cacert/cacert-policies
9
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Added Org Assurance members and changed to 10 extra ass points of supervising assurer, added supervising assurer.

Browse source 
git-svn-id: http://svn.cacert.org/CAcert/Policies@1171 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
Teus Hagen 2009-02-11 14:21:36 +00:00
parent 6980afcd3d
commit 46fd411932
1 changed files with 151 additions and 114 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

265
RemoteVerificationPolicy.html
View file

@ -1,114 +1,151 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>
CACert Remote Verification Policy (RVP)
</title>
</head>
<body>
<h1>
CACert Remote Verification Policy (RVP)
</h1>
<p>
<a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
Editor: Pete Stephenson<br />
Creation date: 2008-07-12<br />
Last change by: Pete<br />
Last change date: 2008-07-14 21:42 MST<br />
Status: WIP 2008-07-12<br />
Next status: DRAFT 08-2008<br />
<!-- $Id$ -->
</p>
<h2>
0. Preamble
</h2>
<p>
This sub-policy extends the Assurance Policy ("AP") by providing a framework for members to verify their identity via Trusted Verification Provider ("TVP"s) including Government Authorities, Certification Authorities and Commercial Identity Providers, under the supervision of the Assurance Officer ("AO").
</p>
<p>
Successful completion of the process defined in RVP sub-policies shall result in the allocation of up to 50 points depending on level of trust in the TVP and the verification process.
</p>
<h2>
1. Scope
</h2>
<p>
This sub-policy is available to all Members.
</p>
<h2>
2. Roles
</h2>
<h3>
2.1 Trusted Verification Provider ("TVP")
</h3>
<p>
Each TVP::
</p>
<ol style="list-style-type: lower-alpha;">
<li>MUST be <i><strong>verifiably practicing identification procedures</strong></i>, typically one of the following:<br />
<ol style="list-style-type: lower-roman;">
<li>
<strong>Government Authorities</strong> responsible for issuing ID documents or providing taxation functions
</li>
<li>
<strong>Certification Authorities</strong> issuing authentication tokens (including certificates) based on a published identity verification process
</li>
<li>
<strong>Commercial Identity Providers</strong> providing identity verification as a commercial service
</li>
</ol>
</li>
<li>MUST provide a secure mechanism for validating a member's identity, including:
<ol style="list-style-type: lower-roman;">
<li>
<strong>Authentication Tokens</strong> which are delivered to the user and verifiable in a cryptographically strong fashion;
</li>
<li>
<strong>Online Verification</strong> via a web interface, ideally which is verified by SSL/TLS;
</li>
<li>
<strong>Out-of-Band</strong> communication directly with CAcert as to the outcome of the verification;
</li>
</ol>
</li>
<li>SHOULD conduct identification procedures similar in nature to CAcert's existing procedures (eg examining ID documents, obtaining "assurances" from other trusted members)
</li>
</ol>
<h3>
2.4 Member
</h3>
<p>
A Member (the subject of a verification) using the Remote Verification program:
</p>
<ol style="list-style-type: lower-alpha;">
<li>MUST agree to be bound the CAcert Community Agreement (CCA), including the Disupute Resolution Policy (DRP)
</li>
<li>MUST disclose any conflicts of interest (including but not limited to relationships with Assurers)
</li>
<li>MUST cover the costs of their assurance (if any), including fees imposed by TTPs, TVPs, and Assurers
</li>
</ol>
<h2>
3. Processes
</h2>
<h3>
3.1 Verification
</h3>
<ol style="list-style-type: lower-alpha;">
<li>Member SHALL create a CAcert account and agree to the CAcert Community Agreement (CCA)
</li>
<li>Member SHALL complete the procedure specified by the applicable sub-policy(s), including being verified by the TVP
</li>
</ol>
<h2>
4. Documentation
</h2>
<p>
Where documentation is required by the verification process it shall be subject to the prevailing records management policies which may require that it be kept for a certain period or destroyed immediately after processing.
</p>
<p>
<a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>
</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
<TITLE> CACert Remote Verification Policy (RVP) </TITLE>
<META NAME="CHANGEDBY" CONTENT="Teus Hagen">
<META NAME="CHANGED" CONTENT="20090211;15005300">
</HEAD>
<BODY LANG="en-US" DIR="LTR">
<P><BR><BR>
</P>
<H1>CAcert Remote Verification Policy (RVP) </H1>
<P><A HREF="PolicyOnPolicy.html"><IMG SRC="Images/cacert-wip.png" NAME="graphics1" ALT="CAcert Policy Status" ALIGN=BOTTOM WIDTH=90 HEIGHT=33 BORDER=0></A><BR>Author:
Pete Stephenson<BR>Creation date: 2008-07-12<BR>
Status: WIP 2008-07-12 <BR>
Edited by: Teus Hagen, 2009-02-11<BR>
Next status: DRAFT 2009<BR>
<!-- $Id$ --></P>
<H2>0. Preliminaries </H2>
<P>This sub-policy extends the Assurance Policy (&quot;AP&quot;)
and Organisation Assurance Policy (“OAP”) by providing a
framework for Members to verify for individual Members their identity
and for organisation Members their organisation (trade) name via Trusted Third
Provider (&quot;TTP&quot;s) including Government Authorities,
Certification Authorities and Commercial Identity Providers, under
the supervision of a CAcert (Organisation) Assurer.
</P>
<P>Successful completion of the verification of name process defined
in RVP sub-policies shall result in the allocation of 10 extra
Assurance Points added to the maximum of Assurance Points the Assurer,
supervising the assurance process for the Member, can allocate.
</P>
<H2>1. Scope </H2>
<P>This sub-policy is available to all individual and organisation
Community Members. </P>
<H2>2. Roles </H2>
<H3>2.1 CAcert (Organisation) Assurer</H3>
<P>The CAcert (Organisation) Assurer must check the CAcert
(Organisation) Assurance Programme form. The identity verification or
organisation name verification is remotely performed by the Trusted
Verification Provider (2.2).</P>
<P>The Trusted Verification Provider who is involved in the
verification process should be accepted by the Assurer.
</P>
<P>The Assurer will keep the following signed documents:</P>
<OL>
<LI><P>Signed document (e.g. CAP or COAP form) for CAcert Community Agreement with the Member.</P>
<LI><P>Signed report of the Trusted Verification Provider for the name verification.</P>
</OL>
<H3>2.2 Trusted Verification Provider (&quot;TVP&quot;) </H3>
<P>Each TVA:: </P>
<OL>
<LI><P>must be <STRONG><I>verifiably
practicing identification procedures</I></STRONG>, typically one of
the following:</P>
<OL>
<LI><P><STRONG>Government Authorities</STRONG>
responsible for issuing ID documents for individuals, trade office
extracts for organisations, or providing taxation functions
</P>
<LI><P><STRONG>Certification Authorities</STRONG>
issuing authentication tokens (including certificates) based on a
published identity and/or trade name verification process
</P>
<LI><P><STRONG>Commercial Identity
Providers</STRONG> providing identity verification as a commercial
service.</P>
<LI><P><B>Commercial Trade name
Registrars</B> providing trade name verification.</P>
</OL>
<LI><P>must provide a secure mechanism
for validating a member's identity and/or organisation name or trade
name , including:
</P>
<OL>
<LI><P><STRONG>Authentication Tokens</STRONG>
which are delivered to the user and verifiable in a
cryptographically strong fashion
</P>
<LI><P><STRONG>Online Verification</STRONG>
via a web interface, ideally which is verified by SSL/TLS
</P>
<LI><P><STRONG>Out-of-Band</STRONG>
communication directly with CAcert, Inc. as to the outcome of the
verification
</P>
</OL>
<LI><P>should conduct identification of name procedures similar in
nature to CAcert's existing procedures (eg examining ID documents,
trade office extracts, obtaining 'assurances' from other trusted
members)
</P>
</OL>
<H3>2.3 Member </H3>
<P>A Member (the subject of a verification) using the Remote
Verification program: </P>
<OL>
<LI><P>must agree to be bound the CAcert
Community Agreement (CCA).</P>
<LI><P>must disclose any conflicts of
interest (including but not limited to relationships with
(Organisation) Assurer)
</P>
<LI><P>must cover the costs of their assurance (if any), including
fees imposed by TVPs and Assurer.</P>
</OL>
<H2>3. Processes </H2>
<H3>3.1 Verification </H3>
<OL>
<LI><P>Member shall create a CAcert
account and agree to the CAcert Community Agreement (CCA)
</P>
<LI><P>Member shall complete the procedure specified by the
applicable sub-policy(s), including being verified by the TVP .</P>
</OL>
<H2>4. Documentation </H2>
<P>Where documentation is required by the verification process it
shall be subject to the prevailing records management policies which
may require that it be kept for a certain period or destroyed
immediately after processing.
</P>
<P><A HREF="http://validator.w3.org/check?uri=referer"><IMG SRC="Images/valid-xhtml11-blue" NAME="graphics2" ALT="Valid XHTML 1.1" ALIGN=BOTTOM WIDTH=90 HEIGHT=33 BORDER=0></A>
</P>
</BODY>
</HTML>