version | changes | approval date |
---|---|---|
1.0 | initial policy | 2019-01-28 |
1.1 | add pseudonym name variant | 2019-04-16 |
1.2 | rephrasing | 2020-05-24 |
This policy describes the process of a Verification for the Registration Authority of TERACARA conducted by an RA Agent.
A Verification is the process defined by TERACARA to verify the names that SHOULD be used in a certificate with the identity of the person for whom the certificate will be issued or to verify an organisation.
TERACARA allows the Applicant to have several different name variants in their account.
TERACARA offers a variety of different Verification types which are defined in sub policies to this policy.
Current the following types are available:
If a Verification is conducted by an RA Agent it always consists out of two steps, a F2F meeting and the entering of the data.
During the F2F meeting the RA Agent records his findings on the Verification Form.
While entering the data to the system the RA Agent checks if the listed name variants given by RA Agent System matches the ones recorded on the Verification form and grants Verification Points for the name variants on the Verification Form.
A Verification MUST be entered within 3 months after the F2F meeting.
The following types of name variants are available:
A detailed description of how to use the different styles is given in the handbook of names. Here special cases are listed.
The western style name variant consists at least out of one full first name and the main last name. Additional more first names or last names or suffixes can be added. Additional first names can be abbreviated or in full name.
To get the name variant verified all parts of the name needs to be verified by at least one document presented during the F2F meeting.
The single name variant SHOULD be used for persons who only have a single name.
To get the name variant verified the single name needs to be verified by at least one document presented during the F2F meeting.
The pseudonym variant SHOULD be used for persons who have a pseudonym entered in their governmental issued IDs.
To get the name variant verified the pseudonym needs to be verified by at least one document presented during the F2F meeting.
An RA Agent can grant up to 35 VP for a Verification.
The maximum depends on the experience of the RA Agent. For the first Verifications an RA Agent can issue up to 10 VP.
For each successful Verification entered in RA Agent System 4 Experience Points (EP) are granted. Multiple Verifications of the same Fellow are only counted once.
For each 5 successful Verifications the RA Agent can grant up to 5 VP more.
It is allowed to have multiple Verifications by the same RA Agent.
In this case always the last VP issued are counted to the total of VP.
There MUST be a time span of at least 3 months between any two Verifications by the same RA Agent.
Depending on the amount of Verification Points (VP) gathered for one name variant different levels of usage are available.
To issue a name variant to a certificate or to use a special role the last Verification of the name variant MUST not be older than 27 months.
A certificate for the name variant will not be issued.
A certificate for the name variant can be issued.
To issue a code signing certificate with the name variant at least 100 VP are needed.
For special roles at least one name variant in the User Account needs to have at least 100 VP.
Some of these special roles are
The RA Agent is a special trained fellow who is allowed to conduct a Verification for TERACARA.
The main task of the RA Agent is to conduct a Verification for TERACARA.
The RA Agent MUST NOT verify Applicants that are spouse or life partners and first-degree relatives (next of kin).
Additional tasks are:
RA Agent System provides a method where anyone can check if an RA Agent fills the role of an RA Agent.
An RA Agent MUST identify themselves to the Applicant at the beginning of a Verification with a valid RA Agent card issued over the RA Agent System.
The RA Agent is responsible for the data protection of the data recorded on the Verification Form.
The RA Auditor is special trained person appointed as RA Auditor by Board of WPIA or an appointed person.
It is recommended that the RA Auditor is an RA Agent.
The task of the RA Auditor is to audit the different areas of the Registration Authority (RA) of TERACARA.
The RA Auditor MAY ask to audit a verification. In this case the RA Agent and the Applicant needs to accept that the RA Auditor observes the Verification. The RA Auditor should not interfere the Verification but can make some comments afterwards.
The RA Auditor MAY ask an RA Agent to provide a copy of the Verification Form to verify that the data on the form matches the entries verified by the RA Agent. In this case the copy of the Verification Form MUST be destroyed instantly after this audit process is completed.
The RA Auditor MUST present the RA Auditor ID card issued by TERACARA to proof the RA Auditor role. The RA Agent System will provide a method to verify the RA Auditor ID card.