martin wrote: > Dear All, > > The current, well received text about CRM compatibility we are preparing to > propose as ISO > amendment, contains the following last phrase, which caused comments on what > the certification procedure will be: > > A) The provider should be able to demonstrate the claim with suitable test > data. A third party should be able to verify the claim with > suitable test data. > > One alternative is this: > B) > The provider should be able to demonstrate the claim with suitable test data > and the grant of a certificate by a certification authority > (CA). A trusted third party recognised as a CA in this practice area, > should be able to verify the credentials of the provider applying > for such certificate and thus, of its claim with suitable test data,before > issuing the certificate so that the users can trust the > information in the CA certificates. > > In any case, the provider should be able to demonstrate its claim according > to certain procedures included in any applicable certificate > practice related statement and must also comply with any applicable > certification policies of the respective CA. > > Second alternative: > C) > The provider should be able to demonstrate the claim with suitable test data. > The provider should be able to demonstrate its claim according > to certain procedures included in any applicable certificate practice related > statement. > The provider should either make evidence of these procedures publicly > available, so that any third party should be able to verify the claim > with suitable test data, or acquire a certificate by a certification > authority (CA). A trusted third party recognised as a CA in this > practice area, should be able to verify the credentials of the provider > applying for such certificate and thus, of its claim with suitable > test data, before issuing the certificate so that the users can trust the > information in the CA certificates. May I add an alternative?: (It is a variant of C) D) The provider is able to demonstrate the claim with suitable test data. The test data consist either of a controlled vocabulary as a subset of the text specification ISO 21127:2006 (:2008/9) or in a formal language . A set of test data is provided by the CRM SIG.
The provider should either make evidence of these procedures publicly available, so that any third party is able to verify the claim with suitable test data, or acquire a certificate by a CRM certification authority (CA). A trusted third party recognized as a CRM CA in this practice area, is able to verify the credentials of the provider applying for a CRM certificate and thus, of its claim with suitable test data, before issuing the CRM certificate so that users can trust the information in the CA CRM certificates. Any company or group who wishes to be recognized as CRM CA request this status at the CRM SIG. Best Bernhard > > Please vote on these alternatives until Thursday morning. Reply either to > crm-sig or to [email protected], in case you would not like your > vote to become public. > > Best, > > Martin > -- ************************************************************* Bernhard Schiemann, Dipl. Ing. Artificial Intelligence Division Department of Computer Science University of Erlangen-Nuremberg Haberstr. 2, D-91058 Erlangen, Germany Tel.: +49-9131-85-28984 Fax : +49-9131-85-28986 Email: [email protected] http://www8.informatik.uni-erlangen.de/inf8/en/schiemann.html To verify my keys, please use gpg keyserver: pgp.mit.edu *************************************************************
<<attachment: schiemann.vcf>>
signature.asc
Description: OpenPGP digital signature
