ICANN contracted Four Kitchens to build a portal for its users to access zone data, much of which required encrypted credentials to be shared between various parties. I was the lead backend engineer on the project.

CZDAP has since been replaced by ICANN’s CZDS service.

Since ICANN’s data is all public, it’s possible to grab all the original proposal documents. The problem we solved with the CZDAP system is summed up in this quote:

The lightweight clearinghouse approach attempts to address this scaling problem by providing a single point of contact for administrative coordination of legal and technical identity information.

Essentially, the clearinghouse can be seen as: a lightweight management function that,

1. coordinates a standardized application process for gTLD zone file access on behalf of consumers and gTLD registry operators;
2. generates and manages credentials for consumers that gTLD operators have approved for access; and
3. distributes consumer credentials to approving gTLD registry operators.

We used public/private key cryptography to solve the (admittedly strange) business requirements, and released an open source tool called CZDAP tools to aid users in working with their data.

By sheer coincidence, our work we did in Austin (Texas) was presented in my home town of Durban (South Africa), where the 47th ICANN conference was held! All the slides below are in ICANN’s public archives: