History

Scope

This policy describes the process of a Verification for the Registration Authority of TERACARA conducted by an RA Agent.

Definitions

• Applicant - Fellow who wants their name verified
• CA - Certification Authority of TERACARA
• Documents - Govermental issued photo identity documents e.g ID card, passport, see [acceptable documents]
• Experience Points (EP) - Points gathered by an RA Agent performing Verifications
• Face to Face (F2F) meeting - Meeting where Applicant and RA Agent meet in person
• Fellow - Any person who has a valid account on the Gigi System of TERACARA
• Name variants - Different variants of a name e.g. John W. Doe and John Wilbur Doe
• Organisation Administrator - Person who is allowed to maintain an Organisation Account on Gigi
• Organisation RA Agent - RA Agent who is allowed to perform Verifications for organisations
• RA - Registration Authority of TERACARA
• RA Agent - Person who is allowed to conduct a Verification
• RA Agent Contract - Contract between RA Agent and WPIA
• RA Agent System - The CA/RA system used by TERACARA available as web application
• RA Auditor - person who audits the RA processes of TERACARA
• Trusted Third Party (TTP) - person or method that can prove the identity of an indivdual on a professional basis.
• TTP RA Agent - RA Agent who is allowed to perform TTP Verifications
• TTP Verification - Verification process conducted by a TTP RA Agent together with a TTP
• Verification - Process to verify the names of a person with his identity given in documents
• Verification Form - Form where the Verification is recorded
• Verification Points (VP) - Points granted to Applicant during the Verification
• Verification Points - Points granted during the Verification

Verification

A Verification is the process defined by TERACARA to verify the names that SHOULD be used in a certificate with the identity of the person for whom the certificate will be issued or to verify an organisation.

TERACARA allows the Applicant to have several different name variants in their account.

TERACARA offers a variety of different Verification types which are defined in sub policies to this policy.

Current the following types are available:

• RA Agent Verification
  • TTP Verification
  • Nucleus Verification
• Organisation Verification

If a Verification is conducted by an RA Agent it always consists out of two steps, a F2F meeting and the entering of the data.

During the F2F meeting the RA Agent records his findings on the Verification Form.

While entering the data to the system the RA Agent checks if the listed name variants given by RA Agent System matches the ones recorded on the Verification form and grants Verification Points for the name variants on the Verification Form.

A Verification MUST be entered within 3 months after the F2F meeting.

Name variants

The following types of name variants are available:

• Western style
• Single name
• Pseudonym

A detailed description of how to use the different styles is given in the handbook of names. Here special cases are listed.

Western Style

The western style name variant consists at least out of one full first name and the main last name. Additional more first names or last names or suffixes can be added. Additional first names can be abbreviated or in full name.

To get the name variant verified all parts of the name needs to be verified by at least one document presented during the F2F meeting.

Single Name

The single name variant SHOULD be used for persons who only have a single name.

To get the name variant verified the single name needs to be verified by at least one document presented during the F2F meeting.

Pseudonym

The pseudonym variant SHOULD be used for persons who have a pseudonym entered in their governmental issued IDs.

To get the name variant verified the pseudonym needs to be verified by at least one document presented during the F2F meeting.

Verification Points

Granted Verification Points

An RA Agent can grant up to 35 VP for a Verification.

The maximum depends on the experience of the RA Agent. For the first Verifications an RA Agent can issue up to 10 VP.

For each successful Verification entered in RA Agent System 4 Experience Points (EP) are granted. Multiple Verifications of the same Fellow are only counted once.

For each 5 successful Verifications the RA Agent can grant up to 5 VP more.

• < 20 EP maximum of 10 VP
• < 40 EP maximum of 15 VP
• < 60 EP maximum of 20 VP
• < 80 EP maximum of 25 VP
• < 100 EP maximum of 30 VP
• >= 100 EP maximum of 35 VP

Multiple Verifications

It is allowed to have multiple Verifications by the same RA Agent.

In this case always the last VP issued are counted to the total of VP.

There MUST be a time span of at least 3 months between any two Verifications by the same RA Agent.

Verification Points Levels

Depending on the amount of Verification Points (VP) gathered for one name variant different levels of usage are available.

To issue a name variant to a certificate or to use a special role the last Verification of the name variant MUST not be older than 27 months.

< 50 VP

A certificate for the name variant will not be issued.

>= 50 VP

A certificate for the name variant can be issued.

>= 100 VP

To issue a code signing certificate with the name variant at least 100 VP are needed.

For special roles at least one name variant in the User Account needs to have at least 100 VP.

Some of these special roles are

• RA Agent
• Organisation RA Agent
• Organisation Administrator

RA Agent

The RA Agent is a special trained fellow who is allowed to conduct a Verification for TERACARA.

Preconditions

• The RA Agent MUST have at least one name variant in their account with a minimum of 100 VP and the last Verification not older than 27 months.
• The RA Agent MUST proof their knowledge of the current policies and processes by passing an online test. This test MUST NOT be older than 1 year.
• The RA Agent MUST sign the RA Contract to be legally bound to the TERACARA legal framework.

Tasks

The main task of the RA Agent is to conduct a Verification for TERACARA.

The RA Agent MUST NOT verify Applicants that are spouse or life partners and first-degree relatives (next of kin).

Additional tasks are:

• Password reset with Verification
• Organisation RA Agent
• Nucleus RA Agent
• TTP RA Agent
• Organisation Administrator

Proof Of RA Agent Role

RA Agent System provides a method where anyone can check if an RA Agent fills the role of an RA Agent.

An RA Agent MUST identify themselves to the Applicant at the beginning of a Verification with a valid RA Agent card issued over the RA Agent System.

Data Protection

The RA Agent is responsible for the data protection of the data recorded on the Verification Form.

• The Verification Form MUST NOT be displayed to the public.
• The Verification Form MUST be kept in a secure manner for 3 years after the year of the Verification. After this period the Verification Form MUST be destroyed in a secure manner.
• Only the Applicant, the RA Agent, Arbitration in an arbitration case, RA Auditor during an audit case and Support in a support case MAY have access to the data of the Verification Form.

RA Auditor

The RA Auditor is special trained person appointed as RA Auditor by Board of WPIA or an appointed person.

It is recommended that the RA Auditor is an RA Agent.

Tasks

The task of the RA Auditor is to audit the different areas of the Registration Authority (RA) of TERACARA.

The RA Auditor MAY ask to audit a verification. In this case the RA Agent and the Applicant needs to accept that the RA Auditor observes the Verification. The RA Auditor should not interfere the Verification but can make some comments afterwards.

The RA Auditor MAY ask an RA Agent to provide a copy of the Verification Form to verify that the data on the form matches the entries verified by the RA Agent. In this case the copy of the Verification Form MUST be destroyed instantly after this audit process is completed.

The RA Auditor MUST present the RA Auditor ID card issued by TERACARA to proof the RA Auditor role. The RA Agent System will provide a method to verify the RA Auditor ID card.