[cabf_validation] Validation Subcommittee - minutes of meeting held
realsky at cht.com.tw
Sat Feb 16 07:02:04 MST 2019
I was present via CISCO WebEx. Thanks
From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of Bruce
Morton via Validation
Sent: Saturday, February 16, 2019 2:25 AM
To: CA/Browser Forum Validation WG List
Subject: [外部郵件] [cabf_validation] Validation Subcommittee - minutes of
meeting held 14-Feb-2019
Present: Wayne Thayer, Ben Wilson, Doug Beattie, Dean Coclin, Ryan Sleevi,
Bruce Morton, Steve Roylance, Rich Smith, Christof? [BM - I did not record
the attendees, nor were the names on the recording, so this could be
1. Assign minutes / start recording
2. LEI discussion
3. IDN encodings and related issues
4. Topics for F2F agenda
5. Pending ballots
1. Bruce Morton was assigned to take minutes and Ben started the recording.
2. LEI Discussion
There was no agenda for the LEI discussion. There were some previously
discussed issues presented.
- Do LEIs meet the BR standard for OU?
- LEI information may change over time. The company name may change.
- LEI indication in the certificate is a lookup to other data source which
the CA does not verify.
- How are LEIs assigned or reused?
- If there changes can the history be reviewed? Is it time-stamped?
- LEI is a 20 digit alpha-numeric code with no meaning
- One legal entity has one LEI code ever and no LEI code is ever reused
- If a legal entity is acquired but is independent, then it would keep its
- If a legal entity is acquired, but is not independent, then it would be
merged, but the LEI code will remain as retired. Steve Roylance provided an
How do we make sure that the LEI code was assigned to the legal entity at
the time of CA validation? How can you cross-check that the CA validated the
- The full history of the reference data is on the site and updated 3 times
- If the data changes, then it will be updated in the LEI database. So an
address update will be updated.
What guidelines are there for the Local Organization Units (LOUs) to ensure
the data is reliable for all LOUs?
- There is an LOU accreditation process which verifies all processes and
procedures. LOU's are revalidated. LOU's may be asked or additional
information if there is suspicion that the quality is not met. LOU's may be
asked for a remediation plan. An onsite audit may be required.
- There is a challenge process that anyone can open, which the LOU has to
What is the validation process for a CA to match an LEI to a legal entity?
What are the edge cases?
- Rich Smith stated that he would look for a one-to-one match of information
about the entity and the LEI data. Would not allow the data unless it is
- Fully corroborated means that all fields have been verified. Partly
corroborated may mean that only one piece of data was not verified.
Ryan was concerned about using GLEIF as a QIIS. More discussion is required.
Steve Roylance provided best practice LEI and certificates
Agenda items 3, 4 and 5 were not discussed
Validation mailing list
Validation at cabforum.org
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.
More information about the Validation