IGTF One Statement Certificate Policies

Documents authored by the Members of the European Policy Management Authority for Grid Authentication in e-Science (EUGridPMA) and made available under the Creative Commons Attribution 3.0 (unported) license.

Private key protection

• Private Key Protection: Secure Hardware Token
  Assigned OID: { igtf (1.2.840.113612.5) policies (2) one-statement-certificate-policies (3) private-key-protection (1) hardware-token (1) version-1 (1) }
  Formats available: Adobe PDF.
  Managed by: EUGridPMA
  Status: version 1

  This Certificate Policy defines a policy where the private key of a key pair on which a certificate is based is generated, stored, and protected exclusively on a secure hardware token.

  Version history:

  • Version 1.1 (this version): generation now (IGTF-)SHOULD be done inside the token.
  • Version 1: Adobe PDF

• Private Key Protection: Key material held in files
  Assigned OID: { igtf (1.2.840.113612.5) policies (2) one-statement-certificate-policies (3) private-key-protection (1) filebased (2) version-1 (1) }
  Formats available: Adobe PDF.
  Managed by: EUGridPMA
  Status: version 1

  This Certificate Policy defines a policy where the private key of a key pair on which a certificate is based is held on a file system.

  Version history:

  • none

• Private Key Protection: Non-exportable Keys on a Secure Hardware Token
  Assigned OID: { igtf (1.2.840.113612.5) policies (2) one-statement-certificate-policies (3) private-key-protection (1) hardware-token-non-export (3) version-1 (1) }
  Formats available: Adobe PDF.
  Managed by: EUGridPMA
  Status: version 1

  This Certificate Policy defines a policy where the private key of a key pair on which a certificate is based is generated, stored, and protected exclusively on a secure hardware token AND cannot be exported from it.

  Version history:

  • none

Identity vetting

• Identity Vetting: Trusted Third Party mediated
  Assigned OID: { igtf (1.2.840.113612.5) policies (2) one-statement-certificate-policies (3) identity-vetting (2) ttp (1) version-1 (1) }
  Formats available: Adobe PDF.
  Managed by: EUGridPMA
  Status: version 1

  This Certificate Policy defines a policy where the identity vetting is mediated by a trusted third party.

  Version history:

  • none

• Identity Vetting: Face to Face
  Assigned OID: { igtf (1.2.840.113612.5) policies (2) one-statement-certificate-policies (3) identity-vetting (2) face-to-face (2) version-1 (1) }
  Formats available: Adobe PDF.
  Managed by: EUGridPMA
  Status: version 1

  This Certificate Policy defines a policy on identity vetting where the identity vetting is based on a face to face meeting where official photo-identification documents are examined.

  Version history:

  • none

End-entity type

• End-entity definition: a non-human automated client or robot
  Assigned OID: { igtf (1.2.840.113612.5) policies (2) one-statement-certificate-policies (3) entity-definition (3) robot (1) version-1 (1) }
  Formats available: Adobe PDF; Word.
  Managed by: EUGridPMA
  Status: version 1 revision 3

  This Certificate Policy defines a policy where the end-entity is an automated client, also known as robot.

  Version history:

  • revision 1: PDF

• End-entity definition: a networked end-point entity (host)
  Assigned OID: { igtf (1.2.840.113612.5) policies (2) one-statement-certificate-policies (3) entity-definition (3) hostcert (2) version-1 (1) }
  Formats available: Adobe PDF.
  Managed by: EUGridPMA
  Status: version 1

  This Certificate Policy defines a policy where the end-entity is a host or service end point.

  Version history:

  • none

• End-entity definition: a natural person
  Assigned OID: { igtf (1.2.840.113612.5) policies (2) one-statement-certificate-policies (3) entity-definition (3) personal (3) version-1 (1) }
  Formats available: Adobe PDF.
  Managed by: EUGridPMA
  Status: version 1

  This Certificate Policy defines a policy where the end-entity is a natural person.

  Version history:

  • none