[cabfcert_policy] Trusted roles include roles that involve the following responsibilities:
Moudrick M. Dadashov
md at ssc.lt
Thu Mar 10 08:59:10 MST 2016
Trusted roles include roles that involve the following responsibilities:
- Security Officers: Overall responsibility for administering the
implementation of the security practices.
- System Administrators: Authorized to install, configure and maintain
the TSP trustworthy systems for service management.
- System Operators: Responsible for operating the TSP trustworthy
systems on a day-to-day basis.
Authorized to perform system backup and recovery.
- System Auditors or evaluators: Authorized to view archives and audit
logs of the TSP trustworthy systems.
On 3/10/2016 5:49 PM, Moudrick M. Dadashov wrote:
> The service of issuing certificates is broken down in the present
> document into the following component services for the
> purposes of classifying requirements:
> • Registration service: verifies the identity and, if applicable, any
> specific attributes of a subject. The results of
> this service are passed to the certificate generation service.
> • Certificate generation service: creates and signs certificates based
> on the identity and other attributes verified
> by the registration service.
> • Dissemination service: disseminates certificates to subjects, and if
> the subject consents, makes them available
> to relying parties. This service also makes available the TSP's terms
> and conditions, and any published policy
> and practice information, to subscribers and relying parties.
> • Revocation management service: processes requests and reports
> relating to revocation to determine the
> necessary action to be taken. The results of this service are
> distributed through the revocation status service.
> • Revocation status service: provides certificate revocation status
> information to relying parties. This may be
> based upon certificate revocation lists or a real time service which
> provides status information on an individual
> basis. The status information may be updated on a regular basis and
> hence may not reflect the current status of
> the certificate.
> And optionally:
> • Subject device provision service: prepares, and provides or makes
> available signature-creation devices, or
> other secure user device, to subjects.
>
> On 3/10/2016 5:02 PM, Ben Wilson wrote:
>>
>> Join me here - https://join.me/402-043-277
>>
>>
>>
>> _______________________________________________
>> Policyreview mailing list
>> Policyreview at cabforum.org
>> https://cabforum.org/mailman/listinfo/policyreview
>
>
>
> _______________________________________________
> Policyreview mailing list
> Policyreview at cabforum.org
> https://cabforum.org/mailman/listinfo/policyreview
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/policyreview/attachments/20160310/3208b724/attachment.html
More information about the Policyreview
mailing list