Added Org Assurance members and changed to 10 extra ass points of supervising assurer, added supervising assurer.

git-svn-id: http://svn.cacert.org/CAcert/Policies@1171 14b1bab8-4ef6-0310-b690-991c95c89dfd

RemoteVerificationPolicy.html

@@ -1,114 +1,151 @@
-<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+<HTML>
-	"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<HEAD>
-<html xmlns="http://www.w3.org/1999/xhtml">
+	<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
-	<head>
+	<TITLE> CACert Remote Verification Policy (RVP) </TITLE>
-		<title>
+	<META NAME="CHANGEDBY" CONTENT="Teus Hagen">
-			CACert Remote Verification Policy (RVP)
+	<META NAME="CHANGED" CONTENT="20090211;15005300">
-		</title>
+</HEAD>
-	</head>
+
-	<body>
+<BODY LANG="en-US" DIR="LTR">
-		<h1>
+<P><BR><BR>
-			CACert Remote Verification Policy (RVP)
+</P>
-		</h1>
+
-		<p>
+<H1>CAcert Remote Verification Policy (RVP) </H1>
-			<a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
+
-			Editor: Pete Stephenson<br />
+<P><A HREF="PolicyOnPolicy.html"><IMG SRC="Images/cacert-wip.png" NAME="graphics1" ALT="CAcert Policy Status" ALIGN=BOTTOM WIDTH=90 HEIGHT=33 BORDER=0></A><BR>Author:
-			Creation date: 2008-07-12<br />
+Pete Stephenson<BR>Creation date: 2008-07-12<BR>
-			Last change by: Pete<br />
+Status: WIP 2008-07-12 <BR>
-			Last change date: 2008-07-14 21:42 MST<br />
+Edited by: Teus Hagen, 2009-02-11<BR>
-			Status: WIP 2008-07-12<br />
+Next status: DRAFT 2009<BR>
-			Next status: DRAFT 08-2008<br />
+<!-- $Id$ --></P>
-			<!-- $Id$ -->
+
-		</p>
+<H2>0. Preliminaries </H2>
-		<h2>
+
-			0. Preamble
+<P>This sub-policy extends the Assurance  Policy (&quot;AP&quot;) 
-		</h2>
+and Organisation Assurance Policy (“OAP”) by providing a
-		<p>
+framework for Members to verify for individual Members their identity
-			This sub-policy extends the Assurance Policy ("AP") by providing a framework for members to verify their identity via Trusted Verification Provider ("TVP"s) including Government Authorities, Certification Authorities and Commercial Identity Providers, under the supervision of the Assurance Officer ("AO").
+and for organisation Members their organisation (trade) name via Trusted Third
-		</p>
+Provider (&quot;TTP&quot;s) including Government Authorities,
-		<p>
+Certification Authorities and Commercial Identity Providers, under
-			Successful completion of the process defined in RVP sub-policies shall result in the allocation of up to 50 points depending on level of trust in the TVP and the verification process.
+the supervision of a CAcert (Organisation) Assurer. 
-		</p>
+</P>
-		<h2>
+
-			1. Scope
+<P>Successful completion of the verification of name process defined
-		</h2>
+in RVP sub-policies shall result in the allocation of 10 extra
-		<p>
+Assurance  Points added to the maximum of Assurance Points the Assurer,
-			This sub-policy is available to all Members.
+supervising the assurance process for the Member, can allocate.
-		</p>
+</P>
-		<h2>
+
-			2. Roles
+<H2>1. Scope </H2>
-		</h2>
+
-		<h3>
+<P>This sub-policy is available to all individual and organisation
-			2.1 Trusted Verification Provider ("TVP")
+Community Members.  </P>
-		</h3>
+
-		<p>
+<H2>2. Roles </H2>
-			Each TVP::
+
-		</p>
+<H3>2.1 CAcert (Organisation) Assurer</H3>
-		<ol style="list-style-type: lower-alpha;">
+
-			<li>MUST be <i><strong>verifiably practicing identification procedures</strong></i>, typically one of the following:<br />
+<P>The CAcert (Organisation) Assurer must check the CAcert
-				<ol style="list-style-type: lower-roman;">
+(Organisation) Assurance Programme form. The identity verification or
-					<li>
+organisation name verification is remotely performed by the Trusted
-						<strong>Government Authorities</strong> responsible for issuing ID documents or providing taxation functions
+Verification Provider (2.2).</P>
-					</li>
+
-					<li>
+<P>The Trusted Verification Provider who is involved in the
-						<strong>Certification Authorities</strong> issuing authentication tokens (including certificates) based on a published identity verification process
+verification process  should be accepted by the Assurer. 
-					</li>
+</P>
-					<li>
+
-						<strong>Commercial Identity Providers</strong> providing identity verification as a commercial service
+<P>The Assurer will keep the following signed documents:</P>
-					</li>
+<OL>
-				</ol>
+	<LI><P>Signed document  (e.g. CAP or COAP form) for CAcert Community Agreement with the Member.</P>
-			</li>
+	<LI><P>Signed report of the Trusted Verification Provider for the name verification.</P>
-			<li>MUST provide a secure mechanism for validating a member's identity, including:
+</OL>
-				<ol style="list-style-type: lower-roman;">
+
-					<li>
+<H3>2.2 Trusted Verification Provider (&quot;TVP&quot;) </H3>
-						<strong>Authentication Tokens</strong> which are delivered to the user and verifiable in a cryptographically strong fashion;
+
-					</li>
+<P>Each TVA:: </P>
-					<li>
+
-						<strong>Online Verification</strong> via a web interface, ideally which is verified by SSL/TLS;
+<OL>
-					</li>
+	<LI><P>must be <STRONG><I>verifiably
-					<li>
+	practicing identification procedures</I></STRONG>, typically one of
-						<strong>Out-of-Band</strong> communication directly with CAcert as to the outcome of the verification;
+	the following:</P>
-					</li>
+	<OL>
-				</ol>
+		<LI><P><STRONG>Government Authorities</STRONG>
-			</li>
+		responsible for issuing ID documents for individuals, trade office
-			<li>SHOULD conduct identification procedures similar in nature to CAcert's existing procedures (eg examining ID documents, obtaining "assurances" from other trusted members)
+		extracts for organisations, or providing taxation functions 
-			</li>
+		</P>
-		</ol>
+		<LI><P><STRONG>Certification Authorities</STRONG>
-		<h3>
+		issuing authentication tokens (including certificates) based on a
-			2.4 Member
+		published  identity and/or trade name verification process 
-		</h3>
+		</P>
-		<p>
+		<LI><P><STRONG>Commercial  Identity
-			A Member (the subject of a verification) using the Remote Verification program:
+		Providers</STRONG> providing identity verification as a commercial
-		</p>
+		service.</P>
-		<ol style="list-style-type: lower-alpha;">
+		<LI><P><B>Commercial Trade  name
-			<li>MUST agree to be bound the CAcert Community Agreement (CCA), including the Disupute Resolution Policy (DRP)
+		Registrars</B> providing trade name verification.</P>
-			</li>
+	</OL>
-			<li>MUST disclose any conflicts of interest (including but not limited to relationships with Assurers)
+	<LI><P>must provide a secure mechanism
-			</li>
+	for validating a member's identity and/or organisation name or trade
-			<li>MUST cover the costs of their assurance (if any), including fees imposed by TTPs, TVPs, and Assurers
+	name , including: 
-			</li>
+	</P>
-		</ol>
+	<OL>
-		<h2>
+		<LI><P><STRONG>Authentication Tokens</STRONG>
-			3. Processes
+		which are delivered to the user and verifiable in a
-		</h2>
+		cryptographically strong fashion 
-		<h3>
+		</P>
-			3.1 Verification
+		<LI><P><STRONG>Online Verification</STRONG>
-		</h3>
+		via a web interface, ideally which is verified by SSL/TLS 
-		<ol style="list-style-type: lower-alpha;">
+		</P>
-			<li>Member SHALL create a CAcert account and agree to the CAcert Community Agreement (CCA)
+		<LI><P><STRONG>Out-of-Band</STRONG>
-			</li>
+		communication directly with CAcert, Inc. as to the outcome of the
-			<li>Member SHALL complete the procedure specified by the applicable sub-policy(s), including being verified by the TVP
+		verification 
-			</li>
+		</P>
-		</ol>
+	</OL>
-		<h2>
+	<LI><P>should conduct identification of name procedures similar in
-			4. Documentation
+	nature to CAcert's existing procedures (eg examining ID documents,
-		</h2>
+	trade office extracts, obtaining 'assurances' from other trusted
-		<p>
+	members) 
-			Where documentation is required by the verification process it shall be subject to the prevailing records management policies which may require that it be kept for a certain period or destroyed immediately after processing.
+	</P>
-		</p>
+</OL>
-		<p>
+
-			<a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>
+<H3>2.3 Member </H3>
-		</p>
+
-	</body>
+<P>A Member (the subject of a verification) using the Remote
-</html>
+Verification program: </P>
+
+<OL>
+	<LI><P>must agree to be bound the CAcert
+	Community Agreement (CCA).</P>
+	<LI><P>must disclose any conflicts of
+	interest (including but not limited to relationships with
+	(Organisation) Assurer) 
+	</P>
+	<LI><P>must cover the costs of their assurance (if any), including
+	fees imposed by TVPs and Assurer.</P>
+</OL>
+
+<H2>3. Processes </H2>
+
+<H3>3.1 Verification </H3>
+
+<OL>
+	<LI><P>Member shall create a CAcert
+	account and agree to the CAcert Community Agreement (CCA) 
+	</P>
+	<LI><P>Member shall complete the procedure specified by the
+	applicable sub-policy(s), including being verified by the TVP .</P>
+</OL>
+
+<H2>4. Documentation </H2>
+
+<P>Where documentation is required by the verification process it
+shall be subject to the prevailing records management policies which
+may require that it be kept for a certain period or destroyed
+immediately after processing. 
+</P>
+
+<P><A HREF="http://validator.w3.org/check?uri=referer"><IMG SRC="Images/valid-xhtml11-blue" NAME="graphics2" ALT="Valid XHTML 1.1" ALIGN=BOTTOM WIDTH=90 HEIGHT=33 BORDER=0></A>
+</P>
+
+</BODY>
+</HTML>