fixes per discussion
git-svn-id: http://svn.cacert.org/CAcert/Policies@783 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
parent
b8fe70c1fe
commit
b34de467a5
1 changed files with 34 additions and 17 deletions
|
@ -4,12 +4,12 @@
|
|||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<title>
|
||||
CACert Trusted Third Party (TTP) Policy
|
||||
CACert Remote Assurance Policy (RAP)
|
||||
</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>
|
||||
CACert Trusted Third Party (TTP) Policy
|
||||
CACert Remote Assurance Policy (RAP)
|
||||
</h1>
|
||||
<p>
|
||||
<a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
|
||||
|
@ -23,10 +23,10 @@
|
|||
0. Preliminaries
|
||||
</h2>
|
||||
<p>
|
||||
This CAcert sub-policy extends the Assurance Policy ("AP") by specifying how the CAcert Assurance Program ("CAP") is to be remotely conducted for members where insufficient local assurer(s) are available. An existing local CAcert Assurer shall be assigned to conduct the assurance to their satisfaction using TWO Trusted Third Parties ("TTP"s) under the supervision of the Assurance Officer ("AO").
|
||||
This CAcert sub-policy extends the Assurance Policy ("AP") by specifying how assurances are to be remotely conducted for members where insufficient assurer(s) are available. A Remote Assurer ("RA") shall be assigned by a board-appointed Remote Assurance Officer ("RAO") to conduct the assurance to their satisfaction using TWO Trusted Third Parties ("TTP"s).
|
||||
</p>
|
||||
<p>
|
||||
Successful completion of the Trusted Third Party process shall result in the Assuree achieving the status of Assurer (eg the allocation of sufficient points to reach 100). However this status should not be considered permanent as points may expire so they should seek assurance by the usual means as soon as practicable.
|
||||
Successful completion of the process shall result in the Assuree achieving the status of Assurer (eg the allocation of sufficient points to reach 100). However this status should not be considered permanent and the Assuree must seek assurance by the usual means as soon as practicable.
|
||||
</p>
|
||||
<h2>
|
||||
1. Scope
|
||||
|
@ -38,13 +38,13 @@
|
|||
2. Requirements
|
||||
</h2>
|
||||
<h3>
|
||||
2.1 Trusted Third Party (TTP)
|
||||
2.1 Trusted Third Party ("TTP")
|
||||
</h3>
|
||||
<p>
|
||||
Each of the TWO Trusted Third Party(s) ("TTP"):
|
||||
Each of the TWO TTPs:
|
||||
</p>
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
<li>MUST be <i><strong>verifiably</strong></i> one of the following:<br />
|
||||
<li>MUST be <i><strong>verifiably practicing identification procedures</strong></i>, typically one of the following:<br />
|
||||
<ol style="list-style-type: lower-roman;">
|
||||
<li>
|
||||
<strong>Accountant</strong> licensed and/or certified by the local authority (eg CPA)
|
||||
|
@ -66,26 +66,28 @@
|
|||
</li>
|
||||
</ol>
|
||||
</li>
|
||||
<li>MUST retain the TTP form for at least 60 days and respond to CAcert enquiries in a timely fashion
|
||||
<li>MUST retain the TTP form(s) for at least 60 days and respond to CAcert enquiries in a timely fashion
|
||||
</li>
|
||||
<li>SHOULD have experience with the CAcert TTP program, unless no experienced local TTPs are available within a 30 day period
|
||||
</li>
|
||||
<li>SHOULD be recommended to the Assuree by the RA where possible so as to improve security
|
||||
</li>
|
||||
</ol>
|
||||
<h3>
|
||||
2.2 Assurer
|
||||
2.2 Remote Assurer ("RA")
|
||||
</h3>
|
||||
<p>
|
||||
An assurer conducting a remote assurance using TTPs:
|
||||
An RA conducting assurances remotely using TTPs:
|
||||
</p>
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
<li>MUST be satisfied as to the identity and competency of the TTP, as though they were to be conducting the assurance themselves
|
||||
<li>MUST be approved by a board-appointed Remote Assurance Officer ("RAO")
|
||||
</li>
|
||||
<li>SHOULD be the most senior assurer available
|
||||
<li>MUST be satisfied as to the identity and competency of the TTP in identification procedures, as though they were to be conducting the assurance themselves
|
||||
</li>
|
||||
<li>SHOULD be the most senior Assurer available
|
||||
</li>
|
||||
<li>SHOULD have experience with the TTP program, unless no experienced local Assurers are available within a 30 day period
|
||||
</li>
|
||||
<li>SHOULD recommend TTPs to the Assuree where possible so as to improve security
|
||||
</li>
|
||||
<li>MAY charge a reasonable fee for the service, provided that fee is disclosed in advance
|
||||
</li>
|
||||
</ol>
|
||||
|
@ -161,6 +163,21 @@
|
|||
<li>Disputes requiring access to the TTP form and copies of identity documents must be handled within 60 days of the TTP meeting (after which time the TTP MAY be revoked)
|
||||
</li>
|
||||
</ol>
|
||||
<h2>
|
||||
3. Documentation
|
||||
</h2>
|
||||
<h3>
|
||||
3.1 Remote Assurance Form
|
||||
</h3>
|
||||
<p>
|
||||
The Remote Assurance Form is to be completed (in duplicate for paper forms) and:
|
||||
</p>
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
<li>SHALL include all information required by the Assurance Policy
|
||||
</li>
|
||||
<li>SHOULD include a concise guide for Assurees and TTPs
|
||||
</li>
|
||||
</ol>
|
||||
<h2>
|
||||
4. Exclusions
|
||||
</h2>
|
||||
|
@ -178,14 +195,14 @@
|
|||
<li>
|
||||
<strong>Trusted Third Parties:</strong><br />
|
||||
<ol style="list-style-type: lower-roman;">
|
||||
<li>Unqualified TTPs (due to inadequate qualifications, eg students)
|
||||
<li>Unqualified TTPs (due to insufficient qualifications)
|
||||
</li>
|
||||
</ol>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Assurers:</strong><br />
|
||||
<strong>Remote Assurers:</strong><br />
|
||||
<ol style="list-style-type: lower-roman;">
|
||||
<li>Underage assurers (due to inadequate experience/liability)
|
||||
<li>Assurers under age of majority (due to inadequate experience/liability)
|
||||
</li>
|
||||
</ol>
|
||||
</li>
|
||||
|
|
Loading…
Reference in a new issue