oauth2.dev

rdap_dnt_allowed

IETF

Registry Context

`rdap_dnt_allowed` is a this claim contains a JSON boolean literal that describes a "do not track" request for server-side tracking, logging, or recording of an identity that is presented for access to a protected RDAP resource. claim.

Technical Summary

Federated Authentication for the Registration Data Access Protocol (RDAP) Using OpenID Connect Section 3.1.5.2 defines `rdap_dnt_allowed` for JWT claim sets with the registry description: This claim contains a JSON boolean literal that describes a "do not track" request for server-side tracking, logging, or recording of an identity that is presented for access to a protected RDAP resource..

When Used

Used in JWTs that follow Federated Authentication for the Registration Data Access Protocol (RDAP) Using OpenID Connect Section 3.1.5.2.

Normative Requirements

Implementation

MUST
1
  1. 9560 - Section 3.1.5.2

    limit use of the claim to end users granted do-not-track privileges under applicable policies and regulations..

    Condition: When using the `rdap_dnt_allowed` claim.

    Use of this claim MUST be limited to end users who are granted "do not track" privileges in accordance with service policies and regulations.

Server operator

MUST NOT
1
  1. 9560 - Section 3.1.5.2

    log, track, or record associations between the query and end-user identity..

    Condition: When the user is identified and authorized, the claim is present with value true, and accepting it complies with local logging regulations.

    Server operators MUST NOT log, track, or record any association of the query and the end user's identity if the end user is successfully identified and authorized, if the "rdap_dnt_allowed" claim is present, if the value of the claim is "true", and if accepting the claim complies with local regulations regarding logging and tracking.

Validation Guidance

error

When processing `rdap_dnt_allowed`, apply the syntax and semantics from Federated Authentication for the Registration Data Access Protocol (RDAP) Using OpenID Connect Section 3.1.5.2.

info

Treat `rdap_dnt_allowed` as profile-specific unless the JWT explicitly follows the referenced specification.

Reference

Details

Entry Id
rdap_dnt_allowed
Claim Name
rdap_dnt_allowed
Claim Description
This claim contains a JSON boolean literal that describes a "do not track" request for server-side tracking, logging, or recording of an identity that is presented for access to a protected RDAP resource.
Change Controller
IETF
Reference
RFC9560 - Section 3.1.5.2