[cabfcert_policy] Trusted Roles Discussion

Silva, Marcelo masilva at visa.com
Thu Mar 24 08:03:09 MST 2016 

I agree with Ben.
Additionally I think we have always to make a clear distinction between RA and RA system, once RA can be used to identify an organization that is a Registration Authority for a CA, and RA system is the system itself managed by the RA organization.

From: policyreview-bounces at cabforum.org [mailto:policyreview-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: Thursday, March 24, 2016 10:46 AM
To: Ben Wilson <ben.wilson at digicert.com>; policyreview at cabforum.org
Subject: Re: [cabfcert_policy] Trusted Roles Discussion

After talking on the call about this, I think it is better if we don't go down this path of defining specific roles.  Instead, Peter suggested that  we outline tasks or functions to be performed and then specify that they be performed by a person in a trusted role, and that  persons in trusted roles receive training appropriate to the  performance of the task or function assigned.  That will make this section 5.2.1 shorter and easier to digest, and therefore the  ballot will be more likely to pass.

From: policyreview-bounces at cabforum.org<mailto:policyreview-bounces at cabforum.org> [mailto:policyreview-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: Thursday, March 24, 2016 7:57 AM
To: policyreview at cabforum.org<mailto:policyreview at cabforum.org>
Subject: [cabfcert_policy] Trusted Roles Discussion

For discussion today:

European - ETSI

U.S.  - NIST

CABF Proposal?

- System Administrators: Authorized to install, configure and maintain the TSP trustworthy systems for service management.

CA Administrator:    Installation, configuration, and maintenance of the CA and CSS


Administrator - responsible for the installation, configuration, and maintenance of systems

- System Operators: Responsible for operating the TSP trustworthy systems on a day-to-day basis.
Authorized to perform system backup and recovery.

Operations Staff:   Registering new subscribers and requesting the issuance of certificates. ...

Configuring certificate profiles or templates

Operator - responsible for backup and recovery

- Security Officers: Overall responsibility for administering the implementation of the security practices.

Security Auditors are responsible for internal auditing of CAs and RAs.  Security Auditors shall review, maintain, and archive audit logs, and perform or oversee internal audits (independent of formal compliance audits) to ensure that CAs and RAs are operating in accordance with the associated CPSs

Security Officer - responsible for administering the implementation of the security practices.

- System Auditors or evaluators: Authorized to view archives and audit logs of the TSP trustworthy systems.

See above

Internal auditors - -responsible for reviewing the audit logs



RA Staff -   Installation, configuration, and maintenance of the RA, etc.

Validation Specialist - responsible for validating certificate requests


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/policyreview/attachments/20160324/18761102/attachment.html

More information about the Policyreview mailing list