The RFCs are ambiguous.
5733 (contacts):
3.2.4. EPP <transfer> Command
...the
<transfer> command MUST contain a <contact:transfer> element that
identifies the contact namespace. The <contact:transfer> element
contains the following child elements:
...
- A <contact:authInfo> element that contains authorization
information associated with the contact object.
However, the xsd explicitly marks it as optional:
<complexType name="authIDType">
<sequence>
<element name="id" type="eppcom:clIDType"/>
<element name="authInfo" type="contact:authInfoType"
minOccurs="0"/>
</sequence>
</complexType>
The language in 5731 (domains) is [] The only example given in both is for a transfer request, which is the one flow that obviously requires the authInfo.
We had decided that for transfer approve and reject, which are done by the losing client, requiring the authInfo is silly because it's available to that registrar from an <info> and there's no extra security in having them present it (although if they do present it we validate it). The question about cancel was whether the gaining client, which had to present the authInfo in the original transfer request, needs it again for cancel.
I can't come up with any reason this would be beneficial, and I'm making the decision: authInfo is not required on transfer cancel.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=133168739
The dark lord Gosling designed the Java package naming system so that
ownership flows from the DNS system. Since we own the domain name
registry.google, it seems only appropriate that we should use
google.registry as our package name.
This change renames directories in preparation for the great package
rename. The repository is now in a broken state because the code
itself hasn't been updated. However this should ensure that git
correctly preserves history for each file.
2016-05-13 18:55:08 -04:00
Renamed from java/com/google/domain/registry/flows/ResourceTransferCancelFlow.java (Browse further)
