You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

152 lines
5.0 KiB

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
<TITLE> CACert Remote Verification Policy (RVP) </TITLE>
<META NAME="CHANGED" CONTENT="20090211;15005300">
<H1>CAcert Remote Verification Policy (RVP) </H1>
<P><A HREF="PolicyOnPolicy.html"><IMG SRC="Images/cacert-wip.png" NAME="graphics1" ALT="CAcert Policy Status" ALIGN=BOTTOM WIDTH=90 HEIGHT=33 BORDER=0></A><BR>Author:
Pete Stephenson<BR>Creation date: 2008-07-12<BR>
Status: WIP 2008-07-12 <BR>
Edited by: Teus Hagen, 2009-02-11<BR>
Next status: DRAFT 2009<BR>
<!-- $Id$ --></P>
<H2>0. Preliminaries </H2>
<P>This sub-policy extends the Assurance Policy (&quot;AP&quot;)
and Organisation Assurance Policy (“OAP”) by providing a
framework for Members to verify for individual Members their identity
and for organisation Members their organisation (trade) name via Trusted Third
Provider (&quot;TTP&quot;s) including Government Authorities,
Certification Authorities and Commercial Identity Providers, under
the supervision of a CAcert (Organisation) Assurer.
<P>Successful completion of the verification of name process defined
in RVP sub-policies shall result in the allocation of 10 extra
Assurance Points added to the maximum of Assurance Points the Assurer,
supervising the assurance process for the Member, can allocate.
<H2>1. Scope </H2>
<P>This sub-policy is available to all individual and organisation
Community Members. </P>
<H2>2. Roles </H2>
<H3>2.1 CAcert (Organisation) Assurer</H3>
<P>The CAcert (Organisation) Assurer must check the CAcert
(Organisation) Assurance Programme form. The identity verification or
organisation name verification is remotely performed by the Trusted
Verification Provider (2.2).</P>
<P>The Trusted Verification Provider who is involved in the
verification process should be accepted by the Assurer.
<P>The Assurer will keep the following signed documents:</P>
<LI><P>Signed document (e.g. CAP or COAP form) for CAcert Community Agreement with the Member.</P>
<LI><P>Signed report of the Trusted Verification Provider for the name verification.</P>
<H3>2.2 Trusted Verification Provider (&quot;TVP&quot;) </H3>
<P>Each TVA:: </P>
<LI><P>must be <STRONG><I>verifiably
practicing identification procedures</I></STRONG>, typically one of
the following:</P>
<LI><P><STRONG>Government Authorities</STRONG>
responsible for issuing ID documents for individuals, trade office
extracts for organisations, or providing taxation functions
<LI><P><STRONG>Certification Authorities</STRONG>
issuing authentication tokens (including certificates) based on a
published identity and/or trade name verification process
<LI><P><STRONG>Commercial Identity
Providers</STRONG> providing identity verification as a commercial
<LI><P><B>Commercial Trade name
Registrars</B> providing trade name verification.</P>
<LI><P>must provide a secure mechanism
for validating a member's identity and/or organisation name or trade
name , including:
<LI><P><STRONG>Authentication Tokens</STRONG>
which are delivered to the user and verifiable in a
cryptographically strong fashion
<LI><P><STRONG>Online Verification</STRONG>
via a web interface, ideally which is verified by SSL/TLS
communication directly with CAcert, Inc. as to the outcome of the
<LI><P>should conduct identification of name procedures similar in
nature to CAcert's existing procedures (eg examining ID documents,
trade office extracts, obtaining 'assurances' from other trusted
<H3>2.3 Member </H3>
<P>A Member (the subject of a verification) using the Remote
Verification program: </P>
<LI><P>must agree to be bound the CAcert
Community Agreement (CCA).</P>
<LI><P>must disclose any conflicts of
interest (including but not limited to relationships with
(Organisation) Assurer)
<LI><P>must cover the costs of their assurance (if any), including
fees imposed by TVPs and Assurer.</P>
<H2>3. Processes </H2>
<H3>3.1 Verification </H3>
<LI><P>Member shall create a CAcert
account and agree to the CAcert Community Agreement (CCA)
<LI><P>Member shall complete the procedure specified by the
applicable sub-policy(s), including being verified by the TVP .</P>
<H2>4. Documentation </H2>
<P>Where documentation is required by the verification process it
shall be subject to the prevailing records management policies which
may require that it be kept for a certain period or destroyed
immediately after processing.
<P><A HREF=""><IMG SRC="Images/valid-xhtml11-blue" NAME="graphics2" ALT="Valid XHTML 1.1" ALIGN=BOTTOM WIDTH=90 HEIGHT=33 BORDER=0></A>