cacert-policies/RemoteVerificationPolicy.html

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
	"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<title>
			CACert Remote Verification Policy (RVP)
		</title>
	</head>
	<body>
		<h1>
			CACert Remote Verification Policy (RVP)
		</h1>
		<p>
			<a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
			Editor: Pete Stephenson<br />
			Creation date: 2008-07-12<br />
			Last change by: Pete<br />
			Last change date: 2008-07-14 21:42 MST<br />
			Status: WIP 2008-07-12<br />
			Next status: DRAFT 08-2008<br />
			<!-- $Id$ -->
		</p>
		<h2>
			0. Preamble
		</h2>
		<p>
			This sub-policy extends the Assurance Policy ("AP") by providing a framework for members to verify their identity via Trusted Verification Provider ("TVP"s) including Government Authorities, Certification Authorities and Commercial Identity Providers, under the supervision of the Assurance Officer ("AO").
		</p>
		<p>
			Successful completion of the process defined in RVP sub-policies shall result in the allocation of up to 50 points depending on level of trust in the TVP and the verification process.
		</p>
		<h2>
			1. Scope
		</h2>
		<p>
			This sub-policy is available to all Members.
		</p>
		<h2>
			2. Roles
		</h2>
		<h3>
			2.1 Trusted Verification Provider ("TVP")
		</h3>
		<p>
			Each TVP::
		</p>
		<ol style="list-style-type: lower-alpha;">
			<li>MUST be <i><strong>verifiably practicing identification procedures</strong></i>, typically one of the following:<br />
				<ol style="list-style-type: lower-roman;">
					<li>
						<strong>Government Authorities</strong> responsible for issuing ID documents or providing taxation functions
					</li>
					<li>
						<strong>Certification Authorities</strong> issuing authentication tokens (including certificates) based on a published identity verification process
					</li>
					<li>
						<strong>Commercial Identity Providers</strong> providing identity verification as a commercial service
					</li>
				</ol>
			</li>
			<li>MUST provide a secure mechanism for validating a member's identity, including:
				<ol style="list-style-type: lower-roman;">
					<li>
						<strong>Authentication Tokens</strong> which are delivered to the user and verifiable in a cryptographically strong fashion;
					</li>
					<li>
						<strong>Online Verification</strong> via a web interface, ideally which is verified by SSL/TLS;
					</li>
					<li>
						<strong>Out-of-Band</strong> communication directly with CAcert as to the outcome of the verification;
					</li>
				</ol>
			</li>
			<li>SHOULD conduct identification procedures similar in nature to CAcert's existing procedures (eg examining ID documents, obtaining "assurances" from other trusted members)
			</li>
		</ol>
		<h3>
			2.4 Member
		</h3>
		<p>
			A Member (the subject of a verification) using the Remote Verification program:
		</p>
		<ol style="list-style-type: lower-alpha;">
			<li>MUST agree to be bound the CAcert Community Agreement (CCA), including the Disupute Resolution Policy (DRP)
			</li>
			<li>MUST disclose any conflicts of interest (including but not limited to relationships with Assurers)
			</li>
			<li>MUST cover the costs of their assurance (if any), including fees imposed by TTPs, TVPs, and Assurers
			</li>
		</ol>
		<h2>
			3. Processes
		</h2>
		<h3>
			3.1 Verification
		</h3>
		<ol style="list-style-type: lower-alpha;">
			<li>Member SHALL create a CAcert account and agree to the CAcert Community Agreement (CCA)
			</li>
			<li>Member SHALL complete the procedure specified by the applicable sub-policy(s), including being verified by the TVP
			</li>
		</ol>
		<h2>
			4. Documentation
		</h2>
		<p>
			Where documentation is required by the verification process it shall be subject to the prevailing records management policies which may require that it be kept for a certain period or destroyed immediately after processing.
		</p>
		<p>
			<a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>
		</p>
	</body>
</html>
git-svn-id: http://svn.cacert.org/CAcert/Policies@892 14b1bab8-4ef6-0310-b690-991c95c89dfd 2008-08-06 08:31:56 +00:00			`<?xml version="1.0" encoding="utf-8"?>`
			`<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"`
			`"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">`
			`<html xmlns="http://www.w3.org/1999/xhtml">`
			`<head>`
			`<title>`
			`CACert Remote Verification Policy (RVP)`
			`</title>`
			`</head>`
			`<body>`
			`<h1>`
			`CACert Remote Verification Policy (RVP)`
			`</h1>`
			`<p>`
			`<a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />`
			`Editor: Pete Stephenson<br />`
			`Creation date: 2008-07-12<br />`
			`Last change by: Pete<br />`
			`Last change date: 2008-07-14 21:42 MST<br />`
			`Status: WIP 2008-07-12<br />`
			`Next status: DRAFT 08-2008<br />`
			`<!-- $Id$ -->`
			`</p>`
			`<h2>`
			`0. Preamble`
			`</h2>`
			`<p>`
			`This sub-policy extends the Assurance Policy ("AP") by providing a framework for members to verify their identity via Trusted Verification Provider ("TVP"s) including Government Authorities, Certification Authorities and Commercial Identity Providers, under the supervision of the Assurance Officer ("AO").`
			`</p>`
			`<p>`
			`Successful completion of the process defined in RVP sub-policies shall result in the allocation of up to 50 points depending on level of trust in the TVP and the verification process.`
			`</p>`
			`<h2>`
			`1. Scope`
			`</h2>`
			`<p>`
			`This sub-policy is available to all Members.`
			`</p>`
			`<h2>`
			`2. Roles`
			`</h2>`
			`<h3>`
			`2.1 Trusted Verification Provider ("TVP")`
			`</h3>`
			`<p>`
			`Each TVP::`
			`</p>`
			`<ol style="list-style-type: lower-alpha;">`
			`<li>MUST be <i><strong>verifiably practicing identification procedures</strong></i>, typically one of the following:<br />`
			`<ol style="list-style-type: lower-roman;">`
			`<li>`
			`<strong>Government Authorities</strong> responsible for issuing ID documents or providing taxation functions`
			`</li>`
			`<li>`
			`<strong>Certification Authorities</strong> issuing authentication tokens (including certificates) based on a published identity verification process`
			`</li>`
			`<li>`
			`<strong>Commercial Identity Providers</strong> providing identity verification as a commercial service`
			`</li>`
			`</ol>`
			`</li>`
			`<li>MUST provide a secure mechanism for validating a member's identity, including:`
			`<ol style="list-style-type: lower-roman;">`
			`<li>`
			`<strong>Authentication Tokens</strong> which are delivered to the user and verifiable in a cryptographically strong fashion;`
			`</li>`
			`<li>`
			`<strong>Online Verification</strong> via a web interface, ideally which is verified by SSL/TLS;`
			`</li>`
			`<li>`
			`<strong>Out-of-Band</strong> communication directly with CAcert as to the outcome of the verification;`
			`</li>`
			`</ol>`
			`</li>`
			`<li>SHOULD conduct identification procedures similar in nature to CAcert's existing procedures (eg examining ID documents, obtaining "assurances" from other trusted members)`
			`</li>`
			`</ol>`
			`<h3>`
			`2.4 Member`
			`</h3>`
			`<p>`
			`A Member (the subject of a verification) using the Remote Verification program:`
			`</p>`
			`<ol style="list-style-type: lower-alpha;">`
			`<li>MUST agree to be bound the CAcert Community Agreement (CCA), including the Disupute Resolution Policy (DRP)`
			`</li>`
			`<li>MUST disclose any conflicts of interest (including but not limited to relationships with Assurers)`
			`</li>`
			`<li>MUST cover the costs of their assurance (if any), including fees imposed by TTPs, TVPs, and Assurers`
			`</li>`
			`</ol>`
			`<h2>`
			`3. Processes`
			`</h2>`
			`<h3>`
			`3.1 Verification`
			`</h3>`
			`<ol style="list-style-type: lower-alpha;">`
			`<li>Member SHALL create a CAcert account and agree to the CAcert Community Agreement (CCA)`
			`</li>`
			`<li>Member SHALL complete the procedure specified by the applicable sub-policy(s), including being verified by the TVP`
			`</li>`
			`</ol>`
			`<h2>`
			`4. Documentation`
			`</h2>`
			`<p>`
			`Where documentation is required by the verification process it shall be subject to the prevailing records management policies which may require that it be kept for a certain period or destroyed immediately after processing.`
			`</p>`
			`<p>`
			`<a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>`
			`</p>`
			`</body>`
			`</html>`