diff --git a/RemoteVerificationPolicy.html b/RemoteVerificationPolicy.html new file mode 100644 index 0000000..fc23653 --- /dev/null +++ b/RemoteVerificationPolicy.html @@ -0,0 +1,112 @@ + + + + + + CACert Remote Verification Policy (RVP) + + + +

+ CACert Remote Verification Policy (RVP) +

+

+ CAcert Policy Status
+ Editor: Pete Stephenson
+ Creation date: 2008-07-12
+ Status: WIP 2008-07-12
+ Next status: DRAFT 08-2008
+ +

+

+ 0. Preliminaries +

+

+ This sub-policy extends the Assurance Policy ("AP") by providing a framework for members to verify their identity via Trusted Verification Provider ("TVP"s) including Government Authorities, Certification Authorities and Commercial Identity Providers, under the supervision of the Assurance Officer ("AO"). +

+

+ Successful completion of the process defined in RVP sub-policies shall result in the allocation of up to 50 points depending on level of trust in the TVP and the verification process. +

+

+ 1. Scope +

+

+ This sub-policy is available to all members. +

+

+ 2. Roles +

+

+ 2.1 Trusted Verification Provider ("TVP") +

+

+ Each TVA:: +

+
    +
  1. MUST be verifiably practicing identification procedures, typically one of the following:
    +
      +
    1. + Government Authorities responsible for issuing ID documents or providing taxation functions +
    2. +
    3. + Certification Authorities issuing authentication tokens (including certificates) based on a published identity verification process +
    4. +
    5. + Commercial Identity Providers providing identity verification as a commercial service +
    6. +
    +
  2. +
  3. MUST provide a secure mechanism for validating a member's identity, including: +
      +
    1. + Authentication Tokens which are delivered to the user and verifiable in a cryptographically strong fashion +
    2. +
    3. + Online Verification via a web interface, ideally which is verified by SSL/TLS +
    4. +
    5. + Out-of-Band communication directly with CAcert, Inc. as to the outcome of the verification +
    6. +
    +
  4. +
  5. SHOULD conduct identification procedures similar in nature to CAcert's existing procedures (eg examining ID documents, obtaining 'assurances' from other trusted members) +
  6. +
+

+ 2.4 Member +

+

+ A Member (the subject of a verification) using the Remote Verification program: +

+
    +
  1. MUST agree to be bound the CAcert Community Agreement (CCA), including the Disupute Resolution Policy (DRP) +
  2. +
  3. MUST disclose any conflicts of interest (including but not limited to relationships with Assurers) +
  4. +
  5. MUST cover the costs of their assurance (if any), including fees imposed by TTPs and Assurers +
  6. +
+

+ 3. Processes +

+

+ 3.1 Verification +

+
    +
  1. Member SHALL create a CAcert account and agree to the CAcert Community Agreement (CCA) +
  2. +
  3. Member SHALL complete the procedure specified by the applicable sub-policy(s), including being verified by the TVP +
  4. +
+

+ 4. Documentation +

+

+ Where documentation is required by the verification process it shall be subject to the prevailing records management policies which may require that it be kept for a certain period or destroyed immediately after processing. +

+

+ Valid XHTML 1.1 +

+ +