Skip to Content.
Sympa Menu

assurance - [Assurance] RE: question about Credential Issuance Process

Subject: Assurance

List archive

[Assurance] RE: question about Credential Issuance Process


Chronological Thread 
  • From: "Jones, Mark B" <>
  • To: "" <>
  • Subject: [Assurance] RE: question about Credential Issuance Process
  • Date: Mon, 12 Nov 2012 14:04:11 -0600
  • Accept-language: en-US
  • Acceptlanguage: en-US

The point of this as I read it is to guarantee that the binding between the issued credential and the physical person is not lost in the process.

 

There is no point in doing rigorous identity vetting if the next step is to send the person somewhere else to receive their password with no proof who he or she is.  In other words, how do you know that the person that is issued a credential at the end of the process is the same person that was identity vetted during registration at the beginning of the process?

 

From: [mailto:] On Behalf Of Lisa Campeau
Sent: Monday, November 12, 2012 12:39 PM
To:
Subject: [Assurance] question about Credential Issuance Process

 

Hi folks,

 

I’m going to pose a couple of questions in separate thread, as they may not be related:

 

4.2.4.1. Credential issuance process - To ensure that the same Subject acts throughout the registration and Credential issuance process, the Subject shall identify himself or herself in any new transaction (beyond the first transaction or encounter) with information known only to the Subject, for example a temporary Secret which was established during a prior transaction or encounter, or sent to the Subject’s Address of Record. When identifying himself or herself in person, the Subject shall do so either by using a Secret as described above, or through the use of an equivalent process that was established during a prior encounter, or sent to the Subject’s Address of Record. When identifying himself or herself in person, the Subject shall do so either by using a Secret as described above, or through the use of an equivalent process that was established during a prior encounter.

 

 

We think we understand this to mean that a person is verified as the same person throughout the entire first issuance process, but can someone describe a scenario where this might or might not be the case,  to ensure we are interpreting this correctly?  What do institutions do to meet this need?

 

-          Lisa

 

 

 

Lisa Campeau

Team Leader, Identity Management Information

     and System Operations

Data Administration - Admin Information Technologies

3401 Walnut, Suite 265C

Philadelphia, PA  19104-6228

phone 215-573-1951 fax 215-898-0386

 

 


Archive powered by MHonArc 2.6.16.

Top of Page