cacert-policies/RemoteVerificationPolicy.html

114 lines
4.3 KiB
HTML

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>
CACert Remote Verification Policy (RVP)
</title>
</head>
<body>
<h1>
CACert Remote Verification Policy (RVP)
</h1>
<p>
<a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
Editor: Pete Stephenson<br />
Creation date: 2008-07-12<br />
Last change by: Pete<br />
Last change date: 2008-07-14 21:42 MST<br />
Status: WIP 2008-07-12<br />
Next status: DRAFT 08-2008<br />
<!-- $Id$ -->
</p>
<h2>
0. Preamble
</h2>
<p>
This sub-policy extends the Assurance Policy ("AP") by providing a framework for members to verify their identity via Trusted Verification Provider ("TVP"s) including Government Authorities, Certification Authorities and Commercial Identity Providers, under the supervision of the Assurance Officer ("AO").
</p>
<p>
Successful completion of the process defined in RVP sub-policies shall result in the allocation of up to 50 points depending on level of trust in the TVP and the verification process.
</p>
<h2>
1. Scope
</h2>
<p>
This sub-policy is available to all Members.
</p>
<h2>
2. Roles
</h2>
<h3>
2.1 Trusted Verification Provider ("TVP")
</h3>
<p>
Each TVP::
</p>
<ol style="list-style-type: lower-alpha;">
<li>MUST be <i><strong>verifiably practicing identification procedures</strong></i>, typically one of the following:<br />
<ol style="list-style-type: lower-roman;">
<li>
<strong>Government Authorities</strong> responsible for issuing ID documents or providing taxation functions
</li>
<li>
<strong>Certification Authorities</strong> issuing authentication tokens (including certificates) based on a published identity verification process
</li>
<li>
<strong>Commercial Identity Providers</strong> providing identity verification as a commercial service
</li>
</ol>
</li>
<li>MUST provide a secure mechanism for validating a member's identity, including:
<ol style="list-style-type: lower-roman;">
<li>
<strong>Authentication Tokens</strong> which are delivered to the user and verifiable in a cryptographically strong fashion;
</li>
<li>
<strong>Online Verification</strong> via a web interface, ideally which is verified by SSL/TLS;
</li>
<li>
<strong>Out-of-Band</strong> communication directly with CAcert as to the outcome of the verification;
</li>
</ol>
</li>
<li>SHOULD conduct identification procedures similar in nature to CAcert's existing procedures (eg examining ID documents, obtaining "assurances" from other trusted members)
</li>
</ol>
<h3>
2.4 Member
</h3>
<p>
A Member (the subject of a verification) using the Remote Verification program:
</p>
<ol style="list-style-type: lower-alpha;">
<li>MUST agree to be bound the CAcert Community Agreement (CCA), including the Disupute Resolution Policy (DRP)
</li>
<li>MUST disclose any conflicts of interest (including but not limited to relationships with Assurers)
</li>
<li>MUST cover the costs of their assurance (if any), including fees imposed by TTPs, TVPs, and Assurers
</li>
</ol>
<h2>
3. Processes
</h2>
<h3>
3.1 Verification
</h3>
<ol style="list-style-type: lower-alpha;">
<li>Member SHALL create a CAcert account and agree to the CAcert Community Agreement (CCA)
</li>
<li>Member SHALL complete the procedure specified by the applicable sub-policy(s), including being verified by the TVP
</li>
</ol>
<h2>
4. Documentation
</h2>
<p>
Where documentation is required by the verification process it shall be subject to the prevailing records management policies which may require that it be kept for a certain period or destroyed immediately after processing.
</p>
<p>
<a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>
</p>
</body>
</html>