added RVP
git-svn-id: http://svn.cacert.org/CAcert/Policies@881 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
parent
88d1bb2902
commit
29369f5a84
1 changed files with 112 additions and 0 deletions
112
RemoteVerificationPolicy.html
Normal file
112
RemoteVerificationPolicy.html
Normal file
|
@ -0,0 +1,112 @@
|
||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
||||||
|
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
||||||
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||||
|
<head>
|
||||||
|
<title>
|
||||||
|
CACert Remote Verification Policy (RVP)
|
||||||
|
</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>
|
||||||
|
CACert Remote Verification Policy (RVP)
|
||||||
|
</h1>
|
||||||
|
<p>
|
||||||
|
<a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
|
||||||
|
Editor: Pete Stephenson<br />
|
||||||
|
Creation date: 2008-07-12<br />
|
||||||
|
Status: WIP 2008-07-12<br />
|
||||||
|
Next status: DRAFT 08-2008<br />
|
||||||
|
<!-- $Id$ -->
|
||||||
|
</p>
|
||||||
|
<h2>
|
||||||
|
0. Preliminaries
|
||||||
|
</h2>
|
||||||
|
<p>
|
||||||
|
This sub-policy extends the Assurance Policy ("AP") by providing a framework for members to verify their identity via Trusted Verification Provider ("TVP"s) including Government Authorities, Certification Authorities and Commercial Identity Providers, under the supervision of the Assurance Officer ("AO").
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
Successful completion of the process defined in RVP sub-policies shall result in the allocation of up to 50 points depending on level of trust in the TVP and the verification process.
|
||||||
|
</p>
|
||||||
|
<h2>
|
||||||
|
1. Scope
|
||||||
|
</h2>
|
||||||
|
<p>
|
||||||
|
This sub-policy is available to all members.
|
||||||
|
</p>
|
||||||
|
<h2>
|
||||||
|
2. Roles
|
||||||
|
</h2>
|
||||||
|
<h3>
|
||||||
|
2.1 Trusted Verification Provider ("TVP")
|
||||||
|
</h3>
|
||||||
|
<p>
|
||||||
|
Each TVA::
|
||||||
|
</p>
|
||||||
|
<ol style="list-style-type: lower-alpha;">
|
||||||
|
<li>MUST be <i><strong>verifiably practicing identification procedures</strong></i>, typically one of the following:<br />
|
||||||
|
<ol style="list-style-type: lower-roman;">
|
||||||
|
<li>
|
||||||
|
<strong>Government Authorities</strong> responsible for issuing ID documents or providing taxation functions
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<strong>Certification Authorities</strong> issuing authentication tokens (including certificates) based on a published identity verification process
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<strong>Commercial Identity Providers</strong> providing identity verification as a commercial service
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
</li>
|
||||||
|
<li>MUST provide a secure mechanism for validating a member's identity, including:
|
||||||
|
<ol style="list-style-type: lower-roman;">
|
||||||
|
<li>
|
||||||
|
<strong>Authentication Tokens</strong> which are delivered to the user and verifiable in a cryptographically strong fashion
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<strong>Online Verification</strong> via a web interface, ideally which is verified by SSL/TLS
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<strong>Out-of-Band</strong> communication directly with CAcert, Inc. as to the outcome of the verification
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
</li>
|
||||||
|
<li>SHOULD conduct identification procedures similar in nature to CAcert's existing procedures (eg examining ID documents, obtaining 'assurances' from other trusted members)
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<h3>
|
||||||
|
2.4 Member
|
||||||
|
</h3>
|
||||||
|
<p>
|
||||||
|
A Member (the subject of a verification) using the Remote Verification program:
|
||||||
|
</p>
|
||||||
|
<ol style="list-style-type: lower-alpha;">
|
||||||
|
<li>MUST agree to be bound the CAcert Community Agreement (CCA), including the Disupute Resolution Policy (DRP)
|
||||||
|
</li>
|
||||||
|
<li>MUST disclose any conflicts of interest (including but not limited to relationships with Assurers)
|
||||||
|
</li>
|
||||||
|
<li>MUST cover the costs of their assurance (if any), including fees imposed by TTPs and Assurers
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<h2>
|
||||||
|
3. Processes
|
||||||
|
</h2>
|
||||||
|
<h3>
|
||||||
|
3.1 Verification
|
||||||
|
</h3>
|
||||||
|
<ol style="list-style-type: lower-alpha;">
|
||||||
|
<li>Member SHALL create a CAcert account and agree to the CAcert Community Agreement (CCA)
|
||||||
|
</li>
|
||||||
|
<li>Member SHALL complete the procedure specified by the applicable sub-policy(s), including being verified by the TVP
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<h2>
|
||||||
|
4. Documentation
|
||||||
|
</h2>
|
||||||
|
<p>
|
||||||
|
Where documentation is required by the verification process it shall be subject to the prevailing records management policies which may require that it be kept for a certain period or destroyed immediately after processing.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>
|
||||||
|
</p>
|
||||||
|
</body>
|
||||||
|
</html>
|
Loading…
Reference in a new issue