git-svn-id: http://svn.cacert.org/CAcert/Policies@892 14b1bab8-4ef6-0310-b690-991c95c89dfd
Pete Stephenson
16 years ago
parent
fa0f6f0103
commit
9e540a04c0
@ -1,112 +1,114 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
||||
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<title>
|
||||
CACert Remote Verification Policy (RVP)
|
||||
</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>
|
||||
CACert Remote Verification Policy (RVP)
|
||||
</h1>
|
||||
<p>
|
||||
<a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
|
||||
Editor: Pete Stephenson<br />
|
||||
Creation date: 2008-07-12<br />
|
||||
Status: WIP 2008-07-12<br />
|
||||
Next status: DRAFT 08-2008<br />
|
||||
<!-- $Id$ -->
|
||||
</p>
|
||||
<h2>
|
||||
0. Preliminaries
|
||||
</h2>
|
||||
<p>
|
||||
This sub-policy extends the Assurance Policy ("AP") by providing a framework for members to verify their identity via Trusted Verification Provider ("TVP"s) including Government Authorities, Certification Authorities and Commercial Identity Providers, under the supervision of the Assurance Officer ("AO").
|
||||
</p>
|
||||
<p>
|
||||
Successful completion of the process defined in RVP sub-policies shall result in the allocation of up to 50 points depending on level of trust in the TVP and the verification process.
|
||||
</p>
|
||||
<h2>
|
||||
1. Scope
|
||||
</h2>
|
||||
<p>
|
||||
This sub-policy is available to all members.
|
||||
</p>
|
||||
<h2>
|
||||
2. Roles
|
||||
</h2>
|
||||
<h3>
|
||||
2.1 Trusted Verification Provider ("TVP")
|
||||
</h3>
|
||||
<p>
|
||||
Each TVA::
|
||||
</p>
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
<li>MUST be <i><strong>verifiably practicing identification procedures</strong></i>, typically one of the following:<br />
|
||||
<ol style="list-style-type: lower-roman;">
|
||||
<li>
|
||||
<strong>Government Authorities</strong> responsible for issuing ID documents or providing taxation functions
|
||||
</li>
|
||||
<li>
|
||||
<strong>Certification Authorities</strong> issuing authentication tokens (including certificates) based on a published identity verification process
|
||||
</li>
|
||||
<li>
|
||||
<strong>Commercial Identity Providers</strong> providing identity verification as a commercial service
|
||||
</li>
|
||||
</ol>
|
||||
</li>
|
||||
<li>MUST provide a secure mechanism for validating a member's identity, including:
|
||||
<ol style="list-style-type: lower-roman;">
|
||||
<li>
|
||||
<strong>Authentication Tokens</strong> which are delivered to the user and verifiable in a cryptographically strong fashion
|
||||
</li>
|
||||
<li>
|
||||
<strong>Online Verification</strong> via a web interface, ideally which is verified by SSL/TLS
|
||||
</li>
|
||||
<li>
|
||||
<strong>Out-of-Band</strong> communication directly with CAcert, Inc. as to the outcome of the verification
|
||||
</li>
|
||||
</ol>
|
||||
</li>
|
||||
<li>SHOULD conduct identification procedures similar in nature to CAcert's existing procedures (eg examining ID documents, obtaining 'assurances' from other trusted members)
|
||||
</li>
|
||||
</ol>
|
||||
<h3>
|
||||
2.4 Member
|
||||
</h3>
|
||||
<p>
|
||||
A Member (the subject of a verification) using the Remote Verification program:
|
||||
</p>
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
<li>MUST agree to be bound the CAcert Community Agreement (CCA), including the Disupute Resolution Policy (DRP)
|
||||
</li>
|
||||
<li>MUST disclose any conflicts of interest (including but not limited to relationships with Assurers)
|
||||
</li>
|
||||
<li>MUST cover the costs of their assurance (if any), including fees imposed by TTPs and Assurers
|
||||
</li>
|
||||
</ol>
|
||||
<h2>
|
||||
3. Processes
|
||||
</h2>
|
||||
<h3>
|
||||
3.1 Verification
|
||||
</h3>
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
<li>Member SHALL create a CAcert account and agree to the CAcert Community Agreement (CCA)
|
||||
</li>
|
||||
<li>Member SHALL complete the procedure specified by the applicable sub-policy(s), including being verified by the TVP
|
||||
</li>
|
||||
</ol>
|
||||
<h2>
|
||||
4. Documentation
|
||||
</h2>
|
||||
<p>
|
||||
Where documentation is required by the verification process it shall be subject to the prevailing records management policies which may require that it be kept for a certain period or destroyed immediately after processing.
|
||||
</p>
|
||||
<p>
|
||||
<a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
||||
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<title>
|
||||
CACert Remote Verification Policy (RVP)
|
||||
</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>
|
||||
CACert Remote Verification Policy (RVP)
|
||||
</h1>
|
||||
<p>
|
||||
<a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
|
||||
Editor: Pete Stephenson<br />
|
||||
Creation date: 2008-07-12<br />
|
||||
Last change by: Pete<br />
|
||||
Last change date: 2008-07-14 21:42 MST<br />
|
||||
Status: WIP 2008-07-12<br />
|
||||
Next status: DRAFT 08-2008<br />
|
||||
<!-- $Id$ -->
|
||||
</p>
|
||||
<h2>
|
||||
0. Preamble
|
||||
</h2>
|
||||
<p>
|
||||
This sub-policy extends the Assurance Policy ("AP") by providing a framework for members to verify their identity via Trusted Verification Provider ("TVP"s) including Government Authorities, Certification Authorities and Commercial Identity Providers, under the supervision of the Assurance Officer ("AO").
|
||||
</p>
|
||||
<p>
|
||||
Successful completion of the process defined in RVP sub-policies shall result in the allocation of up to 50 points depending on level of trust in the TVP and the verification process.
|
||||
</p>
|
||||
<h2>
|
||||
1. Scope
|
||||
</h2>
|
||||
<p>
|
||||
This sub-policy is available to all Members.
|
||||
</p>
|
||||
<h2>
|
||||
2. Roles
|
||||
</h2>
|
||||
<h3>
|
||||
2.1 Trusted Verification Provider ("TVP")
|
||||
</h3>
|
||||
<p>
|
||||
Each TVP::
|
||||
</p>
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
<li>MUST be <i><strong>verifiably practicing identification procedures</strong></i>, typically one of the following:<br />
|
||||
<ol style="list-style-type: lower-roman;">
|
||||
<li>
|
||||
<strong>Government Authorities</strong> responsible for issuing ID documents or providing taxation functions
|
||||
</li>
|
||||
<li>
|
||||
<strong>Certification Authorities</strong> issuing authentication tokens (including certificates) based on a published identity verification process
|
||||
</li>
|
||||
<li>
|
||||
<strong>Commercial Identity Providers</strong> providing identity verification as a commercial service
|
||||
</li>
|
||||
</ol>
|
||||
</li>
|
||||
<li>MUST provide a secure mechanism for validating a member's identity, including:
|
||||
<ol style="list-style-type: lower-roman;">
|
||||
<li>
|
||||
<strong>Authentication Tokens</strong> which are delivered to the user and verifiable in a cryptographically strong fashion;
|
||||
</li>
|
||||
<li>
|
||||
<strong>Online Verification</strong> via a web interface, ideally which is verified by SSL/TLS;
|
||||
</li>
|
||||
<li>
|
||||
<strong>Out-of-Band</strong> communication directly with CAcert as to the outcome of the verification;
|
||||
</li>
|
||||
</ol>
|
||||
</li>
|
||||
<li>SHOULD conduct identification procedures similar in nature to CAcert's existing procedures (eg examining ID documents, obtaining "assurances" from other trusted members)
|
||||
</li>
|
||||
</ol>
|
||||
<h3>
|
||||
2.4 Member
|
||||
</h3>
|
||||
<p>
|
||||
A Member (the subject of a verification) using the Remote Verification program:
|
||||
</p>
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
<li>MUST agree to be bound the CAcert Community Agreement (CCA), including the Disupute Resolution Policy (DRP)
|
||||
</li>
|
||||
<li>MUST disclose any conflicts of interest (including but not limited to relationships with Assurers)
|
||||
</li>
|
||||
<li>MUST cover the costs of their assurance (if any), including fees imposed by TTPs, TVPs, and Assurers
|
||||
</li>
|
||||
</ol>
|
||||
<h2>
|
||||
3. Processes
|
||||
</h2>
|
||||
<h3>
|
||||
3.1 Verification
|
||||
</h3>
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
<li>Member SHALL create a CAcert account and agree to the CAcert Community Agreement (CCA)
|
||||
</li>
|
||||
<li>Member SHALL complete the procedure specified by the applicable sub-policy(s), including being verified by the TVP
|
||||
</li>
|
||||
</ol>
|
||||
<h2>
|
||||
4. Documentation
|
||||
</h2>
|
||||
<p>
|
||||
Where documentation is required by the verification process it shall be subject to the prevailing records management policies which may require that it be kept for a certain period or destroyed immediately after processing.
|
||||
</p>
|
||||
<p>
|
||||
<a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
Loading…
Reference in New Issue