Case Study

RRSG Members: enterprise-grade workspace.

A secure, compliant member management platform for ICANN's Registrar Stakeholder Group, supporting 125+ registrar companies and their representatives.

125+

Registrar companies

4-tier

RBAC roles

9.5/10

Security score

124

API endpoints

The challenge

ICANN's Registrar Stakeholder Group (RrSG) coordinates the work of more than 125 registrar companies worldwide and the representatives they nominate to working groups, committees, and policy efforts. Their existing tools were fragmented across multiple platforms, making member management, working group coordination, and meeting scheduling difficult to maintain at scale. They needed a unified, secure platform that met ICANN's compliance requirements: role-based access, audit trails, two-factor authentication, and rate limiting. Off-the-shelf membership platforms could not handle the specific workflows or security posture required.

What we built

A custom enterprise workspace built on Next.js 15, PostgreSQL, and Prisma. The platform handles member profiles, registrar company associations, working group participation, calendar events with ICS export, and structured approval workflows for new memberships. The security layer is the heart of the system. Built on NextAuth with email-based 2FA, the platform enforces a 4-tier role-based access control system (Super Admin, Registrar Admin, Member Representative, Member) with session security including IP binding, user agent binding, and concurrent session limits.

Key decisions

We chose Next.js App Router for server-side rendering performance and the React 19 server components model, which gave us better security boundaries between client and server code. Prisma provided type-safe database access with a strong migration story for an evolving schema. Redis-backed rate limiting handles 9 different categories of requests with different policies, and a comprehensive audit log tracks every administrative action. File uploads go through magic-number validation rather than relying on file extensions or MIME types alone.

Outcome

The platform is in production at v1.0.1 with a 9.5/10 internal security score and WCAG 2.1 AA accessibility compliance. The system serves 125+ registrar companies and their representatives through 124 documented API endpoints and 174 React components. Working group administrators can manage their subgroups, members can RSVP to events with timezone-aware display, and the admin team has full visibility through the audit log. The platform is scoped to scale into real-time features and advanced search through future phases.

Screenshots

RRSG Members audit logs Super View with rate limit analytics and 4,413 tracked events
Audit logs with rate limit analytics, live mode, and CSV/JSON export. 4,413 logged events tracked across the system.
RRSG Members topics management dashboard showing latest topics, member registrars, working groups, and admin navigation
Topics management with full admin sidebar: registrars, subgroups, working groups, chat platforms, 2FA, and approvals.
RRSG Members email template administration with authentication, notification, and system templates
Email template management: 32 templates across authentication, notifications, and system messages with versioning.
RRSG Members admin dashboard with full sidebar navigation and calendar widget showing upcoming meetings
Member dashboard with calendar widget, registrar context, and integrated subgroup and working group access.

Technology stack

Next.js 15TypeScriptReact 19PrismaPostgreSQLNextAuthTailwind CSSRedis

Continue exploring