1 / 6

On live video supported F2F May 9-11, 2016 Abingdon, Oxfordshire, UK

On live video supported F2F May 9-11, 2016 Abingdon, Oxfordshire, UK. For the BIRCH and CEDAR Assurance. [Vetting] should be based on a face-to-face meeting and should be confirmed via photo-identification and/or similar valid official documents.

williamagomez
Download Presentation

On live video supported F2F May 9-11, 2016 Abingdon, Oxfordshire, UK

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On live video supported F2FMay 9-11, 2016Abingdon, Oxfordshire, UK

  2. For the BIRCH and CEDAR Assurance [Vetting] should be based on a face-to-face meeting and should be confirmed via photo-identification and/or similar valid official documents. Identity vetting and validation should be based on • an in-person appearance before a trusted agent of the authority with presentation of a reliable photo-ID and/or valid official documents; or • be validated using notary-public attestations and/or official government data sources and supported by remote live video conversation; or • be performed according to KantaraLoA 2 or better.

  3. Some current methods Most CAs support explicit F2F only • But may be designating RAs in many different ways Video-supported • Notary-public via postal mail + video: BR, TR • Government records: some TCS subscribers (universities with access to these databases) KantaraLoA 2 • Some TCS countries (SE) for some of their applicants

  4. On the notary public & govt. databases • In many countries, notaries are rather exclusive, and rather expensive to attest to documents (think ~€25 + half a day & travel for the appointment) • Access to databases to rather complex for most orgs • So e.g. HPCI and others are looking for alternatives By ‘chance’, I was exposed to another, quite interesting and rigorous process – which was easier – if you’re allowed to keep photographs … … and which some CAs (specifically HPCI, but I expect many others) would seriously want to consider!

  5. Challenge-response live video • Send a registration form that can mostly be filled beforehand to the email address of record • Start a video-conf (even just HD skype), and have the applicant write down some unique information on the form and sign it visibly during the chat. • Ask applicant to scan this form, and mail it to the RA • Have the applicant hold up the same form, a govt photoID, next to the face, and (I assume) have the RAtake a screenshot for record • The RA can check if the form is correct, and – with the nonce – if it’s the same person (the video is ongoing) • The RA has validated the data, photoID, and a ‘video nonce’, and has the screenshot as proof

  6. Open questions • The applicant needs a scanner & printer nearby – does that help for most applicants? • Is this an alternative acceptable process? • Is keeping the photograph a critical element? • If so:how can we document it in a way that is verifiable?

More Related