This is going to be a sticky issue. But I recommend that if you do this
it be done this way:
Anyone wishing to verify a candidate's status would have to do the
following (and via Apache w/ SSL or some other secure server):
1. enter both the candidates last name and an LPI assigned ID number
2. enter their own e-mail address
(They would only receive information regarding the date and level of
current certification(s), nothing about failures or attempts or even
scores.)
3. have a way for candidates to receive an e-mail (if desired) with the
e-mail of the querying party (and a secure way to change this option at
any time)
4. let those who are querying the database know beforehand that the
candidate may receive information regarding the query.
I am not familiar with the laws of many countries, but some are
sticklers for privacy. Records of accesses will need to be maintained
(the suggested Apache w/ SSL will log this). This is assuming the laws
of all countries with candidates even allows what is suggested in the
contents of this message. Otherwise, some dispensation would be
required for that candidate (obviously).
Ciao,
David A. Bandel
________________________________________________________________________
This message was sent by the linux-cert mailing list. To unsubscribe:
echo unsubscribe | mail -s '' [EMAIL PROTECTED]
