From 29369f5a84aeb99530783f458ab408ece63a674d Mon Sep 17 00:00:00 2001 From: Sam Johnston Date: Sat, 12 Jul 2008 17:21:47 +0000 Subject: [PATCH] added RVP git-svn-id: http://svn.cacert.org/CAcert/Policies@881 14b1bab8-4ef6-0310-b690-991c95c89dfd --- RemoteVerificationPolicy.html | 112 ++++++++++++++++++++++++++++++++++ 1 file changed, 112 insertions(+) create mode 100644 RemoteVerificationPolicy.html diff --git a/RemoteVerificationPolicy.html b/RemoteVerificationPolicy.html new file mode 100644 index 0000000..fc23653 --- /dev/null +++ b/RemoteVerificationPolicy.html @@ -0,0 +1,112 @@ + + + + + + CACert Remote Verification Policy (RVP) + + + +

+ CACert Remote Verification Policy (RVP) +

+

+ CAcert Policy Status
+ Editor: Pete Stephenson
+ Creation date: 2008-07-12
+ Status: WIP 2008-07-12
+ Next status: DRAFT 08-2008
+ +

+

+ 0. Preliminaries +

+

+ This sub-policy extends the Assurance Policy ("AP") by providing a framework for members to verify their identity via Trusted Verification Provider ("TVP"s) including Government Authorities, Certification Authorities and Commercial Identity Providers, under the supervision of the Assurance Officer ("AO"). +

+

+ Successful completion of the process defined in RVP sub-policies shall result in the allocation of up to 50 points depending on level of trust in the TVP and the verification process. +

+

+ 1. Scope +

+

+ This sub-policy is available to all members. +

+

+ 2. Roles +

+

+ 2.1 Trusted Verification Provider ("TVP") +

+

+ Each TVA:: +

+
    +
  1. MUST be verifiably practicing identification procedures, typically one of the following:
    +
      +
    1. + Government Authorities responsible for issuing ID documents or providing taxation functions +
      2. +
    2. + Certification Authorities issuing authentication tokens (including certificates) based on a published identity verification process +
      3. +
    3. + Commercial Identity Providers providing identity verification as a commercial service +
      4. +
    +
    2. +
  2. MUST provide a secure mechanism for validating a member's identity, including: +
      +
    1. + Authentication Tokens which are delivered to the user and verifiable in a cryptographically strong fashion +
      2. +
    2. + Online Verification via a web interface, ideally which is verified by SSL/TLS +
      3. +
    3. + Out-of-Band communication directly with CAcert, Inc. as to the outcome of the verification +
      4. +
    +
    3. +
  3. SHOULD conduct identification procedures similar in nature to CAcert's existing procedures (eg examining ID documents, obtaining 'assurances' from other trusted members) +
    4. +
+

+ 2.4 Member +

+

+ A Member (the subject of a verification) using the Remote Verification program: +

+
    +
  1. MUST agree to be bound the CAcert Community Agreement (CCA), including the Disupute Resolution Policy (DRP) +
    2. +
  2. MUST disclose any conflicts of interest (including but not limited to relationships with Assurers) +
    3. +
  3. MUST cover the costs of their assurance (if any), including fees imposed by TTPs and Assurers +
    4. +
+

+ 3. Processes +

+

+ 3.1 Verification +

+
    +
  1. Member SHALL create a CAcert account and agree to the CAcert Community Agreement (CCA) +
    2. +
  2. Member SHALL complete the procedure specified by the applicable sub-policy(s), including being verified by the TVP +
    3. +
+

+ 4. Documentation +

+

+ Where documentation is required by the verification process it shall be subject to the prevailing records management policies which may require that it be kept for a certain period or destroyed immediately after processing. +

+

+ Valid XHTML 1.1 +

+ +