Have IT Issues Visible and Actionable

Formalize control, guidance, and escalation across auditors, managers, and technicians.

Start Building Accountability | Learn More | See How It Works

This page offers an exploratory approach to understanding and modeling complex digital domains — particularly in RDAP, identity, and strategic IT roles.
While not derived from academic research, it is grounded in practical experience and systems thinking, revealing real organizational challenges and opportunities.

These insights help inform decision-making by clarifying how technical, organizational, and legal factors interact within digital infrastructure.
They provide a foundation for strategic planning, governance, and accountability across government IT domains.

Understanding people and roles in IT
IT thrives on the interaction between skilled specialists and effective managers. Specialists respond best when issues are framed in a real-world context — not just technically, but situationally. They are activated by complex technical ambiguity and challenged by autonomy, technical career paths, and meaningful recognition.

Managers add value beyond the technical peak, especially as IT challenges outpace traditional education. They are activated by organizational complexity and challenged by strategic influence, ownership, and outcome-based incentives. Face-to-face communication with skilled employees is the only practical way for a manager to work through demanding issues, translate technical challenges into business impact, and perform the necessary post-mortem analysis. Many managers reach their role after struggling with the work themselves, making guidance, collaboration, and effective platforms essential for real progress.

This balance of expertise and guidance transforms IT’s technical challenges into expected results.

Moving beyond isolated IT
In business administration, many concepts act as abstract endpoints — guiding yet never fully tangible, unlike accounting rules. Progress will stop if input does not go beyond the sandbox function. Complex challenges demand strategic accountability — guiding collaboration before technical or legal execution, yet avoiding unnecessary steering.

Standards and global positioning
IT standards become clear through targeted, accessible training materials.
A Dutch expert group can play a pivotal role in aligning global IT developments.

Identity and digital infrastructure
WebIDs are still evolving — a name such as ‘Peter Jansen’, ‘P. Jansen,’ or ‘P Jansen’ cannot serve as a unique identifier.

Strategic guidance and domain awareness – for discussion
Centralized digital governance is increasingly recognized as critical for successful transformation. Klöpping and Blom (2023), among others, highlight that fragmented responsibilities slow down progress and reduce effectiveness. One option often raised is the creation of a separate Ministry for Digital Affairs. Yet such a ministry may lack the weight of long-established portfolios like Finance, and risks becoming another silo. An alternative worth considering is to position Central Digital Affairs within the Ministry of General Affairs. This would place digital governance at the core of cabinet coordination, ensuring strategic direction at the highest level, while leveraging existing financial and administrative expertise.

If chosen, this approach allows for:
A coherent national digital strategy, with standards and priorities set centrally;
Clear accountability, while individual ministries remain responsible for domain-specific execution (e.g. healthcare, housing, justice).

Strategic key topics
1. Governance & Transparency

  • International-first design: government digital solutions should be designed for interoperability across borders. Systems should not be restricted to local contexts, ensuring resilience and adaptability to international standards.
  • User-level English: for user-level flexibility, US English should be allowed — for example, in services such as rdap.org.
  • Transparent tariffs and charges: monopoly tariffs, charges, and discounts should be explicitly assessed, centrally validated, and published in the public interest. This ensures justified pricing and prevents hidden costs.
  • Early legal frameworks: establish clear legal structures to guide and support maturing projects from the outset. Governance should evolve alongside technical maturity, providing stability without stifling innovation.
  • Cross-ministerial governance: governance is effective only when it transcends ministerial boundaries, backed by binding standards that empower tactical efficiency rather than strategy in name only.

2. Infrastructure & Domain Management

  • Registrar Rijksoverheid: Government domains should be registered under a clearly designated registrant name with an accountable contact person. Anonymous or unclear ownership undermines trust and accountability.
  • Direct registrar relationships: Government domains should be managed exclusively through direct registrar relationships. Use of domain resellers introduces unacceptable risks of mismanagement, fragmentation, and lack of accountability.
  • .gov.nl second-level domain readiness: Registrant and contact information should always identify the legally responsible government entity. Clear accountability ensures both technical reliability and legal compliance. Development speed from SIDN should be actively demanded to meet operational and policy needs.
  • SOA RNAME mailbox compliance: Authoritative name servers should comply with RFC 2142 and RFC 1035 by ensuring a functioning and monitored RNAME mailbox. This guarantees reliable contactability in case of incidents.
  • Reverse server name accountability: Reverse server name domains should unambiguously resolve to the server or service responsible for the corresponding address space. This could become a MUST to strengthen accountability and transparency.
  • Name server ownership transparency: Each name server domain should have a visible and transparent business owner. Public clarity on responsibility strengthens both operational resilience and trust.

3. Tools & Operational Capability

  • First-contact accountability with ticket-based escalation
    A structured, integrated ticketing system supports this process by enabling knowledge sharing, ensuring the legal traceability of third-party submissions (such as screenshots or other evidence), and providing a formal channel for enhancement requests directed to delivering organizations. Accountability remains with the first point of contact, preventing unnecessary burden on citizens, while continuous improvement is built into the workflow.
  • Public-interest disclosures must be receivable without forced procedural or contractual consent.
    (Global basis: UNCAC Art. 33 — Protection of reporting persons)
  • Civil-servant ownership of incoming issues
    “Your request concerns matters that fall under the responsibility of another competent authority. That authority applies existing and functioning requirements in this area. Your request will therefore be forwarded to the appropriate authority for further handling.”
  • Mature vulnerability management
    Integrate issue-source analysis and regular maintenance to distinguish configuration or quality findings from genuine security vulnerabilities.
  • Integrated RDAP tooling
    Assign responsibility for RDAP implementation to the government itself. The registry (SIDN) is not accountable for service delivery; instead, government-owned RDAP services ensure alignment with governance, transparency, and international obligations.
  • Automated audit tools
    Equip the Data Officer with advanced automated mechanisms to verify or revoke registrant validations. This reduces dependency on impractical manual workloads while maintaining compliance, oversight, and the ability to act decisively in the public interest.
  • Trade-register naming standards
    Normalize abbreviations by default — for example, treating “B.V.” and “N.V.” as “BV” and “NV” as additional trade names in the Trade Register. Case sensitivity should also be enforced, requiring the register to recognize uppercase and lowercase letters in trade names as distinct legal identifiers.

4. International & Security Alignment

  • EU cloud direction: governance and direction should be tested at a small scale before committing to large-scale investments. Early experimentation reduces lock-in and ensures better alignment with European frameworks.
  • ICANN/IANA maturity: strengthen TLD support with more relevant machine-readable data and structures, ensuring Dutch domains remain interoperable and aligned with international standards.
  • ICANN design test: continuously assess ccTLD-proof tables and access structures to validate robustness against international technical and governance requirements.
  • Automated country-level security test: implement automated detection of risks based on validated domain and URL lists, saving time and enabling faster, more reliable security responses at scale.
  • National data centers: assign clear administrative roles and responsibilities for national data centers to ensure capable civil service performance and sustainable, sovereign infrastructure.

Regarding Web Domain and Hosting Control:

The Dutch website en.internet.nl, a Django-based application, provides essential action points for responsible parties based on the results of automated tests. The following points are worth noting:

  1. Due to the broad range of test topics, a critical issue may result in only a minor deduction from an otherwise near-perfect score;
  2. A closed server can still achieve a score of 61% for web and 70% for email, based solely on DNS configuration—despite being inaccessible;
  3. Time-outs deserve recognition as a fundamental quality issue. While often dismissed as temporary, they indicate a service that is effectively unreachable. This makes them just as serious as missing encryption or misconfigured redirects. Tools and scoring models should treat time-outs as a critical error rather than a minor observation;
  4. Domain holder name challenges often require country-specific solutions. While the necessary technical tools nearly exist, political awareness is key. This issue could be effectively addressed, as technical experts alone are unlikely to resolve it;
  5. The current “Hall of Fame” model may need to evolve toward more future-proof methods, including testing with email-based user identification;
  6. As in my tools, I recommend adopting a four-column format that presents IPv4 and IPv6 results separately, rather than combining them;
  7. Email functionality — both sending and receiving — depends on many factors. Unfortunately, a score of 100% misleads.

From Actionable Screenshots to Resolution and Management-Ready Post-Mortem Reviews

  1. Free Domain Lookup, including DNSSEC and Whois (PHP/Python/JSON, since August 15, 2021) — rdap.hostingtool.nl/modeling_domain
  2. Free Server Header Lookup, to phase out (PHP/XML, since January 14, 2022) — www.hostingtool.nl/server_headers
  3. Testing receipt of email with a false sender (PHP/SMTP, since June 25, 2022) — not a public tool
  4. Free Domain Control Register ® (PHP/JSON, since November 30, 2024) — www.domaincontrolregister.org
  5. Free Homepage Route Overview (PHP/Python, since February 26, 2025) — www.workingornot.org
  6. Free Security Header Overview (PHP/Python, since March 18, 2025) — securityheaders.hostingtool.org
  7. Free Hosting Lookup (PHP/Python/JSON, since May 6, 2025) — lookup.hostingtool.org
  8. Free Registry Table Definition Design (PostgreSQL, since May 16, 2025) — github.com
  9. Free Top-level Domain Lookup (PHP/JSON, since June 21, 2025) — rdap.hostingtool.nl/modeling_tld

Towards a Tri-Partite and Parallel Structure for IT in the Netherlands

Principle of Functional Separation

Clear separation between policy/advisory mandates and operational service delivery is essential. Advisory bodies should not assume execution tasks. Operational responsibilities — such as DigiD and MijnOverheid under the Logius Agency — remain with their designated service organizations.

On September 24, 2025, the NDS (in UK English: Netherlands’ Digitalisation Strategy) has been evaluated. The current strategy shows fundamental shortcomings and requires reconsideration. To strengthen digital governance, I suggest a tri-partite advisory structure, distinguishing strategic, tactical, and operational mandates.

Operational (Digitale Kenniswisseling) → Tactical (Orgaan Digitale Expertise) → Strategic (Centrale Digitale Zaken / Forum Standaardisatie) → Cabinet

Mandates under Ministery of General Affairs

Centrale Digitale Zakencentraledigitalezaken.nlNL Central Digital Affairs
Composed of former politicians and strategic thinkers. The body is mandated to:

  • validate expert authority in digital affairs;
  • identify and assess strategic issues of national importance;
  • establish an escalation path to the Cabinet for unresolved or high-impact matters;
  • draw on academic foresight — including scenario studies and long-term research — to strengthen the national digital strategy.

Forum Standaardisatieforumstandaardisatie.nlNL Standardization Forum
Composed of senior civil servants. The body is mandated to:

  • govern and maintain national standards in digitalization;
  • initiate and coordinate strategic design of governance resources;
  • provide structured input to Centrale Digitale Zaken where standardization issues require escalation.
Mandates under the Ministry of the Interior

Orgaan Digitale Expertiseorgaandigitaleexpertise.nlNL Digital Expertise Body
Composed of management-level experts. The body is mandated to:

  • provide tactical steering and oversight across public administration on a national scale;
  • advise on the alignment of digital initiatives across ministries and agencies;
  • escalate unresolved or cross-departmental issues upward to the strategic level;
  • draw on academic experts, including university professors, for independent insights and research-based advice that strengthen tactical decision-making.

Digitale Kenniswisselingdigitalekenniswisseling.nlNL Digital Knowledge Exchange
Composed of civil servants. The body is mandated to:

  • organize platforms differentiated by education type;
  • serve as the operational point of contact for digital knowledge within public administration and in cooperation with private companies;
  • support the Digitale Expertise Body in its advisory tasks;
  • explicitly not assume responsibility for service delivery, which remains with designated operational agencies (e.g. DigiD under the Logius Agency).
Parallel Body

Stichting ECP | Platform voor de InformatieSamenlevingecp.nlNL Platform for the Information Society
Composed of representatives from private companies, sector organizations, and societal stakeholders. This parallel body is mandated to:

  • provide structured input on technological developments, market trends, and innovation relevant to national digital affairs;
  • advise on the practical feasibility and societal impact of proposed standards, governance resources, and policies;
  • communicate broadly with stakeholders to ensure societal understanding of digital issues;
  • participate in consultation rounds with Digitale Kenniswisseling, Orgaan Digitale Expertise, and Forum Standaardisatie to align public and private expertise;
  • explicitly not exercise steering, oversight, or service delivery functions, which remain the responsibility of public authorities and designated agencies.

Note: These tri-partite and parallel mandates are advisory in nature and do not limit or replace the authority of Parliament in decision-making.

Fragmented ccTLD Systems: Why ICANN Must Address the Modeling Barrier

A proposal for “RDAP Next” — a unified, semantically consistent registry data model designed for automation, interoperability, and accountability.
  1. ICANN’s limited visibility into the diverse software environments powering ccTLD operations has led to systemic fragmentation — a critical obstacle to achieving unified and resilient global registry modeling.
  2. PostgreSQL’s support for JSON and JSONB field types enables flexible storage of semi-structured, TLD-specific identifier properties. These capabilities are essential for integrating heterogeneous data from multiple sources. However, the current RDAP vCard array format for postal addresses lacks structural consistency. For example, inconsistent use of country names versus ISO codes in RDAP responses undermines both machine readability and data reliability. Flattened JSON fields eliminate arbitrary nesting and reduce schema ambiguity.
  3. Operationally, some ccTLDs — such as the Netherlands — have implemented optimized practices, including indexed fields for postal code search. Next, RDAP output, especially for an entity nested at the table level, can be done at a single level. This facilitates both automatic parsing and user-friendly presentation. And finally, the table structure should enforce role-specific visibility in RDAP to reduce ambiguity and improve security.
  4. Data quality is further undermined by overreliance on registrar-supplied input. In many ccTLD ecosystems, registrars remain the primary data source, often without authoritative validation. This weakens data integrity and highlights the need for automated, standardized controls across the registry landscape.
  5. Domain lifecycle modeling also demands greater precision. For instance: a domain marked as pendingDelete should not simultaneously carry the redemptionPeriod status — and vice versa. These are mutually exclusive lifecycle states that should be modeled explicitly to prevent operational ambiguity.
  6. RDAP includes domain status codes such as transfer prohibited. However, unlike EPP, RDAP does not distinguish whether these restrictions are imposed by the registrar (client-side) or the registry (server-side). This lack of granularity and accountability having an unspecified actor may hinder operational clarity and complicate dispute resolution.
  7. RDAP Next (proposed evolution)
    URL paths use kebab-case, EPP elements remain in camelCase, and JSON fields and query parameters use snake_case.
    Furthermore fixed-order arrays for readability, and abuse, only at table level, under the registrar.
    [
        {“metadata”: [
            {“object_type”: “domain”,
            “resource_upload_at”: “2025-10-28T00:14:20Z”}]},
        {“properties”: [
            {“statuses”: [“dns_delegated”],
            “created_at”: “2018-07-21T18:36:10Z”,
            “latest_update_at”: “2025-03-16T16:20:25Z”}]},
        {“entities”: [
            {“registrant”: [{“organization_name”: “Example B.V.”, “country_code”: “NL”}]},
            {“registrar”: [{“organization_name”: “Example B.V.”, “country_code”: “NL”}]},
            {“registrar_abuse”: [{“email”: “jan@example.nl”, “country_code”: “NL”}]}]}
    ]
    Legacy RDAP status labels are ambiguous and inconsistently applied. The proposed model introduces structured, descriptive status identifiers to ensure semantic clarity, interoperability, and consistency in automation.
    RDAP Status Remapping
    active → dns_delegated (dns_not_delegated at output level if no nameserver details are present)
    inactive → no_dns
    redemption period → pending_redemption
    Prohibition Flags:
    When registry-controlled:
    * serverTransferProhibited
    * serverUpdateProhibited
    * serverDeleteProhibited
    * serverRenewProhibited
    Otherwise registrar-controlled:
    * clientTransferProhibited
    * clientUpdateProhibited
    * clientDeleteProhibited
    * clientRenewProhibited
    Note 1: Avoid using indeterminate statuses (e.g., locked or transfer prohibited) when more fine-grained flags are available.
    Note 2: If a domain has no DNS, it cannot use DMARC / SPF to defend against unauthorized email.
  8. Finally, aligning the domain deletion phase (pendingDelete) with search engine deindexing elevates it from a purely technical state to a GDPR-relevant lifecycle boundary. This alignment creates legal, operational, and policy incentives to support data minimization, authoritative lifecycle closure, and responsible information removal.

Up-to-Date PostgreSQL Registry Table Definition (Since May 16, 2025)
Developed to replace legacy registry systems and support deployment on global RDAP servers, this schema upgrade enhances data clarity, consistency, and maintainability, representing a critical step forward in modernizing the RDAP protocol.

Machine-Readable IANA Root Zone Data:
My IANA root zone data is in a renewed format, to be retrieved from a designated IANA server and relying on user activity logging—including from unidentified internet users—for issue resolution, the tool avoids unnecessary traffic, reduces system overhead, and supports traceable, efficient operations.

RFC-allowed in the .nl Domain (Netherlands)

– Dutch SIDN maintains gTLD operational requirements for .amsterdam and .politie.
– The .frl root zone (Province of Friesland) is maintained in England and has been updated.
– If SIDN adopts 30-day pending redemption plus 5-day pending delete, it could work well.
– Final-stage domains for ccTLD: https://www.catchtiger.com/nl/domeinnaam-veilingen/
or for gTLD: https://www.expireddomains.net/expired-domains/.
– The .nl nameserver domain dns.nl has no mail-related DNS, leaving it unprotected against sender spoofing.

– During a ccTLD migration (e.g., with SIDN), each registry domain should include a registrant, contact objects, and DNS settings, and must avoid using indeterminate status values. Instead, clearly defined statuses (e.g., the EPP code serverTransferProhibited) should be applied to ensure transparent registrar responsibility.

RFC-allowed in the .fr Domain (France)

RFC-allowed in the .de Domain (Germany)

Description of Strengthening Digital Governance in the Netherlands

  1. A Minister for Digital Affairs Wouldn’t Be the Right Fit
    A dedicated minister could signal stronger centralization, but also risks politicizing a domain that benefits from being technically driven and multi-stakeholder. Continuity, independence, and agility are often more difficult to secure within conventional ministerial portfolios.
  2. Centrale Digitale Zaken under the Ministry of General Affairs
    Supervision of national digital activities, policies, and strategic direction could be anchored within Algemene Zaken. This would emphasize cross-governmental importance and provide independence from sectoral interests, while situating digital governance at the core of cabinet coordination.
    (NL: interacting with Forum Standaardisatie, currently part of the Ministry of the Interior)
  3. Orgaan Digitale Expertise under the Ministry of the Interior
    The body could act as the primary channel for expertise within government, ensuring that digital policy and practice are consistently aligned with the public interest. By consolidating ongoing NDS-related efforts, the body would provide coherence, legitimacy, and a trusted point of contact for both government and society.
    (NL: integration of the current OBDO into this structure)
  4. Digitale Kenniswisseling under the Ministry of the Interior
    A specialized task group could foster collaboration among professionals and embed adaptive expertise across all layers of government. At present, the Standardisation Forum often serves as a point of contact, but its scope is limited. Digitale Kenniswisseling could broaden this role into a cross-governmental knowledge function with structural capacity.
    (NL: merger of the current PGDI and Bureau MIDO into this structure)
  5. Centrale Digitale Zaken as ccTLD Manager (Long-Term Vision)
    Over time, CDZ could become the designated manager of the .nl country code top-level domain (ccTLD). This would require close cooperation with ICANN, as ccTLD management changes follow a global approval process. Treating .nl stewardship as a government responsibility would reinforce sovereignty over a critical national digital asset, while ensuring transparent, multi-stakeholder governance.

Detailed about Dutch ccTLD and geoTLD control:

  • While the Ministry of Economic Affairs provides a legal framework until November 21, 2029, this control remains primarily a policy objective. In practice, operational responsibility for the .nl domain lies with SIDN and is expected to remain there for the foreseeable future.
  • The update to reflect SIDN B.V. as the Backend Operator—effective January 1, 2023—remains pending in the IANA database. Although still necessary, this is regarded as a technical matter and constitutes a procedural update within the IANA framework, not requiring the development of new ICANN policy.
  • The .frl top-level domain is a sponsored TLD privately managed by FRLregistry B.V.

Detailed about the Ministry of General Affairs:

  • Govern IT under a Cabinet Office. And dismiss unnecessary advisory bodies.
    – UK’s Cabinet Office falls under the Ministry of General Affairs. If realized in NL: “Kabinetsbureau”.
    – UK’s Government Digital Service (GDS) operates hierarchically under the Cabinet Office.
  • Generate training material for further education from the European Cloud, which is in preparation.
    – The AWS GovCloud in the United States, is managed by Amazon.
    – Organizations using GovCloud must verify that all individuals with access to the environment are U.S. citizens.
    – GovCloud cannot be used by foreign nationals or organizations, even if they have legitimate access to other AWS services.
  • Work on a Dutch or EU Digital Service for generic application software related to DNS and registries.
    – Well-considered proposals, RFC and non-RFC, could feed the IANA organization.

Detailed about the Ministry of Economic Affairs:

  • Include automated task costs in just one annual web domain fee.
  • Include a change in a registrar’s own data in its period costs.
  • Eliminate all registry discounts. A volume discount causes unfair competition.

Detailed about the Ministry of the Interior and Ministry of Justice:

  • List areas of expertise, engage specialists, ensure dynamic interaction and make decisions.
  • Country-Based Web Domain Services (WDSs like “Webdomeindienst” in NL)
    – WDS jurisdiction is based on the real domain user’s country, not the registrant of record.
    – This avoids central storage of sensitive roles (e.g. “data officer”) at the Chamber of Commerce (KVK).
    – Instead, national entities can provide the appropriate verification and governance.
    – Data officer appointment is directly confirmed by the director of the relevant organisation in that country.
  • Maintain continuity of IT expertise by involving the permanent EU stakeholder group.

Detailed about NL / EU / US and including generic top-level domain zones:

  • Discuss global design and programming of Registration Data Access Protocol software.
    – For a more readable RDAP output, write registrar_abuse from its current table-level position under the registrar at the top level of entities.
    – Introduce an emergency entity in RDAP to formally organize backup to get access.
    – Introduce a fallback entity in RDAP to respond when registrant information is missing.
  • Generate web IDs that start with the ISO2 country code, for business entities and natural persons.
  • Plan verification of web domain users indexed by web ID, starting with modeling in RDAP like mine.
  • Use the developed Domain Control Register®, based on the real web domain user.
    – Report regarding expired HTTPS, security.txt or DANE via email. Perhaps a DCR revenue model.
  • Improve web domain RDAP.
    – Get custom fields approved and listed for standardization.
    – The top-level domain data can be further developed and made easily automatically retrievable.
    – A table schema design has been developed for registry data (ready for second-level .gov.nl).
    – Future global communication between databases will require improved identifier and handle design.
    – Steering application development toward Django as the preferred framework.

About Communicated Government DNS Action Points