|Networking government in New Zealand.

Tabs

Site map Access Keys Contact us About this site

You are here: Home » Services » SEEMail » S.E.E. PKI: Paper 5 - Identity, evidence of identity, and the registration process for S.E.E. Keys » 4 The needs of relying parties

4 The needs of relying parties

Within this section:
4.2 Implications for the registration process

4.1.1 A relying party is a system or individual who relies on signed data (authentication for access control also uses signed data temporarily).

4.1.2 The relying party places some level of confidence that the signatory indeed was the individual named in the certificate used for signing the data.

4.1.3 We need to ensure that the registration process is such that relying parties would be confident about using S.E.E. to protect SENSITIVE information.

4.1.4 Relying parties need to be confident of a lot more than just the registration process (refer paper 4), but this document is limited to the registration process.

4.1.5 For the business card approach, and for digital signature, relying parties need to be confident that the individual named in a S.E.E. Key is in the service of the specified organisation, and that no one else could feasibly be impersonating that individual.

4.1.6 Because business card certificates include the organisation name, a relying party can take up any issues with the organisation.

4.1.7 For the passport approach, relying parties need to be confident (a) that no one else could feasibly be impersonating the individual, (b) about the link between a particular certificate and a directory entry and (c) about the attributes in the directory.

4.1.8 For the associate card approach, the relying party is usually the issuing agency.

4.2 Implications for the registration process

4.2.1 For the business card approach, the process needs to ensure that:

An individual can be issued with a S.E.E. Key only in the name by which they are usually known within the organisation.
An individual can be issued with a S.E.E. Key stamped with the organisation name only if they are in the service of the organisation.
The email address specified is in the control of the organisation.

4.2.2 For the passport approach, the process needs to ensure that

The individual can be issued with a S.E.E. Key only in the name by which they are called in official documentation as a citizen, i.e. as it appears on their passport.
The email address specified is in the control of the individual.

4.2.3 For the associate card approach, the process needs to ensure that:

An individual can be issued with a S.E.E. Key only in the name by which they are usually known to the issuing organisation.
The email address specified is in the control of the individual.

4.2.4 For legal digital signature certificates, higher strength EOI may be required, supported by excellent processes and secure audit trail. However these issues will be considered at a future date.

[ Previous | Next ]