|Networking government in New Zealand.

Tabs

Site map Access Keys Contact us About this site

You are here: Home » Services » SEEMail » S.E.E. PKI: Paper 5 - Identity, evidence of identity, and the registration process for S.E.E. Keys » 5 Evidence of Identity (EOI)

5 Evidence of Identity (EOI)

Within this section:
5.1 Strength of EOI
5.2 EOI for the business card and associate card approach
5.3 EOI for the passport approach

5.1 Strength of EOI

5.1.1 'High assurance' CAs often require a passport-like application process requiring multiple forms of identifying material, and witnesses.

5.1.2 At the other end of the scale it is possible to obtain certificates from many vendors via a web browser using only an email address as EOI.

5.2 EOI for the business card and associate card approach

5.2.1 S.E.E. Keys issued with the business card approach will be approved by the agency whose organisation name is on the certificate.

5.2.2 With this approach, the onus of identification and responsibility for accuracy is delegated to the agency. Agencies have the flexibility to use whatever internal processes are appropriate to ensure that S.E.E. Keys are held by the right individuals.

5.2.3 Agencies should review and compare existing processes for starting new staff, exiting staff, and changing computer account passwords to see how S.E.E. Key processes should fit in, and what EOI should be required both in these real world processes and those for S.E.E. Key.

5.2.4 For a more extensive discussion, see Problems in Mandating Strong Personal EOI in PKI, a paper presented to a meeting of the APEC Telecommunications Working Group in Canberra, March 2001.

5.3 EOI for the passport approach

5.3.1 The passport approach requires an individual to prove their identity to the CA or RA. This process must be rigorous to be of value, as there is no agency backing up the claim to a particular identity.

5.3.2 An application for a real passport is rigorous, contains information that can be checked (such as a photograph), and is relatively difficult to forge. It is recommended that the provision of a passport should be sufficient EOI in applying for a S.E.E. Key passport.

5.3.3 Where a person is not a New Zealand citizen, a foreign passport is also assumed to be acceptable.

5.3.4 Where a person does not have a passport, they need to prove their identity in a way similar to that in applying for a passport. The Authentication project is currently investigating similar issues, and until this project has reported we recommend the use of the Australian GateKeeper 100-point system.

[ Previous | Next ]