From IDESG Wiki
(Redirected from RFC 3647)
Jump to navigation Jump to search

Title: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework

Category: Identity Provider Policy

Date: 11/1/2003

Creator: IETF


Description: A standard framework for Certificate Policies (CPs) and Certification Practice Statements (CPSs). The document is intended to provide a structure but not the requirements for what the policies should be. A Certificate Policy is defined as "a named set of rules that indicates the applicability of a certificate to a particular community and/or class of applications with common security requirements." The intention is for the CP to provide enough information for a Relying Party to be able to make a determination whether the operations are trustworthy. The Certification Practice Statement is a document detailing the practices employed by the CA in issuing certificates. The CPS is not typically publically available but is used by operators, system adminsitrators, policy management authorities and compliance auditors. IETF RFC 3647 is an update of IETF RFC 2527.

Privacy: The framework specifies where issuers document their privacy policy, what information is considered private within the PKI, responsibilities regarding protection of PII, requirements for consent and/or notification when PII is used or disclosed, and when participants may release PII during legal or administrative proceedings.

Security: The document is an information security standard.

Interoperability: The document supports an interoperable policy framework by providing a common framework for specifying an organization's policies for certificate issuance.

Terms: Activation Data, Authentication, Ca-certificate, Certificate Policy, Certification Path, Certification Practice Statement, CPS Summary (or CPS Abstract), Identification, Issuing Certification Authority (issuing CA), Participant, PKI Disclosure Statement, Policy Qualifier, Registration Authority, Relying Party, Relying Party Agreement, Set Of Provisions, Subject Certification Authority (subject CA), Subscriber, Subscriber Agreement