-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 = Collier Technologies LLC CPS = Copyright © 2010, 2011, Collier Technologies, LLC == Overview == This document will fill the role of Certification Practices Statement as described in 434-180-330 WAC once the CA is fully licensed by the state. http://apps.leg.wa.gov/WAC/default.aspx?cite=434-180-330 This document may change without notice. Historical versions will be made available here: [http://git.colliertech.org/?p=state.git;a=blob;f=cps.txt git://git.colliertech.org/colliertech/state.git] == Operative Personnel Responsibilities == === Notary Public prerequisite === All Operative Personnel employed by Collier Technologies LLC, known here as the Certification Authority or CA, must also be licensed as notaries public by the local government where they reside during any act performed on behalf of the CA. === Demonstration of Proficiency === In addition to passing the Washington State Operative Personnel Exam, all OPs employed by the CA will demonstrate their proficiency by a) creating a request for issuance as described in 19.34.210(1) RCW, known here as a Certificate Signing Request or CSR; and b) signing CSR from (a) with a private key issued by the Certification Authority; and c) publishing the public key corresponding to the CSR signed in (b) in a recognized repository as defined by 19.34.400 RCW === Use of private key === While holding the position of Operative Personnel for the CA, the OP will a) utilize the private key corresponding to the CSR presented during the demonstration of proficiency exclusively for duties performed on behalf of the CA b) not use the private key referenced in (a) for purposes other than those performed on behalf of the CA. In the case that Operative Personnel contract or employment is terminated, certificates issued to Operative Personnel by the CA will be revoked starting midnight of the date of termination of contract or employment. == Private key data maintenance == === Physical Storage === All private key data controlled by the CA and all Operative Personnel must be a) stored on a solid-state device; and b) kept within a locked safe except while i) in use by OP acting on behalf of the CA; or ii) being reviewed by auditors or customs personnel === Trustworthy system === All solid-state devices containing private key data controlled by the CA and all Operative Personnel may only be used a) on a Trustworthy system, as defined in 19.34.020(43) RCW; and b) with a system which remains always disconnected from any computer network == Dispute Resolution == * Choice of forum: San Juan County * Choice of law: Revised Code of Washington == Certificate Classes == === Trust Levels === ==== Automated ==== The 'Automated' class of certificate requires minimal identity verification. The verification is performed by computer software and includes a "Centi" reliance limit. ==== Core ==== The 'Core' class of certificate requires minimal identity verification. The verification is performed by operative personnel and includes a "Deci" recommended reliance limit. ==== Basic ==== The 'Basic' class of certificate requires identity verification through a trusted third party. Acceptable methods of identity verification include * Bi-directional PGP trust paths of distance 3 or less with the CA's official PGP signing key * A certificate published in a recognized repository along with proof of ownership of associated private key * A driver's license or passport issued by an agent of the subject's local governmental authority * A verification upon oath or affirmation as defined in 42.44.010(5) RCW which ** identifies the affiant with a 300dpi or greater copy of one or more governmentally issued identification documents; and which ** is signed and sealed by a public official licensed to perform notarial acts ==== Extended ==== ==== Business ==== ==== Enterprise ==== Requires of the subject the same identity verification and background checks as are required by the Secretary of State of Certification Authority Operative Personnel. === Recommended Reliance Limits === ==== Centi ==== The minimal reliance limit. This is the reliance limit which will be assumed, should none be otherwise specified. USD $0.01 ==== Deci ==== This is the minimum reliance limit which will be assumed on all certificates created using manual intervention by operative personnel. USD $0.10 ==== Deca ==== USD $10.00 ==== Hecto ==== USD $100.00 ==== Kilo ==== USD $1,000.00 ==== Mega ==== USD $10,000.00 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBCAAGBQJOBSnEAAoJEEyimPmPQm230N8H/2870PZdGiGdmS9hfRv/z1WF byvs23rrB9QFzlWxF2syTM/ixCUjEwyBC2oZV42BuPfClqFq8f6NW0XED9mHu+W1 9wtbS7y1u1YV8BpU7um71YC0ktV0g8u2mZl/dF7YZPjcmksN4DQngFBV7lQXeuxh OKenx4xV7/jsNzFnVeucTCGnDiyk2e9gu2hqAijzAmDbOTKPB7+njqXcJH+uN6aN RCAjyafXe4Gr7/rK7PyzW46hpXlUYLFPApOVXy/fG9VjZL27mhya3xDN0CPP6URn v4ZDqK1dJnMHU1gXN/HvDRnrfFzEN23ZUh0dLoD3kcyEzqlxmqYHS1IRfokBc20= =j9LK -----END PGP SIGNATURE-----