As an iVDGL Registration Authority (RA) sponsor for a site or organization you are an important link in the chain of verification necessary to process certificate requests made to the DOEGrids CA. In order to maintain the integrity of the verification process and the DOEGrids CA as a whole it is extremely important that you strictly follow the instructions and guidelines below when working in collaboration with the iVDGL RA Point of Contact (POC) to verify the authenticity of certificate requests.

Details of the iVDGL RA operational procedures may be found in Appendix I of the DOEGrids Certificate Policy and Certificate Practice Statement. For convenience the process is explained below.

1. A user or administrator submits a request for a personal, host, or service certificate as detailed within the links on the left. The submission contains your name as sponsor.
   
   
2. Upon submission of the request the iVDGL RA POC is notified by insecure email that a request has been submitted.
   
   
3. The POE securely retrieves the request details from the DOEGrids CA (using a secure web connection).
   
   
4. The POE notifies you as the sponsor via email that a request has been made with you listed as sponsor. Included in the email is the full name of the requestor, the phone number of the requestor, the email address of the requestor, and the subject name of the certificate request.
   
   
5. You as the sponsor communicate securely with the requestor and verify the details of the request, specifically the subject name of the request.

   Note that the following means of secure communication are acceptable:

   • Face-to-face conversation
   • Telephone converstations between iVDGL RA sponsors
   • Telephone converstations between individuals already personally known to each other from face-to-face conversations, provided both are capable of recognizing the other's voice
   • Secure digitally signed email between individuals with certificates from the DOEGrids CA.
   
   Note that regular email or email signed with any other certificate or using any other encryption mechanism (PGP or the like) is not acceptable.
   
   
6. You as the sponsor communicate securely with the POC and relay your verification. Forms of secure communicate are the same as those detailed above.

   Note: Sponsors associated with the LIGO project should contact the Group Leader for Data and Computing at the LIGO Laboratory (currently Albert Lazzarini), who will in turn contact the iVDGL POC and relay your verification.
   
   

7. The POC signs the certificate request.
   
   
8. The user or administrator is notified via email that the signed certificate is available to be retrieved.

Since schedules are tight and people are busy it is most efficient for you as a sponsor to communicate with the iVDGL RA POC and relay your verification of a request via digitally signed email. Note that emails signed using a certificate issued by the DOEGrids CA are the only acceptable forms of digitally signed email.

It can be difficult to find email clients that work well with X.509 certificates (this capability is also referred to as S/MIME support). We recommend Netscape Communicator 4.7x for Linux, most flavors of UNIX, and Microsoft Windows. It also appears that the new Netscape 7.0 includes support for S/MIME on a number of platforms including Mac OS X.

To make your DOEGrids Personal Certificate available for signing email in Netscape Communicator be sure to check the appropriate box when retrieving your signed certificate from the DOEGrids CA or when importing your certificate into Communicator.

You may also find it convenient to setup a seperate email address at your institution or on your host specifically for sending and receiving digitally-signed email.