This sub-policy extends the Assurance Policy ("AP") by providing a framework for members to verify their identity via Trusted Verification Provider ("TVP"s) including Government Authorities, Certification Authorities and Commercial Identity Providers, under the supervision of the Assurance Officer ("AO").
This sub-policy extends the Assurance Policy ("AP") by providing a framework for members to verify their identity via Trusted Verification Provider ("TVP"s) including Government Authorities, Certification Authorities and Commercial Identity Providers, under the supervision of the Assurance Officer ("AO").
@ -32,7 +34,7 @@
1. Scope
1. Scope
</h2>
</h2>
<p>
<p>
This sub-policy is available to all members.
This sub-policy is available to all Members.
</p>
</p>
<h2>
<h2>
2. Roles
2. Roles
@ -41,7 +43,7 @@
2.1 Trusted Verification Provider ("TVP")
2.1 Trusted Verification Provider ("TVP")
</h3>
</h3>
<p>
<p>
Each TVA::
Each TVP::
</p>
</p>
<olstyle="list-style-type: lower-alpha;">
<olstyle="list-style-type: lower-alpha;">
<li>MUST be <i><strong>verifiably practicing identification procedures</strong></i>, typically one of the following:<br/>
<li>MUST be <i><strong>verifiably practicing identification procedures</strong></i>, typically one of the following:<br/>
@ -60,17 +62,17 @@
<li>MUST provide a secure mechanism for validating a member's identity, including:
<li>MUST provide a secure mechanism for validating a member's identity, including:
<olstyle="list-style-type: lower-roman;">
<olstyle="list-style-type: lower-roman;">
<li>
<li>
<strong>Authentication Tokens</strong> which are delivered to the user and verifiable in a cryptographically strong fashion
<strong>Authentication Tokens</strong> which are delivered to the user and verifiable in a cryptographically strong fashion;
</li>
</li>
<li>
<li>
<strong>Online Verification</strong> via a web interface, ideally which is verified by SSL/TLS
<strong>Online Verification</strong> via a web interface, ideally which is verified by SSL/TLS;
</li>
</li>
<li>
<li>
<strong>Out-of-Band</strong> communication directly with CAcert, Inc. as to the outcome of the verification
<strong>Out-of-Band</strong> communication directly with CAcert as to the outcome of the verification;
</li>
</li>
</ol>
</ol>
</li>
</li>
<li>SHOULD conduct identification procedures similar in nature to CAcert's existing procedures (eg examining ID documents, obtaining 'assurances' from other trusted members)
<li>SHOULD conduct identification procedures similar in nature to CAcert's existing procedures (eg examining ID documents, obtaining "assurances" from other trusted members)
</li>
</li>
</ol>
</ol>
<h3>
<h3>
@ -84,7 +86,7 @@
</li>
</li>
<li>MUST disclose any conflicts of interest (including but not limited to relationships with Assurers)
<li>MUST disclose any conflicts of interest (including but not limited to relationships with Assurers)
</li>
</li>
<li>MUST cover the costs of their assurance (if any), including fees imposed by TTPs and Assurers
<li>MUST cover the costs of their assurance (if any), including fees imposed by TTPs, TVPs, and Assurers