[cabf_validation] RA Functional Model
Ben Wilson
ben.wilson at digicert.com
Thu Apr 6 08:28:02 MST 2017
If we want to embark on an effort to develop a functional model of RA
systems, this might help. It comes from the ABA's PKI Assessment Guidelines
(http://www.americanbar.org/content/dam/aba/events/science_technology/2013/p
ki_guidelines.authcheckdam.pdf):
. registration authority functions are a subset of certification authority
functions. There are nine CA functions, of which five are identical to RA
functions in this section. In many, if not most contexts, RA functions are
considered to be "front-end" functions involving direct contact with
certificate applicants and subscribers that leverage the RA's greater
knowledge of the certificate applicants and subscribers (compared to the CA)
and its direct relationship with them. The five CA functions that are also
RA functions are the following:
* Establish an environment and procedure for certificate applicants to
submit their certificate applications (e.g., creating a web-based enrollment
page);
* The identification and authentication of individuals or entities who
apply for a certificate;
* The approval or rejection of certificate applications;
* The initiation of certificate revocations, either at the
subscriber's request or upon the entity's own initiative; and
* The identification and authentication of individuals or entities
submitting requests to renew certificates or seeking a new certificate
following a re-keying process and processes set forth above for certificates
issued in response to approved renewal or re-keying requests.
Ben Wilson, JD, CISA, CISSP
VP Compliance
+1 801 701 9678
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20170406/d189e5c0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6100 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20170406/d189e5c0/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4974 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20170406/d189e5c0/attachment.bin>
More information about the Validation
mailing list