Administrative model for the .no domain
Each national top level domain (TLD) has an administrative model that defines roles and responsibilities in relation to the administration of the domain, and a domain name policy which stipulates rules concerning the allocation of domain names. This document describes the Norwegian administrative model, and other relevant international frameworks.
- Administrative model for the Norwegian top-level domains
- International frameworks
- Other factors influencing the registry operations
- A summary of the domain regulation
- References to other documents
Norid, a company in the UNINETT group, is the .no registry. This is a responsibility that we have had since 1987. The group also carries out many other tasks of national importance, among other things the development and operation of the Norwegian research network. UNINETT is owned by the Ministry of Education and Research.
In addition to the .no domain, Norid also administers the top level domains .sj (Svalbard and Jan Mayen) and .bv (Bouvet Island).
The administrative model defines the roles and responsibilities of the different entities involved in the administration of the Norwegian TLDs. In doing so, it delineates the relationship between the registry, the government and the rest of the Internet community (whom the TLD should serve). The model also defines by whom and by which process the domain name policy is created and modified.
Administrative models come in many shapes and flavours. At one end of the spectrum we find the registries that are firmly placed within the public sector, some of them with a domain name policy set in law or regulation. These have the advantage of both stability and fitting in with the existing legal and governmental structure in a clear and well-defined way. However, the somewhat complex procedures required of all public sector bodies (especially if they want to change a law/regulation) can make it a challenge for such registries to keep up with the demands of speed and flexibility from the ever-changing world of the Internet.
At the other end of the spectrum are the purely private sector registries. Most of these define their domain name policy through some process of consultation with the local community, and enforce it through private law contracts. This gives room for flexibility and efficiency. Although these registries have usually operated responsibly and in the service of society, the question is occasionally raised of how to ensure that this remains so in the future.
The administrative model for the .no domain aims for the middle of this spectrum. It combines a domain name policy set by the registry (in consultation with the Norwegian community) with a high-level administrative framework set by the Norwegian government through regulation. Added to this mix is a private sector registry that is owned by the Norwegian state. The model was formalized in 2003 through the creation of a Domain Name Regulation, issued pursuant to the Electronic Communications Act, and continued the existing practice developed during the years in which UNINETT had been the registry for .no.
The administrative model applies to all three Norwegian TLDs, but as .sj and .bv has not yet been opened for registration, it has so far only been implemented for .no.
The basis for the model is that there are three separate functions, that relate to each other in certain ways:
- Operative function
- performs a given task
- Framework function
- sets the framework for the operative function
- Supervisory function
- supervises the other functions
This is a basic three-way division of roles which is also used in other contexts: the system comprising parliament, government and courts of law is one of the more familiar tripartite divisions.
The administrative model for .no
The three-way division into operative, framework and supervisory function can take place on several levels. In the administrative model for the .no domain, the division takes place at two levels, linked by an entity which concurrently carries out both a framework and an operative function.
Framework function: Norwegian authorities
This function sets the high-level framework for the administration of all Norwegian TLDs. The main items covered in the framework are the requirements for the process used to develop the domain name policy, the minimum requirements that a registry administering a TLD has to fulfil, and the consequences if the registry does not fulfil those requirements.
The framework function is primarily performed by the Norwegian Ministry of Transport and Communications, by defining the framework in the Domain Name Regulation. Additionally, limits beyond those laid down by the Ministry may follow from general Norwegian law, nationally transposed EU Directives and any other applicable international standards that Norway adheres to.
Supervisory function: Norwegian parliament
When laws are created, procedures exist to ensure that they are created through a proper process, and are consistent with the pre-existing legislation. These procedures inhere primarily in the Norwegian Parliament’s enactment of new statutes. Regulations can only be created pursuant to the relevant Acts. This means that in principle the high-level supervisory function in relation to the Domain Name Regulation (and other relevant legislation making up the high-level framework) is held by the Norwegian Parliament.
Operative function and framework function: The local Internet community
This is the community that the .no domain serves. Use of the Internet in Norway has grown to such an extent that this community de facto encompasses the vast bulk of Norwegian society. The Internet community is, in effect, ultimately responsible for shaping the domain name policy for the .no domain within the high-level framework. As such, it performs an operative function in relation to the left triangle. At the same time, it performs a framework function for the right triangle, since it creates the rules according to which the registry registers domain names.
As the Norwegian Internet community is not a legal entity, the task of drafting the domain name policy is formally placed with the .no domain registry. The latter is the organization legally responsible for the registration rules and other parts of the domain name policy for .no.
The high-level framework (the Domain Name Regulation) requires input to be gathered from the government and the user’s representatives before changes are made in the domain name policy. In practice, this is implemented by the registry acting as a secretariat, drafting proposals for changes in the domain name policy which are then put forward for feedback from the Internet community.
A policy advisory council (Norpol) with representatives from the private sector, the government, Internet industry, consumer authorities and other relevant parties, helps to ensure that the domain name policy is always adapted to the needs of the Internet community. In addition, a public inquiry is held before any major changes are made to the domain name policy.
Supervisory function: The Norwegian Communications Authority
The Norwegian Communications Authority (Nkom) supervises the process whereby the domain name policy for .no is created or modified. It also checks that the registry complies with both frameworks applicable to it – the Domain Name Regulation and the domain name policy for .no.
In addition, a dispute resolution body has been created which functions as an appeal board in relation to the individual decisions that the registry makes regarding domain names under .no. The dispute resolution body also handles disputes between domain name holders and third parties who feel that their rights have been infringed upon, but this task is not part of its supervisory function in relation to the administration of the .no domain.
As the entity inhabiting the main supervisory role, Nkom has a responsibility for checking that the dispute resolution body complies with the same frameworks as the registry.
Operative function: Norid
This function administers the .no domain within the applicable frameworks. The primary tasks for the operative function are processing applications and operating the .no zone. The function is performed by the registry for the .no domain, Norid.
Norid follows a principle of only handling the essential core tasks in-house, while the other tasks are left to companies who offer registrar services under contract with Norid and compete with each other to offer the best possible service to the applicants.
Consequences of the Norwegian Model
The Norwegian model aims to incorporate ‘the best of both worlds’. The government sets the high-level framework for the system but does not dictate the details. Through their framework and supervisory functions, the government can safeguard that the service continues to operate beneficially for the Norwegian community in the future. At the same time, the model remains true to the principle of self-regulation, upon which the successful growth of the Internet has been based.
In line with the principle of self regulation, the people who have a stake in the service – customers registering domain names, registrars selling registration services, users accessing a website under a domain, etc. – are the ones who set the rules for it. As within other areas, market mechanisms regulate, to some degree, both prices and policy. If registering a domain under .no becomes too expensive or the domain name policy too complicated, people will simply stop using the TLD.
Even the way the registry is organized can be seen as an attempt to combine the best of what the public and private sectors have to offer. Although it was originally chosen for historical reasons, the fact that the registry on the one hand is organized as a non-profit private company, and on the other hand is owned by the State, results in a unique set of advantages. The registry can be operated with the efficiency, flexibility and low costs made possible by being based within the private sector while at the same time having the neutrality, legitimacy, and stability in ownership provided by the State. A registry with one foot in the private sector and one in the public is also well-suited for understanding the interests of both. Such understanding is useful when trying to create a domain name policy that serves the entire community.
One of the clearest examples of the advantages of the chosen administrative model is the interaction around the domain name policy. The Domain Name Regulation sets out certain basic principles, such as transparency and non-discrimination, which all domain name policies have to fulfil. Being placed within a regulation ensures that the principles are not easily changed, which is important as they act as a final ‘safety valve’ for the domain name policy. The actual policy, however, is a contract governed by private law. This means that the policy is much more adaptable to the changing needs of the Norwegian Internet community than it would have been if it also had been set down as a regulation.
As with all compromises, the model has the disadvantage of being complex and somewhat difficult to understand. Even so, despite its complexity, the model is an instance of a very successful private-public partnership.
When UNINETT became the registry for the .no domain in 1987, this was in agreement with IANA, the Internet Assigned Numbers Authority (or actually in agreement with Jon Postel who was the person running IANA at the time). IANA originally held international responsibility for coordinating the administration of TLDs, a function that was partly transferred from IANA to ICANN (The Internet Corporation for Assigned Names and Numbers) in 1998.
The framework for the role of a ccTLD registry was documented by Jon Postel in RFC 1591 in 1994. Together with the informal acceptance of UNINETT as a registry by the Norwegian Internet community in 1987, RFC 1591 constitutes the factual and legal basis for Norid’s administration of the .no domain. Norid is thus organized on the basis of private-law rules and conducts its operations with authorization in private-law contracts.
As Internet has grown increasingly important, governments as a group have wanted to formalize the relationship between ICANN, the registries for the country-code top level domains and the respective countries’ authorities. An advisory body for ICANN with representatives of the authorities in several countries, the Government Advisory Committee (GAC), has prepared a model for these relationships. According to the GAC model, the relationship between each of these three participants will be governed through written communication or agreements.
The relationship between Norid and the Norwegian authorities is governed through the Norwegian Domain Regulation. The relationship between Norwegian authorities and ICANN is at present not governed by any formal agreement. As for the relationship between ICANN and Norid, ICANN has sought more a formal and specific description of the relationship it has with each ccTLD registry than what is contained in RFC 1591. ICANN has chosen to provide several ways of doing this, taking into account that there are no identical registries. Some registries will not accept anything less formal than a contract, while others view a contract with a Californian private-sector corporation as inappropriate. ICANN’s current solution is therefore to offer formal agreements or informal exchanges of letters depending on the preference of the registry concerned.
Norid exchanged letters with ICANN in July 2006. These letters do not replace RFC 1591 as an agreement; instead, they elaborate on the current distribution of roles between Norid and ICANN and document a shared understanding of the roles. Both letters acknowledge that most ccTLD policy issues are local in nature and should be addressed by the local Internet community, unless it can be shown that the issue has global impact and needs to be resolved in an international framework. Both Norid and the Norwegian government (representet by Nkom) regard this as one of the most important principles in relation to ICANN.
In addition to the formal framework, a number of other factors influence the operation of the registry. The Internet Engineering Task Force (IETF) draws up technical standards and suggestions for technical solutions in a number of areas at the core of the registry’s operations (DNS, Whois and other protocols). The Council of European National Top-Level Domain Registries (CENTR) has prepared best practice guidelines for registries. Norid was among the first registries in Europe to harmonize their practice with these guidelines.
In addition, the administration of the .no domain is a technically demanding task. Operation and further development of the registration service and especially maintenance of the technical infrastructure (DNS and registry database) must be performed in a technically sound manner. Even minor errors in the DNS may have wide-ranging economic and quality-related consequences. Without the DNS, the Internet does not function. The registry therefore needs to have close ties with the technical communities and to have ready access to personnel with a high level of technical competence.
The Domain Name Regulation is mainly a codification of an already existing practice, which the registry had established in co-operation with the authorities and the Internet community through 16 years of operation. The main content of the regulation is described below:
- The domain name policy for .no
The Regulation sets certain minimum requirements for the domain name policy: it should ensure cost efficiency and a high technical quality, be non-discriminatory, promote transparency and predictability, protect the interests of Internet users and national interests, and take into account international development of the Internet.
The registry has the formal responsibility for setting the domain name policy for .no. Before any significant changes are made in the policy, input is gathered from the user’s representatives and the government (both part of the Norwegian Internet community). The Norwegian Communications Authority is informed of all changes.
- Applicant declaration form
Before registering a domain name, the applicant must sign a declaration stating that the name applied for does not infringe on the rights of a third party, is not in breach of the domain name policy or Norwegian law, does not create an unwarranted impression of relating to public administration and that the applicant agrees that any disputes may be handled by the dispute resolution body.
- The registrar model
- The registrar model has a registry that performs the core operations and a number of registrars. The registrars are the link between the applicant and the registry, and they compete to offer the best possible service.
Requirements for the operation
The registry must ensure that there are sufficient backup copies of all registration data. In addition, the Regulation confines the use of the registration data to the registration and maintenance of domain names.
Dispute resolution procedures
The registry is required to establish a dispute resolution body that can treat complaints that a registered name infringes on the rights of a third party, is in breach of Norwegian law or creates an unwarranted impression of relating to public administration. Moreover, the dispute resolution body shall alsp handle complaints concerning the registry’s processing of applications.
Supervision and termination
The Regulation stipulates that the Norwegian Communications Authority is responsible for supervising compliance with the Regulation. They may impose orders on the registry in the event of contravention. The Authority is also responsible for taking over the data from the registry database, should the registry be dissolved without a new entity at hand ready to take over operations.
- The Norwegian Domain Regulation http://www.lovdata.no/for/sf/sd/xd-20030801-0990.html
- How to change the domain name policy of .no? http://www.norid.no/regelverk/rammer/regelverksprosess.en.html
- Norpol www.norid.no/regelverk/norpol/index.en.html
- IANA – Internet Assigned Numbers Authority http://www.iana.org
- ICANN – The Internet Corporation for Assigned Names and Numbers http://www.icann.org
- RFC1591 ftp://ftp.uninett.no/pub/rfc/rfc1591.txt
- The GAC-principles http://220.127.116.11/web/docs/cctld/cctld.txt
- Exchange of letters between Norid and ICANN https://www.norid.no/en/omnorid/norid-utveksler-brev-med-icann/
- IETF – Internet Engineering Task Force http://www.ietf.org