A registrant must prove that they are the end user of the telephone number and entitles to the ENUM registration. This is done by sending data to a Validation Agency (VA) who then validates this usage.

The VA then provides a validation token to the registrar confirming ownership of the number range. The token can then be used within a registration request to us. The VA token used for EPP commands conforms to RFC 5105, is digitally signed and includes the following data:

• The contiguous range of telephone numbers.
• Who the registrar is.
• Information about the registrant.
• The expiration date of the token.

A valid token is required for registration, renewal and registrar changes. This means that when these operations take place, a token must be provided as part of the operation request and the expiration date of the token provided must cover the lifespan of the ENUM registration.

Token fields

A validation token is structured into three parts, described below:

• Basic validation information contained in a <validation> element
  
• Additional information about the registrant contained in a <tokendata> element.
  
• The digital signature

<validation> element

A token must contain <validation> element which contains the following fields:

Field	Description
serial	Identifies the token and is unique per VA.
E164Number	The first number in the ENUM range validated
lastE164Number	The last number in the ENUM range validated. If it is not present then only a single number has been validated. E164Number and lastE164Number must be of the same length.
validatationEntityID	Identifies the VA
registrarID	Identifies the registrar
methodID	Identifies the method used by the VA for validation.
executionDate	The date of validation.
expirationDate	The expiration date of the validation token. This must cover the registration period applied for on registration or renewal; or the existing registration period on transfer or modification

<tokendata> element

A token may contain a <tokendata> section containing the following information about the number holder. All fields are optional.
      

Field	Description
organization	Contains the full name of the organisation to which the registrant is affiliated
commercialregisternumber	The registered number of the company or organisation.
title, firstname, lastname	The registrant's name
address	A single address section containing streetName, houseNumber, postalCode, locality, countyStateOrProvince, ISOcountryCode
phone	Up to 10 fields are allowable
fax	Up to 10 fields are allowable
email	Up to 10 fields are allowable.

Digital signature

The digital signature element of the token follows RFC 3275 and provides the trust relationship between the registry and the VA.The digital signature on the token provides:

• authenticity, i.e. the token was generated by the indicated VA.
• integrity, i.e. the token was not tampered with in transit.
• non-repudiation, i.e. allows auditing of the validation process.