rdap_ dnt_ allowed
Registry Context
`rdap_dnt_allowed` is a this claim contains a JSON boolean literal that describes a "do not track" request for server-side tracking, logging, or recording of an identity that is presented for access to a protected RDAP resource. claim.
Technical Summary
Federated Authentication for the Registration Data Access Protocol (RDAP) Using OpenID Connect Section 3.1.5.2 defines `rdap_dnt_allowed` for JWT claim sets with the registry description: This claim contains a JSON boolean literal that describes a "do not track" request for server-side tracking, logging, or recording of an identity that is presented for access to a protected RDAP resource..
When Used
Used in JWTs that follow Federated Authentication for the Registration Data Access Protocol (RDAP) Using OpenID Connect Section 3.1.5.2.
Normative Requirements
Implementation
9560 - Section 3.1.5.2
limit use of the claim to end users granted do-not-track privileges under applicable policies and regulations..
Condition: When using the `rdap_dnt_allowed` claim.
Use of this claim MUST be limited to end users who are granted "do not track" privileges in accordance with service policies and regulations.
Server operator
9560 - Section 3.1.5.2
log, track, or record associations between the query and end-user identity..
Condition: When the user is identified and authorized, the claim is present with value true, and accepting it complies with local logging regulations.
Server operators MUST NOT log, track, or record any association of the query and the end user's identity if the end user is successfully identified and authorized, if the "rdap_dnt_allowed" claim is present, if the value of the claim is "true", and if accepting the claim complies with local regulations regarding logging and tracking.
Validation Guidance
When processing `rdap_dnt_allowed`, apply the syntax and semantics from Federated Authentication for the Registration Data Access Protocol (RDAP) Using OpenID Connect Section 3.1.5.2.
Treat `rdap_dnt_allowed` as profile-specific unless the JWT explicitly follows the referenced specification.
Reference
Details
- Entry Id
rdap_dnt_ allowed - Claim Name
rdap_dnt_ allowed - Claim Description
This claim contains a JSON boolean literal that describes a "do not track" request for server-side tracking, logging, or recording of an identity that is presented for access to a protected RDAP resource.- Change Controller
IETF- Reference
RFC9560 - Section 3.1.5.2