git-svn-id: http://svn.cacert.org/CAcert/Policies@892 14b1bab8-4ef6-0310-b690-991c95c89dfd
Pete Stephenson
16 years ago
parent
fa0f6f0103
commit
9e540a04c0
@ -1,112 +1,114 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
||||||
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
||||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||||
<head>
|
<head>
|
||||||
<title>
|
<title>
|
||||||
CACert Remote Verification Policy (RVP)
|
CACert Remote Verification Policy (RVP)
|
||||||
</title>
|
</title>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<h1>
|
<h1>
|
||||||
CACert Remote Verification Policy (RVP)
|
CACert Remote Verification Policy (RVP)
|
||||||
</h1>
|
</h1>
|
||||||
<p>
|
<p>
|
||||||
<a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
|
<a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
|
||||||
Editor: Pete Stephenson<br />
|
Editor: Pete Stephenson<br />
|
||||||
Creation date: 2008-07-12<br />
|
Creation date: 2008-07-12<br />
|
||||||
Status: WIP 2008-07-12<br />
|
Last change by: Pete<br />
|
||||||
Next status: DRAFT 08-2008<br />
|
Last change date: 2008-07-14 21:42 MST<br />
|
||||||
<!-- $Id$ -->
|
Status: WIP 2008-07-12<br />
|
||||||
</p>
|
Next status: DRAFT 08-2008<br />
|
||||||
<h2>
|
<!-- $Id$ -->
|
||||||
0. Preliminaries
|
</p>
|
||||||
</h2>
|
<h2>
|
||||||
<p>
|
0. Preamble
|
||||||
This sub-policy extends the Assurance Policy ("AP") by providing a framework for members to verify their identity via Trusted Verification Provider ("TVP"s) including Government Authorities, Certification Authorities and Commercial Identity Providers, under the supervision of the Assurance Officer ("AO").
|
</h2>
|
||||||
</p>
|
<p>
|
||||||
<p>
|
This sub-policy extends the Assurance Policy ("AP") by providing a framework for members to verify their identity via Trusted Verification Provider ("TVP"s) including Government Authorities, Certification Authorities and Commercial Identity Providers, under the supervision of the Assurance Officer ("AO").
|
||||||
Successful completion of the process defined in RVP sub-policies shall result in the allocation of up to 50 points depending on level of trust in the TVP and the verification process.
|
</p>
|
||||||
</p>
|
<p>
|
||||||
<h2>
|
Successful completion of the process defined in RVP sub-policies shall result in the allocation of up to 50 points depending on level of trust in the TVP and the verification process.
|
||||||
1. Scope
|
</p>
|
||||||
</h2>
|
<h2>
|
||||||
<p>
|
1. Scope
|
||||||
This sub-policy is available to all members.
|
</h2>
|
||||||
</p>
|
<p>
|
||||||
<h2>
|
This sub-policy is available to all Members.
|
||||||
2. Roles
|
</p>
|
||||||
</h2>
|
<h2>
|
||||||
<h3>
|
2. Roles
|
||||||
2.1 Trusted Verification Provider ("TVP")
|
</h2>
|
||||||
</h3>
|
<h3>
|
||||||
<p>
|
2.1 Trusted Verification Provider ("TVP")
|
||||||
Each TVA::
|
</h3>
|
||||||
</p>
|
<p>
|
||||||
<ol style="list-style-type: lower-alpha;">
|
Each TVP::
|
||||||
<li>MUST be <i><strong>verifiably practicing identification procedures</strong></i>, typically one of the following:<br />
|
</p>
|
||||||
<ol style="list-style-type: lower-roman;">
|
<ol style="list-style-type: lower-alpha;">
|
||||||
<li>
|
<li>MUST be <i><strong>verifiably practicing identification procedures</strong></i>, typically one of the following:<br />
|
||||||
<strong>Government Authorities</strong> responsible for issuing ID documents or providing taxation functions
|
<ol style="list-style-type: lower-roman;">
|
||||||
</li>
|
<li>
|
||||||
<li>
|
<strong>Government Authorities</strong> responsible for issuing ID documents or providing taxation functions
|
||||||
<strong>Certification Authorities</strong> issuing authentication tokens (including certificates) based on a published identity verification process
|
</li>
|
||||||
</li>
|
<li>
|
||||||
<li>
|
<strong>Certification Authorities</strong> issuing authentication tokens (including certificates) based on a published identity verification process
|
||||||
<strong>Commercial Identity Providers</strong> providing identity verification as a commercial service
|
</li>
|
||||||
</li>
|
<li>
|
||||||
</ol>
|
<strong>Commercial Identity Providers</strong> providing identity verification as a commercial service
|
||||||
</li>
|
</li>
|
||||||
<li>MUST provide a secure mechanism for validating a member's identity, including:
|
</ol>
|
||||||
<ol style="list-style-type: lower-roman;">
|
</li>
|
||||||
<li>
|
<li>MUST provide a secure mechanism for validating a member's identity, including:
|
||||||
<strong>Authentication Tokens</strong> which are delivered to the user and verifiable in a cryptographically strong fashion
|
<ol style="list-style-type: lower-roman;">
|
||||||
</li>
|
<li>
|
||||||
<li>
|
<strong>Authentication Tokens</strong> which are delivered to the user and verifiable in a cryptographically strong fashion;
|
||||||
<strong>Online Verification</strong> via a web interface, ideally which is verified by SSL/TLS
|
</li>
|
||||||
</li>
|
<li>
|
||||||
<li>
|
<strong>Online Verification</strong> via a web interface, ideally which is verified by SSL/TLS;
|
||||||
<strong>Out-of-Band</strong> communication directly with CAcert, Inc. as to the outcome of the verification
|
</li>
|
||||||
</li>
|
<li>
|
||||||
</ol>
|
<strong>Out-of-Band</strong> communication directly with CAcert as to the outcome of the verification;
|
||||||
</li>
|
</li>
|
||||||
<li>SHOULD conduct identification procedures similar in nature to CAcert's existing procedures (eg examining ID documents, obtaining 'assurances' from other trusted members)
|
</ol>
|
||||||
</li>
|
</li>
|
||||||
</ol>
|
<li>SHOULD conduct identification procedures similar in nature to CAcert's existing procedures (eg examining ID documents, obtaining "assurances" from other trusted members)
|
||||||
<h3>
|
</li>
|
||||||
2.4 Member
|
</ol>
|
||||||
</h3>
|
<h3>
|
||||||
<p>
|
2.4 Member
|
||||||
A Member (the subject of a verification) using the Remote Verification program:
|
</h3>
|
||||||
</p>
|
<p>
|
||||||
<ol style="list-style-type: lower-alpha;">
|
A Member (the subject of a verification) using the Remote Verification program:
|
||||||
<li>MUST agree to be bound the CAcert Community Agreement (CCA), including the Disupute Resolution Policy (DRP)
|
</p>
|
||||||
</li>
|
<ol style="list-style-type: lower-alpha;">
|
||||||
<li>MUST disclose any conflicts of interest (including but not limited to relationships with Assurers)
|
<li>MUST agree to be bound the CAcert Community Agreement (CCA), including the Disupute Resolution Policy (DRP)
|
||||||
</li>
|
</li>
|
||||||
<li>MUST cover the costs of their assurance (if any), including fees imposed by TTPs and Assurers
|
<li>MUST disclose any conflicts of interest (including but not limited to relationships with Assurers)
|
||||||
</li>
|
</li>
|
||||||
</ol>
|
<li>MUST cover the costs of their assurance (if any), including fees imposed by TTPs, TVPs, and Assurers
|
||||||
<h2>
|
</li>
|
||||||
3. Processes
|
</ol>
|
||||||
</h2>
|
<h2>
|
||||||
<h3>
|
3. Processes
|
||||||
3.1 Verification
|
</h2>
|
||||||
</h3>
|
<h3>
|
||||||
<ol style="list-style-type: lower-alpha;">
|
3.1 Verification
|
||||||
<li>Member SHALL create a CAcert account and agree to the CAcert Community Agreement (CCA)
|
</h3>
|
||||||
</li>
|
<ol style="list-style-type: lower-alpha;">
|
||||||
<li>Member SHALL complete the procedure specified by the applicable sub-policy(s), including being verified by the TVP
|
<li>Member SHALL create a CAcert account and agree to the CAcert Community Agreement (CCA)
|
||||||
</li>
|
</li>
|
||||||
</ol>
|
<li>Member SHALL complete the procedure specified by the applicable sub-policy(s), including being verified by the TVP
|
||||||
<h2>
|
</li>
|
||||||
4. Documentation
|
</ol>
|
||||||
</h2>
|
<h2>
|
||||||
<p>
|
4. Documentation
|
||||||
Where documentation is required by the verification process it shall be subject to the prevailing records management policies which may require that it be kept for a certain period or destroyed immediately after processing.
|
</h2>
|
||||||
</p>
|
<p>
|
||||||
<p>
|
Where documentation is required by the verification process it shall be subject to the prevailing records management policies which may require that it be kept for a certain period or destroyed immediately after processing.
|
||||||
<a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>
|
</p>
|
||||||
</p>
|
<p>
|
||||||
</body>
|
<a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>
|
||||||
</html>
|
</p>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
|||||||
Loading…
Reference in New Issue