diff --git a/TVerifyAssurancePolicy.html b/TVerifyAssurancePolicy.html index f31b47b..a484eb9 100644 --- a/TVerifyAssurancePolicy.html +++ b/TVerifyAssurancePolicy.html @@ -1,240 +1,207 @@ - -
--This is a subsidiary policy under Assurance Policy (COD13). -It documents the acceptance of Thawte-issued certificates -and disclosers as inputs into the assurance process. -
- --The CAs listed in Appendix A are approved to "this system". -
- --If a certificate is examined by an Assurer (e.g., signed email) -and determined to provide evidence of a Name and email address that -matches the Name stored in the CAcert system, -the Assurer may allocate 25 (???) Assurance Points -(or as determined in the Appendix A). -
- --This is only available to Assurers who are: -
- --This may be only awarded once per Member. -
- --This may be done automatically by the existing -Tverify system. -
- - --Webs of Trust listed in Appendix B are approved for this system. -
- --If evidence of full "assurer status" in the other Web of Trust -is provided to an Assurer, -then the Assurer may award 25 Assurance Points, -in addition to the above 25 points from the certificate. -
- -
-The Assurer must go to the other system and verify the -Name. -And DoB??? But the user has to enable each Assurer to -check the DoB by means of the permitting an assurance in the -other system. -
- --Assurers enabled for this system must be: -
- --This may be only awarded once per Member. -
- --What about voting system.... -
- - - - -- Agreed that experience as TN is not useful for CAcert Experience Points. -So Maximum is 100. -
- -- If the user completes only step 1, the users get 50 points if the - Thawte name matches the CAcert name : The process is fully automated and - the user still can do later the optional steps. -
- -- In case the user completes steps 2 or 3, a Tverify-authorised Assurer does the following manual checks : -
- - --the CAcert Tverify community member votes Aye or Nay on the request -(faithfullness) and optionally adds a comment on the reason why they reject -the request. -
- --If the requests gets 4 Naye, the requests is rejected, the user has to -restart the process. -
- --if the request gets 4 Aye, the requests is completed and the appropriate -amount of Assurance points are added to the account, logged as an Tverify -assurance. -BY WHOM? -
- --Each user step can granted points only once. The maximum is 150 points. -BLECH -
- --To be a Tverify Assurer, an Assurer must have: -
- --Authorisation is done by .... - the Support Officer (and confirmed by ??? Assurance Officer). -
- --Currently there are 7+ Assurers who are authorised to conduct the -Tverify additional procedure. -
- --An online system is run to accept the certificate. -This is located at https://tverify.cacert.org/ -This is a critical / non-critical system ???? -
- --WHat do the Thawte docs say about reliance, etc. -Is there a possibility to do this? -What is the liability position? -Chances are, there is no liability and no reliance permitted. -Which means ... there is no reliance on the Name in the cert. -
- - - -OLD: -- + + + + +- mandatory : the users provides a - Thawte assured certificate including the user name. - If the name and email address in the certificate matches - the name and email address recorded by CAcert exactly, - the user is given 50 Assurance Points automatically - by the online system. -
-- -
- -no checking of date of birth, -
- -no alignment of these 50 points with AP (statement, checking of date of birth, -there may be some rules about middle names and extracting the name fields out of FirstName and LastName... this is in the system. -should check Thwarte doco to make a judgement call on what it is worth. -
- -Probably this should be 25 points? -
This is a subsidiary policy under Assurance Policy (COD13). It +documents the acceptance of Thawte-issued certificates and disclosers +as inputs into the assurance process. +
+The CAs listed in Appendix A are approved to "this system". +
+If a certificate is examined by an Assurer (e.g., signed email) +and determined to provide evidence of a Name and email address that +matches the Name stored in the CAcert system, the Assurer may +allocate 25 (???) Assurance Points (or as determined in the Appendix +A). +
+This is only available to Assurers who are: +
+Full Assurer with 50 Experience + Points +
+Assigned the Tverify role by support. +
+This may be only awarded once per Member. +
+This may be done automatically by the existing Tverify system. +
+Webs of Trust listed in Appendix B are approved for this system. +
+If evidence of full "assurer status" in the other Web of +Trust is provided to an Assurer, then the Assurer may award 25 +Assurance Points, in addition to the above 25 points from the +certificate. +
+The Assurer must go to the other system and verify the Name. And +DoB??? But the user has to enable each Assurer to check the DoB by +means of the permitting an assurance in the other system. +
+Assurers enabled for this system must be: +
+Full Assurer with 50 Experience + Points +
+Assigned the Tverify role by + support. +
+Full "assurer status" in the other system. +
+This may be only awarded once per Member. +
+What about voting system.... +
+optional : the user provides the web link in the directory of + Thawte notaries. The user must display his name and CAcert account + email address in the directory assurer message. The user can get 40 + extra points after manual checking, +
+This proves that the person is + a "Thawte Notary" +
+A TN has "100 Thawte trust + points" which means that the Name, DoB, email address (by + connecting into the system) have been checked by 3 people at least. +
+Thawte Notary: There is no + "test". +
+Thawte Notary: There are some + rules, what needs to be done, what not. Find the rules. +
+http://www.thawte.com/secure-email/web-of-trust-wot/wot_notary.html
+http://www.thawte.com/secure-email/web-of-trust-wot/wot_rules.html
+http://www.thawte.com/secure-email/web-of-trust-wot/wot_validation.html
+http://www.thawte.com/secure-email/web-of-trust-wot/wot_points.html
+http://www.thawte.com/cps/ + => section 3.1.9 Authentication of Individual Identity +
+Thawte Notary: complaints are + reported to Thawte support, and support then requests all forms and + documentation and copies of IDs, and support may do something ... + but this was before the change of liability, they may not care + anymore +
+Probably this should be 25 points? +
+optional: The user provides a scan of a government photo id. + The user can get an extra 60 points after manual checking. +
+May need to make this mandatory + so we can check the DoB. +
+Probably this should be 40 points? +
+Agreed that experience as TN is not useful for CAcert +Experience Points. So Maximum is 100. +
+If the user completes only step 1, the users get 50 points if the +Thawte name matches the CAcert name : The process is fully automated +and the user still can do later the optional steps. +
+In case the user completes steps 2 or 3, a Tverify-authorised +Assurer does the following manual checks : +
+check if the link to the Thawte + WoT directory matches the name and email address of the CAcert + account, and +
+check if the photo id macthes the name and date of birth of + the CAcert account. +
+the CAcert Tverify community member votes Aye or Nay on the +request (faithfullness) and optionally adds a comment on the reason +why they reject the request. +
+If the requests gets 4 Naye, the requests is rejected, the user +has to restart the process. +
+if the request gets 4 Aye, the requests is completed and the +appropriate amount of Assurance points are added to the account, +logged as an Tverify assurance. BY WHOM? +
+Each user step can granted points only once. The maximum is 150 +points. BLECH +
+To be a Tverify Assurer, an Assurer must have: +
+full Thawte "Notary" status. +
+Authorisation is done by .... the Support Officer (and confirmed +by ??? Assurance Officer). +
+Currently there are 7+ Assurers who are authorised to conduct the +Tverify additional procedure. +
+An online system is run to accept the certificate. This is located +at https://tverify.cacert.org/ This is a critical / non-critical +system ???? +
+WHat do the Thawte docs say about reliance, etc. Is there a +possibility to do this? What is the liability position? Chances +are, there is no liability and no reliance permitted. Which means +... there is no reliance on the Name in the cert. +
+OLD: ++
mandatory : the users provides a Thawte assured +certificate including the user name. If the name and email address in +the certificate matches the name and email address recorded by CAcert +exactly, the user is given 50 Assurance Points automatically by the +online system. ++
no checking of date of + birth, ++
no alignment of these + 50 points with AP (statement, checking of date of birth, there may + be some rules about middle names and extracting the name fields out + of FirstName and LastName... this is in the system. should check + Thwarte doco to make a judgement call on what it is worth. ++
Probably this should be 25 points? ++