs as well as the necessary business logic of state transitions. This separation of concerns ensures the protocol maintains a stable semantic foundation that can be consistently implemented across different media types and easily adapted to new representation formats. For instance, the model defines a contact's name as a required string type, but it remains agnostic as to whether that string is ultimately encoded as a JSON property or an XML element.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The following terms related to the relationship between host objects and domain objects are used as defined in Section 1.1 of [RFC5732]:¶
The following terms are defined and used in this document¶
RPP data elements use strict typing, meaning that each element must conform exactly to its declared primitive data type, and type violations MUST be treated as errors by implementations. The exact specifications for these types, including allowed ranges, encoding, and formatting, are determined by the representation format used (e.g., JSON, XML, CBOR). New RPP non-primitive data types based on existing primitive data types MAY be defined to support additional features.¶
A String is a sequence of Unicode characters. Usages MAY impose additional constraints on string values, such as maximum length or allowed character sets, based on specific data element definitions. An example of a string is "host.example".¶
An Integer is a whole number, positive or negative. Usages MAY impose additional constraints on integer values, such as minimum and maximum allowable values, based on specific data element definitions. An example of an integer is 42.¶
A Boolean represents a logical true or false value. An example of a boolean is true or false, but it MAY be different depending on the native encoding of boolean values in the representation.¶
Decimal is a number providing an exact, base-10 representation of fractional values within a defined precision. Usage of this type MUST impose additional constraints on decimal values, such as precision or range, based on specific data element definitions. An example of a decimal is 3.14159.¶
A Date is a full-date calendar date as described in [RFC3339], an example of a date is 2025-10-27.¶
Timestamp (Date and time attribute) values MUST be represented in Universal Coordinated Time (UTC) using the Gregorian calendar using date-time form as defined in [RFC3339]. In EPP Compatibility Profile upper case "T" and "Z" characters MUST be used. An example of a timestamp is 2025-10-27T09:42:51Z.¶
A Uniform Resource Locator (URL) as defined in [RFC1738]. An example of a URL is "https://host.example".¶
Raw binary data, implementations MAY choose how to encode the binary data, for example as base64 or hexadecimal string. An example of binary data encoded as base64 is "UlBQIFNheXMgSGk=".¶
Notation: Dictionary[Value Type]¶
A Dictionary is a collection of key-value pairs where keys are unique Strings and values are of the specified primitive data type. Usages MUST define the constraints on allowed keys and values. A Dictionary differs from an Aggregation Dictionary in that it maps String keys to primitive values rather than to Component or Resource Objects.¶
An Object is a composite structure containing named properties. The set of allowed property names, their data types, and their constraints are determined by the data element definition that uses this type. Usages MUST specify the expected structure, including any required or optional properties. An Object differs from a Component Object in that it is defined inline as part of a data element rather than being a standalone reusable definition registered separately.¶
Each data object is composed of logical data elements. A data element is a logical unit of information identified by a stable name, independent of its representation in any given media type. The definition for each element specifies its logical name, purpose, cardinality, data type, and constraints. The data type of a data element may also be a reference to another data object, using the target object's stable name.¶
The RPP data model is designed to be extensible. Extensions MAY introduce new data objects, add new data elements or associations to existing objects, and define new operations or extend the inputs and outputs of existing operations with additional transient data elements.¶
RPP distinguishes between standardised and private extensions:¶
Standardised extensions MUST be registered with IANA, as described in the IANA Considerations section of this document and in [I-D.ietf-rpp-architecture]. Registration ensures global uniqueness of extension identifiers and promotes interoperability across implementations.¶
Private (non-standardised) extensions MAY be defined for use within specific implementations or organisations. Private extensions are not required to be registered with IANA, but MUST still use unique identifiers that are unlikely to conflict with standardised extensions or other private extensions. The use of reverse domain notation as a prefix (e.g., org.example.rpp.myElement) is RECOMMENDED for private extension identifiers to avoid naming collisions.¶
The following aspects of the data model are extensible:¶
When an extension adds data elements or transient parameters to a core object or operation, these additions MUST NOT alter the semantics or constraints of existing core data elements.¶
The definition of each data element within an object consists of the following attributes:¶
Cardinality: Specifies the number of times an element may appear. The notation is as follows:¶
Mutability: Defines the lifecycle of the data element's value. It MUST be one of the following:¶
For each data object a set of possible operations is defined together with their respective input and output data.¶
For the typical set of Create, Read, Update and Delete operations the following set of input and output data model is specified on top of additional transient input data, unless an operation for the specific object tells otherwise.¶
The output Object MAY vary depending on the identity of the querying client, use of Object Authorisation information, and server policy towards unauthorised clients.¶
If the querying client is the sponsoring client, all available information MUST be returned.¶
If the querying client is not the sponsoring client but the client provides valid Object Authorisation information, all available information SHOULD be returned, however some optional elements MAY be reserved to the sponsoring client only.¶
If the querying client is not the sponsoring client and the client does not provide valid Object Authorisation information, server policy determines which OPTIONAL elements are returned, if any, or whether the entire request is rejected.¶
For all other operations both input and output have to be fully specified.¶
Transfer operations manage the change of sponsorship of a provisioned object from one client (the sponsoring client) to another (the gaining client). They are specified once in this section as the transfer model is common across all transferable resource objects. Individual object definitions reference this section and specify any object-specific extensions to the common pattern.¶
RPP supports two types of transfer:¶
The transfer process MAY be immediate or follow a multi-step workflow depending on server policy. If the server implements immediate transfers, the Approve and Reject operations need not be supported; the server completes the transfer upon receipt of the Create operation.¶
The server MAY implement local policies to prevent transfers from stalling and implement a form of automated transfer escalation, approval or cancellation when such a stalled process is recognised.¶
All transfer operations act on or return the Transfer Process Object and are executed in the context of Owner Data Object the operation is created upon.¶
Restore operations manage the recovery of an object that has entered the Redemption Grace Period (RGP). They are OPTIONAL and are only available when the RGP feature is supported by the server and MAY be supported only for a subset of Data Object types.¶
The RGP process MAY involve two distinct steps:¶
redemptionPeriod state, signalling to the registry the intent to restore. This corresponds to the Create operation on the Restore Process Object. On success, the object transitions to pendingRestore.¶
Whether a restore report is required after a restore request is a matter of server policy. If the server does not require a restore report, the object returns to its pre-deletion status immediately upon a successful Create operation, bypassing the pendingRestore state.¶
The Create operation MAY include the restore report inline to complete both steps atomically in a single operation.¶
All restore operations act on or return the Restore Process Object and are executed in the context of Owner Data Object the operation is created upon.¶
The following state diagram describes the object lifecycle when the Redemption Grace Period (RGP) feature is supported. It adapts the diagram from Section 2 of [RFC3915] to the RPP data model, using RPP status labels and operations instead of EPP command names.¶
In the diagram below, RPP status labels are shown in the status field of the object. Standard EPP-origin status labels (e.g., ok, pendingDelete) are used alongside the RGP-specific labels defined in this document. The <create> and <report> labels refer to the Create and Report operations on the Restore Process Object, replacing the EPP extended <update> command with op=request and op=report attributes.¶
|
v (2)
+----------------------------+ <delete> +-------------------------------+
| status: ok (1)|------------->| status: pendingDelete (3)|
| | | redemptionPeriod |
+----------------------------+ +-------------------------------+
^ ^ restore, no report | ^ | |
| | and report required (4)| | | No (9) |
| | <create> | | | restore |
| | +------------------+ | | restore |
| | v | | v
| | +------------------+ | | +-----------------------+
| | | status: (6)| | | | status: (10)|
| | | pendingDelete |-----------------+ | | pendingDelete |
| | | pendingRestore | report not (7) | | rgpPendingDelete |
| | +------------------+ received | +-----------------------+
| | (8) | | |
| | report received | | purge (11) |
| | <report> | restore (5) | v
| +--------------------+ with report | +-----------------------+
| or not req. | | Purged (12)|
| <create> | +-----------------------+
+----------------------------------------------+
¶
State descriptions:¶
ok or other status allowing a delete operation).¶
pendingDelete + redemptionPeriod state. The object remains here until a restore operation is requested or the redemption period elapses.¶
redemptionPeriod to its pre-deletion status (1), bypassing the pendingRestore state.¶
pendingDelete + pendingRestore state. The registry awaits a restore report from the sponsoring client.¶
redemptionPeriod state (step 3).¶
pendingDelete + rgpPendingDelete state and awaits final purge processing.¶
RPP is designed to coexist with the Extensible Provisioning Protocol (EPP), often operating in parallel against a common backend provisioning system. While RPP is not inherently constrained by all of EPP's requirements, a specific set of rules is necessary to ensure seamless interoperability in such mixed environments.¶
To address this, this document defines an "EPP Compatibility Profile". This profile specifies a set of additional constraints on RPP data objects and operations that a server MUST adhere to when supporting both RPP and EPP concurrently.¶
Throughout this document, all constraints that are part of this profile are explicitly marked with a reference to "EPP Compatibility Profile". Implementers of systems in a mixed EPP/RPP environment MUST follow these specific constraints in addition to the base RPP requirements.¶
This section defines new shared data types and structures that are re-used across multiple data object definitions and are based on the existing Primitive Data Types.¶
Identifiers are character strings with a specified minimum length, a specified maximum length, and a specified format outlined in Section 2.8 of [RFC5730]. Identifiers for certain object types MAY have additional constraints imposed either by server policy, object specific specifications or both.¶
Client identifiers are character strings with a specified minimum length, a specified maximum length, and a specified format. Contact identifiers use the "clIDType" client identifier syntax described in [RFC5730].¶
Telephone number syntax is derived from structures defined in [ITU.E164.2005]. Telephone numbers described in this specification are character strings that MUST begin with a plus sign ("+", ASCII value 0x002B), followed by a country code defined in [ITU.E164.2005], followed by a dot (".", ASCII value 0x002E), followed by a sequence of digits representing the telephone number. An optional "x" (ASCII value 0x0078) separator with additional digits representing extension information can be appended to the end of the value.¶
RPP allows for different types of associations (relationship) between the objects. The association may be added between 2 objects with own independent lifecycle (UML aggregation) or in the relation when one object's existence and lifecycle is bound to the other parent/owner object (UML composition). In both cases, especially if the relation allows for cardinality higher than one on either side, the association may be assigned additional attributes, not being part of an object on either side of relation. In many cases such relation would be attributed with a single text string label, describing a role or a type of relation. Depending on the context this value might be unique, which allows using such label as a key in a dictionary.¶
The following generic Association Types are defined for RPP:¶
Notation: Aggregation[Type]¶
A relation between two independent objects.¶
If the cardinality of target object is more than 1, this represents an ordered array. It MUST be assured that the same unchanged data is always inserted in the same order in order to allow stable reference by position to data elements. In case of data insertions, deletions or updates the remaining of the data SHALL preserve its order.¶
Example aggregation having cardinality 1:¶
+-------------------+ | (root parent) | |-------------------| | foo: | | | +----------+ | +-------- | [Object] | | | ... | | +----------+ +-------------------+¶
Example aggregation having cardinality >1:¶
+-------------------+ | (root parent) | |-------------------| | foo: | | +-----[0] +----------+ | | | [Object] | | | | ... | | | +----------+ | +-----[1] +----------+ | | [Object] | | | ... | | +----------+ | ... | +-------------------+¶
Notation: Composition[Type] or Type¶
A relation between an independent parent object and 1 or more dependent child object(s).¶
If the cardinality of target object is more than 1, this represents an ordered array. It MUST be assured that the same unchanged data is always inserted in the same order in order to allow stable reference by position to data elements. In case of data insertions, deletions or updates the remaining of the data SHALL preserve its order.¶
Example composition having cardinality 1:¶
+-------------------+ | (root) | |-------------------| | foo: | | | +-------+ | | +--| ... | | | +-------+ | +-------------------+¶
Example composition having cardinality >1:¶
+-------------------+ | (root) | |-------------------| | foo: | | +-[0] +-------+ | | | | ... | | | | +-------+ | | +-[1] +-------+ | | | | ... | | | | +-------+ | | ... | +-------------------+¶
Notation: LabelledAggregation[Type]¶
A relation between two independent object with single text string attribute. Multiple associations with the same label are allowed and represent an unordered array.¶
A type defining such association MUST define Label Description with semantics of the label and Label Constraints with constraints related to the label.¶
Example labelled aggregation:¶
+--------------------------------+
| (root) |
|--------------------------------|
| foo: |
| | |
| +---("label_A")---> +----------+
| | | [Object] |
| | | ... |
| | +----------+
| +---("label_B")---> +----------+
| | | [Object] |
| | | ... |
| | +----------+
| +---("label_A")---> +----------+
| | (labels repeat) | [Object] |
| | | ... |
| | +----------+
| ... |
+--------------------------------+
¶
Notation: DictionaryAggregation[Type]¶
A relation between two independent object with single text string attribute. Association labels MUST be unique allowing it to be used as dictionary key.¶
A type defining such association MUST define Label Description with semantics of the label and Label Constraints with constraints related to the label.¶
Example Dictionary Aggregation:¶
+--------------------------+ | (root) | |--------------------------| | foo: | | "key1" -> +-----------+ | | [Object] | | | ... | | +-----------+ | "key2" -> +-----------+ | | [Object] | | | ... | | +-----------+ | ... | +--------------------------+¶
Notation: LabelledComposition[Type]¶
A relation between an independent parent object and a dependent child object with single text string attribute. Multiple associations with the same label are allowed.¶
A type defining such association MUST define Label Description with semantics of the label and Label Constraints with constraints related to the label.¶
Example Labelled Composition:¶
+-------------------------------------+
| (root parent) |
|-------------------------------------|
| foo: |
| | |
| +---("label_A")---> +----------+ |
| | | [Child] | |
| | | ... | |
| | +----------+ |
| +---("label_B")---> +----------+ |
| | | [Child] | |
| | | ... | |
| | +----------+ |
| +---("label_A")---> +----------+ |
| | (labels repeat) | [Child] | |
| | | ... | |
| | +----------+ |
| ... |
+-------------------------------------+
¶
Notation: DictionaryComposition[Type]¶
A relation between an independent parent object and a dependent child object with single text string attribute. Only single association with the same label is allowed allowing it to be used as dictionary key.¶
A type defining such association MUST define Label Description with semantics of the label and Label Constraints with constraints related to the label.¶
Example Dictionary Composition:¶
+--------------------------+ | (root) | |--------------------------| | foo: | | "key1" -> +---------+ | | | [Child] | | | | ... | | | +---------+ | | "key2" -> +---------+ | | | [Child] | | | | ... | | | +---------+ | | ... | +--------------------------+¶
This section defines the Component Objects used in this document.¶
Data Elements:¶
Data Elements:¶
Label¶
Constraints:
¶
addPeriod: The object is within the add grace period following initial registration. If the object is deleted during this period, the registry MAY provide a credit to the sponsoring client.¶
autoRenewPeriod: The object is within the auto-renew grace period following automatic renewal by the registry. If the object is deleted during this period, the registry MAY provide a credit to the sponsoring client.¶
renewPeriod: The object is within the renew grace period following an explicit renewal. If the object is deleted during this period, the registry MAY provide a credit to the sponsoring client.¶
transferPeriod: The object is within the transfer grace period following a successful transfer. If the object is deleted by the new sponsoring client during this period, the registry MAY provide a credit.¶
redemptionPeriod: A delete operation has been received and processed for the object, but the object has not yet been purged. A restore operation MAY be requested to abort the deletion. This status value MUST only appear alongside the standard pendingDelete status.¶
pendingRestore: A restore request has been accepted and the registry is waiting for a restore report from the sponsoring client. This status value MUST only appear alongside the standard pendingDelete status.¶
rgpPendingDelete: The redemption period has elapsed without a successful restore. The object has entered the purge processing state. This status value MUST only appear alongside the standard pendingDelete status. This label is used to distinguish the RGP-specific pending-delete sub-state from the broader EPP pendingDelete status.¶
Reason¶
Due¶
Data Elements:¶
Name¶
Class¶
Type¶
Constraints:¶
ns, a, and aaaa.¶
ds and dnskey.¶
RDATA¶
Constraints:¶
This section defines the RDATA field structures required for interoperability in the EPP Compatibility Profile.¶
In EPP Compatibility Profile ([RFC5732]), the following RDATA structures MUST be supported:¶
nsdname (the fully qualified domain name of the name server).¶
address (the IPv4 address in dotted-decimal notation).¶
address (the IPv6 address in text representation as defined in [RFC5952]).¶
In EPP Compatibility Profile with DNSSEC Extension ([RFC5910]), the following RDATA structures MUST additionally be supported:¶
keyTag (key tag value), algorithm (algorithm number), digestType (digest algorithm type), and digest (digest value).¶
flags (flags field value), protocol (protocol field value), algorithm (algorithm number), and publicKey (encoded public key value).¶
Data Elements:¶
TTL¶
Maximum Signature Lifetime¶
Constraints:¶
Data Elements:¶
Records¶
Constraints:¶
Controls¶
Data Elements:¶
Pre-Delete Data¶
Post-Restore Data¶
Delete Time¶
Restore Time¶
Restore Reason¶
Statements¶
Other¶
This section defines the Process Objects used in this document.¶
Data Elements:¶
Transfer Direction¶
Gaining Client ID¶
Transfer Status¶
Requesting Client ID¶
Request Date¶
Acting Client ID¶
Action Date¶
The Create operation initiates a transfer by creating a Transfer Process Object associated with the provisioned object. The transfer direction and gaining client (for push transfers) are provided as create-only data elements of the Transfer Process Object.¶
The Read operation allows a client to determine the real-time status of a pending or recently completed transfer request.¶
The Delete operation allows the initiating client to cancel its own pending transfer request.¶
The Approve operation allows the appropriate client to accept a pending transfer request.¶
Data Elements:¶
Restore Status¶
Request Date¶
Report Date¶
Report Due Date¶
redemptionPeriod state. Only present when the object is in pendingRestore state.¶
restoreStatus is not "pendingRestore".¶
The Create operation initiates the recovery of an object in the redemptionPeriod state by creating a Restore Process Object. The server MUST reject this operation if the owning object is not in the redemptionPeriod state.¶
Output: Restore Process Object¶
Authorisation:¶
The following transient data elements are defined for this operation:¶
Restore Report¶
pendingRestore state awaiting a subsequent Report operation.¶
Constraints:¶
The Read operation allows the sponsoring client to retrieve the current state of the RGP process for an object.¶
Authorisation:¶
Input: Object Identifier¶
Output: Restore Process Object¶
In EPP Compatibility Profile this operation is not supported.¶
This operation is OPTIONAL, only for servers which support or require submission of a restore report.¶
The Report operation submits the restore report required by the RGP process for an object in the pendingRestore state. A report MAY be submitted more than once if corrections are required. The server MUST reject this operation if the object is not in the pendingRestore state.¶
Output: Restore Process Object¶
Authorisation:¶
The following transient data elements are defined for this operation:¶
The following data elements are defined for the Domain Name Data Object.¶
Name¶
Constraints:¶
Provisioning Metadata¶
Status¶
Registrant¶
Contacts¶
Nameservers¶
DNS Data¶
Constraints:¶
Subordinate Hosts¶
Expiry Date¶
Authorisation Information¶
The Create operation allows a client to provision a new Domain Name resource. The operation accepts as input all create-only and read-write data elements defined for the Domain Name Data Object.¶
Authorisation:¶
In addition, the following transient data element is defined for this operation:¶
The Read operation allows a client to retrieve the data elements of a Domain Name resource. The server's response MAY vary depending on client authorisation and server policy.¶
Authorisation:¶
The following transient data elements are defined for this operation:¶
The Update operation allows a client to modify the read-write data elements of an existing Domain Name resource.¶
The following transient data elements are defined for this operation:¶
Urgent¶
<secDNS:update> element defined in [RFC5910]. The default value is false.¶
Constraints:¶
The Delete operation allows a client to remove an existing Domain Name resource. The operation targets a specific data object identified by its name.¶
The server SHOULD reject a delete request if subordinate host objects are associated with the domain name.¶
The error response SHOULD indicate the related subordinate host objects.¶
The Renew operation allows a client to extend the validity period of an existing Domain Name resource. The operation targets a specific data object identified by its name.¶
Authorisation:¶
Input: Domain Name¶
Output: Full object (read-write and read-only properties), or a minimum set of properties affected by the operation (Expiry Date).¶
The following transient data elements are defined for this operation:¶
Current Expiry Date¶
Renewal Period¶
expiryDate. The default value MAY be defined by server policy. The number of units available MAY be subject to limits imposed by the server.¶
The Domain Name Data Object supports the common transfer operations defined in the Section 2.5.4. The transfer of a domain name changes the sponsoring client of the domain object.¶
Transfer of a domain object MUST implicitly transfer all host objects that are subordinate to the domain object. For example, if domain object "example.com" is transferred and host object "ns1.example.com" exists, the host object MUST be transferred as part of the "example.com" transfer process.¶
In addition to the common Transfer Process Object elements, the following object-specific create-only data element is defined and can be provided when creating a Transfer Process Object for a domain name:¶
Transfer Period¶
In addition to the common Transfer Process Object elements, the following object-specific read-only data element is included in the output of domain transfer operations:¶
Expiry Date¶
Subordinate host objects MUST be transferred implicitly when the domain object is transferred.¶
The Domain Name Data Object supports the restore operations defined in the section. These operations are OPTIONAL and are only available when the RGP feature is supported.¶
No domain-specific transient data elements extend the common restore operations beyond those defined in the Section 2.5.5.¶
The following data elements are defined for the Domain Name Data Object.¶
Handle ID¶
Provisioning Metadata¶
Status¶
Postal Information¶
Voice Phone Number¶
Fax Phone Number¶
E-mail¶
Authorisation Information¶
Disclose¶
The Create operation allows a client to provision a new Contact resource. The operation accepts as input all create-only and read-write data elements defined for the Contact Data Object.¶
Authorisation:¶
In EPP Compatibility Profile, the following data elements MUST be provided:¶
The Read operation allows a client to retrieve the data elements of a Contact resource. The server's response MAY vary depending on client authorisation and server policy.¶
Authorisation:¶
Authorisation Information (authInfo) MUST NOT be provided in the response if the querying client is not the current sponsoring client.¶
When constructing the response, the server MUST respect the disclosure policies defined by the Disclose Object (disclose), whether set by the server operator's default data-collection policy or by the sponsoring client for the contact. Data elements marked for non-disclosure MUST NOT be included in responses to unauthorised clients.¶
The Update operation allows a client to modify the attributes of an existing Contact resource.¶
The following aspects of the contact object MAY be modified:¶
A client MUST NOT add, delete or alter values for statuses managed by the server (prefixed with "server"). A server MAY add, delete or alter status values set by a client, subject to server policy.¶
The Delete operation allows a client to remove an existing Contact resource. The operation targets a specific data object identified by its Handle ID.¶
The server SHOULD reject a delete request if the contact object is associated with other known objects (e.g., domain names). An associated contact SHOULD NOT be deleted until associations with other known objects have been broken.¶
The error response SHOULD indicate the existing object associations.¶
The Contact Data Object supports the common transfer operations defined in the Section 2.5.4. The transfer of a contact changes the sponsoring client of the contact object.¶
No object-specific transient data elements are defined for contact transfer operations beyond the common transfer data elements.¶
The following data elements are defined for the Host Data Object.¶
Host Name¶
Provisioning Metadata¶
Status¶
DNS Data¶
The Create operation allows a client to provision a new Host Data Object. The operation accepts as input all create-only and read-write data elements defined for the Host Data Object.¶
Authorisation:¶
If the host name exists in a namespace for which the server is authoritative, then the superordinate domain of the host MUST be known to the server before the host object can be created.¶
In EPP Compatibility Profile, IP addresses are REQUIRED only as needed to produce DNS glue records. If the host name exists in a namespace for which the server is authoritative and is subordinate to an existing domain, IP addresses SHOULD be provided. If the host name is external to the server's namespace, IP addresses are not required by the DNS and MAY be omitted.¶
The Read operation allows a client to retrieve the data elements of a Host Data Object.¶
Authorisation:¶
The Update operation allows a client to modify the attributes of an existing Host Data Object. The operation targets a specific data object identified by its host name.¶
Host name changes MAY require the addition or removal of IP addresses to be accepted by the server. IP address association MAY be subject to server policies for provisioning hosts as name servers.¶
Host name changes can have an impact on associated objects that refer to the host object. A Host Name change SHOULD NOT require additional updates of associated objects to preserve existing associations, with one exception: changing an external host object that has associations with objects that are sponsored by a different client. Attempts to update such hosts directly MUST fail. The change can be provisioned by creating a new external host with a new name and any needed new attributes, and subsequently updating the other objects sponsored by the client.¶
The Delete operation allows a client to remove an existing Host Data Object. The operation targets a specific data object identified by its host name.¶
The server SHOULD reject a delete request if the host object is associated with any other object, such as a domain name object. Deleting a host object without first breaking existing associations can cause DNS resolution failure for domain objects that refer to the deleted host object.¶
The error response SHOULD indicate the related associated objects.¶
The Host Data Object supports the restore operations defined in the Section 2.5.5. These operations are OPTIONAL and are only available when the RGP feature for Host Data Object is supported by the server.¶
No domain-specific transient data elements extend the common restore operations beyond those defined in the Section 2.5.5.¶
This document establishes the "RESTful Provisioning Protocol (RPP) Data Object Registry". This registry serves as a catalogue of all data objects, component objects, data elements, and operations used within RPP.¶
The policy for adding new objects, data elements, or operations to this registry is "Specification Required" [RFC8126].¶
Standardised RPP extensions that introduce new data objects, add data elements to existing objects, or define new operations or operation parameters MUST register these additions in this registry. Each such registration MUST reference the specification that defines the extension.¶
Private (non-standardised) extensions are not required to register in this registry.¶
The registry is organised as a collection of Object definitions. Each Object definition MUST include:¶
A header containing the Object Identifier, Object Name, Object Type (Resource, Process or Component), a brief description, and a reference to its defining specification.¶
A "Data Elements" table listing all persisted data elements associated with the object. Each entry MUST specify the element's Identifier, Name, Cardinality, Mutability, Data Type, description, and a reference to the specification that defines it.¶
An "Operations" section (applicable only for Object Types Resource or Process). For each operation, the registry MUST provide:¶
Extensions MAY add new data elements, operations, or operation parameters to existing Object definitions in the registry. Each such addition MUST reference the extension specification that introduces it, allowing implementations to distinguish core protocol elements from extension-defined elements.¶
The initial contents of the RPP Data Object Registry are defined below.¶
Object: period¶
Object Name: Period Object¶
Object Type: Component¶
Description: Represents a duration of time.¶
Reference: [This-ID]¶
Data Elements¶
| Element Identifier | Element Name | Card. | Mutability | Data Type | Description |
|---|---|---|---|---|---|
| value | Value | 1 | read-write | Integer | The numeric value of the period. |
| unit | Unit | 1 | read-write | String | The unit of the period. |
Object: dnsRecord¶
Object Name: DNS Resource Record Object¶
Object Type: Component¶
Description: Represents a single DNS resource record.¶
Reference: [This-ID]¶
Data Elements¶
| Element Identifier | Element Name | Card. | Mutability | Data Type | Description |
|---|---|---|---|---|---|
| name | Name | 1 | read-write | String | The owner name of the DNS entry. |
| class | Class | 0-1 | read-write | String | The DNS resource record class. |
| type | Type | 1 | read-write | String | The DNS resource record type, indicating the format of the RDATA field. |
| rdata | RDATA | 1 | read-write | Object | The actual payload data of the DNS record. Structure depends on the record type. |
Object: dnsControls¶
Object Name: DNS Operational Controls Object¶
Object Type: Component¶
Description: Contains operational control parameters that a client MAY use to influence server-side DNS behaviour for a set of DNS records.¶
Reference: [This-ID]¶
Data Elements¶
| Element Identifier | Element Name | Card. | Mutability | Data Type | Description |
|---|---|---|---|---|---|
| ttl | TTL | 0-1 | read-write | Dictionary [Integer] | Controls the caching behaviour of DNS resource records, keyed by lower-case record type name. |
| maxSigLifetime | Maximum Signature Lifetime | 0-1 | read-write | Dictionary [Integer] | Maximum number of seconds after signature generation when the parent's signature on signed DNS data should expire, keyed by lower-case record type name. |
Object: dnsData¶
Object Name: DNS Data Object¶
Object Type: Component¶
Description: A container for DNS resource records and associated operational controls for a provisioned object.¶
Reference: [This-ID]¶
Data Elements¶
| Element Identifier | Element Name | Card. | Mutability | Data Type | Description |
|---|---|---|---|---|---|
| records | Records | 0+ | read-write | Composition [DNS Resource Record Object] | An array of DNS resource records associated with the provisioned object. |
| controls | Controls | 0-1 | read-write | DNS Operational Controls Object | Operational control parameters for the DNS records. |
Object: authInfo¶
Object Name: Authorisation Information¶
Object Type: Component¶
Description: Contains authorisation credentials for an operation.¶
Reference: [This-ID]¶
Data Elements¶
| Element Identifier | Element Name | Card. | Mutability | Data Type | Description |
|---|---|---|---|---|---|
| method | Method | 1 | create-only | String | The identifier of the RPP authorisation method. |
| authdata | Authorisation Information | 1 | create-only | String | The value of the authorisation information. It might be as simple as password string, but also more complex values like public key certificates or tokens encoded as string are possible. |
Object: status¶
Object Name: Status Object¶
Object Type: Component¶
Description: Represents one of the status values associated with the provisioning object.¶
Reference: [This-ID]¶
Data Elements¶
| Element Identifier | Element Name | Card. | Mutability | Data Type | Description |
|---|---|---|---|---|---|
| label | Label | 1 | create-only | String | machine-readable enum label of a status |
| reason | Reason | 0-1 | create-only | String | a human-readable text that describes the rationale for the status applied to the object. |
| due | Due | 0-1 | read-write | Timestamp | a timestamp, when this status is going to be removed automatically, or changed to other status. This field can be used to express lifecycle related information |
Object: provMetadata¶
Object Name: Provisioning Metadata Object¶
Object Type: Component¶
Description: Contains standard metadata about the lifecycle and ownership of a provisioned object.¶
Reference: [This-ID]¶
Data Elements¶
| Element Identifier | Element Name | Card. | Mutability | Data Type | Description |
|---|---|---|---|---|---|
| repositoryId | Repository ID | 0-1 | read-only | Identifier | A server-assigned unique identifier for the object. |
| spClientId | Sponsoring Client ID | 1 | read-only | Client Identifier | The identifier of the client that is the current sponsor of the object. |
| crClientId | Creating Client ID | 0-1 | read-only | Client Identifier | The identifier of the client that created the object. |
| crDate | Creation Date | 0-1 | read-only | Timestamp | The date and time of object creation. |
| upClientId | Updating Client ID | 0-1 | read-only | Client Identifier | The identifier of the client that last updated the object. |
| upDate | Update Date | 0-1 | read-only | Timestamp | The date and time of the most recent object modification. |
| trDate | Transfer Date | 0-1 | read-only | Timestamp | The date and time of the most recent successful object transfer. |
Object: transferProcess¶
Object Name: Transfer Process Object¶
Object Type: Process¶
Description: Represents a transfer request for a provisioned object. Creating this object initiates the transfer. Approve and Reject are additional operations; Delete corresponds to cancel.¶
Reference: [This-ID]¶
Data Elements¶
| Element Identifier | Element Name | Card. | Mutability | Data Type | Description |
|---|---|---|---|---|---|
| transferDir | Transfer Direction | 0-1 | create-only | String | The direction of the transfer ("pull" or "push"). If omitted, server policy determines default. |
| gainingClientId | Gaining Client ID | 0-1 | create-only | Client Identifier | The designated gaining client. REQUIRED for push transfers; MUST NOT be provided for pull. |
| trStatus | Transfer Status | 1 | read-only | String | The state of the transfer request. |
| reqClientId | Requesting Client ID | 1 | read-only | Client Identifier | The identifier of the client that initiated the transfer request. |
| requestDate | Request Date | 1 | read-only | Timestamp | The date and time that the transfer was requested. |
| actClientId | Acting Client ID | 1 | read-only | Client Identifier | The identifier of the client that should or did act on the request. |
| actionDate | Action Date | 1 | read-only | Timestamp | The response deadline (if pending) or completion date. |
Operations¶
Operation: Create¶
Operation Identifier: create¶
Description: Initiates a transfer of a Domain Name resource by creating a Transfer Process Object. Transfer direction and gaining client are provided as create-only data elements.¶
Parameters¶
| Identifier | Name | Card. | Data Type | Description |
|---|---|---|---|---|
| transferPeriod | Transfer Period | 0-1 | period | The duration to add to the registration period upon transfer. |
Operation: Transfer Read¶
Operation Identifier: read¶
Description: Queries the status of a transfer of a Domain Name resource.¶
Parameters: (None)¶
Operation: Transfer Delete¶
Operation Identifier: delete¶
Description: Cancels a pending transfer of a Domain Name resource.¶
Parameters: (None)¶
Operation: Transfer Approve¶
Operation Identifier: approve¶
Description: Approves a pending transfer of a Domain Name resource.¶
Parameters: (None)¶
Operation: Transfer Reject¶
Operation Identifier: reject (on Transfer Process Object)¶
Description: Rejects a pending transfer of a Domain Name resource.¶
Parameters¶
| Identifier | Name | Card. | Data Type | Description |
|---|---|---|---|---|
| reason | Reason | 0-1 | String | A human-readable text describing the rationale for rejection. |
Object: restoreProcess¶
Object Name: Restore Process Object¶
Object Type: Process¶
Description: Represents the current state of a restore request for an object that has entered the Redemption Grace Period (RGP). Returned as output of all restore operations. This object is OPTIONAL and is only used when the RGP feature is supported.¶
Reference: [This-ID]¶
Data Elements¶
| Element Identifier | Element Name | Card. | Mutability | Data Type | Description |
|---|---|---|---|---|---|
| restoreStatus | Restore Status | 1 | read-only | String | The current state of the restore process. |
| requestDate | Request Date | 0-1 | read-only | Timestamp | The date and time when the restore request was submitted. Absent if no request has been submitted. |
| reportDate | Report Date | 0-1 | read-only | Timestamp | The date and time when the most recent restore report was accepted. Absent if no report has been accepted. |
| reportDueDate | Report Due Date | 0-1 | read-only | Timestamp | The deadline for submitting a restore report before the object reverts to redemptionPeriod. Present only when status is pendingRestore. |
Operations¶
Operation: Restore Create¶
Operation Identifier: create¶
Description: Initiates recovery of a domain name in the redemptionPeriod state by creating a Restore Process Object. This operation is OPTIONAL and is only available when the RGP feature is supported.¶
Parameters¶
| Identifier | Name | Card. | Data Type | Description |
|---|---|---|---|---|
| restoreReport | Restore Report | 0-1 | Restore Report Object | An inline restore report. |
Operation: Restore Read¶
Operation Identifier: read (on Restore Process Object)¶
Description: Retrieves the current state of the RGP restore process for a domain name. This operation is OPTIONAL and is only available when the RGP feature is supported.¶
Parameters: (None)¶
Operation: Restore Report¶
Operation Identifier: report¶
Description: Submits the restore report for a domain name in the pendingRestore state. This operation is OPTIONAL and is only available when the RGP feature is supported and the server requires a restore report.¶
Parameters¶
| Identifier | Name | Card. | Data Type | Description |
|---|---|---|---|---|
| restoreReport | Restore Report | 1 | Restore Report Object | The restore report to be submitted. |
Object: restoreReport¶
Object Name: Restore Report Object¶
Object Type: Component¶
Description: Contains the redemption grace period restore report submitted by the sponsoring client as required by the RGP process. This object is OPTIONAL and is only used when the RGP feature is supported and a restore report is required by server policy.¶
Reference: [This-ID]¶
Data Elements¶
| Element Identifier | Element Name | Card. | Mutability | Data Type | Description |
|---|---|---|---|---|---|
| preData | Pre-Delete Data | 0-1 | read-write | String | A copy of the registration data that existed for the object prior to deletion. |
| postData | Post-Restore Data | 0-1 | read-write | String | A copy of the registration data that exists for the object at the time the restore report is submitted. |
| deleteTime | Delete Time | 0-1 | read-write | Timestamp | The date and time when the object delete request was sent to the server. |
| restoreTime | Restore Time | 0-1 | read-write | Timestamp | The date and time when the original restore request operation was sent to the server. |
| restoreReason | Restore Reason | 0-1 | read-write | String | A brief explanation of the reason for restoring the object. |
| statements | Statements | 0+ | read-write | String | Mandatory client statements required by the RGP process. At least one and at most two statements MUST be provided. |
| other | Other | 0-1 | read-write | String | Any additional information needed to support the statements provided by the client. |
Object: domainName¶
Object Name: Domain Name Data Object¶
Object Type: Resource¶
Description: Represents a domain name and its associated data.¶
Reference: [This-ID]¶
Data Elements¶
| Identifier | Name | Card. | Mutability | Data Type | Description |
|---|---|---|---|---|---|
| name | Name | 1 | create-only | String | The fully qualified name of the domain object. |
| provMetadata | Provisioning Metadata | 1 | read-only | Provisioning Metadata Object | Standard metadata about object lifecycle and ownership. |
| status | Status | 0+ | read-only | Status Object | The current status descriptors for the domain. |
| registrant | Registrant | 0-1 | read-write | Contact Object | The registrant contact ID. |
| contacts | Contacts | 0+ | read-write | LabelledAggregation [Contact Object] | Associated contact objects. |
| nameservers | Nameservers | 0+ | read-write | Aggregation [Host Data Object] | A collection of nameservers associated with the domain. |
| dns | DNS Data | 0-1 | read-write | DNS Data Object | DNS resource records and operational controls related to the domain name. |
| subordinateHosts | Subordinate Hosts | 0+ | read-only | Aggregation [Host Data Object] | Subordinate host names. |
| expiryDate | Expiry Date | 0-1 | read-only | Timestamp | Expiry timestamp. |
| authInfo | Authorisation Info | 0-1 | read-write | authInfo | Authorisation information for the object. |
Operations¶
Operation: Create¶
Operation Identifier: create¶
Description: Provisions a new Domain Name resource.¶
Parameters¶
| Identifier | Name | Card. | Data Type | Description |
|---|---|---|---|---|
| period | Registration Period | 0-1 | period | The initial registration period for the domain name. |
Operation: Read¶
Operation Identifier: read¶
Description: Retrieves the data elements of a Domain Name resource.¶
Parameters¶
| Identifier | Name | Card. | Data Type | Description |
|---|---|---|---|---|
| hostsFilter | Hosts Filter | 0-1 | String | Controls which host information is returned. |
| queryAuthInfo | Query Authorisation Information | 0-1 | authInfo | Credentials to authorise access to full object data. |
Operation: Update¶
Description: Modifies the read-write data elements of a Domain Name resource.¶
Parameters¶
| Identifier | Name | Card. | Data Type | Description |
|---|---|---|---|---|
| urgent | Urgent | 0-1 | Boolean | Requests high-priority processing of the update by the server. |
Operation: Delete¶
Operation Identifier: delete¶
Description: Removes an existing Domain Name resource.¶
Parameters: (None)¶
Operation: Renew¶
Operation Identifier: renew¶
Description: Extends the validity period of a Domain Name resource.¶
Parameters¶
| Identifier | Name | Card. | Data Type | Description |
|---|---|---|---|---|
| currentExpiryDate | Current Expiry Date | 1 | Timestamp | The expected current expiry date, for validation. |
| renewalPeriod | Renewal Period | 0-1 | period | The duration to add to the registration period. |
Object: host¶
Object Name: Host Data Object¶
Object Type: Resource¶
Description: Represents a name server that provides DNS services for a domain name.¶
Reference: [This-ID]¶
Data Elements¶
| Identifier | Name | Card. | Mutability | Data Type | Description |
|---|---|---|---|---|---|
| hostName | Host Name | 1 | read-write | String | Fully qualified name of a host. |
| provMetadata | Provisioning Metadata | 1 | read-only | Provisioning Metadata Object | Standard metadata about object lifecycle and ownership. |
| status | Status | 0+ | read-only | Status Object | The current status descriptors for the host. |
| dns | DNS Data | 0-1 | read-write | DNS Data Object | DNS resource records and operational controls related to the host. |
Operations¶
Operation: Create¶
Description: Provisions a new Host Data Object.¶
Parameters: (None)¶
Operation: Read¶
Description: Retrieves the data elements of a Host Data Object.¶
Parameters: (None)¶
Operation: Update¶
Description: Modifies the attributes of a Host Data Object.¶
Parameters: (None)¶
Operation: Delete¶
Description: Removes an existing Host Data Object.¶
Parameters: (None)¶