Goals

The goal is to provide global policies that are valid for all EEs.

Background and Strategic Fit

The Policy Generator (PG) prepares a Global Policy File (GPF) that includes all global policies that are relevant to the EEs. The PG makes the GPF available to all SCMS components. The RA decides which of the global policies in the GPF are relevant for the EEs under that RA’s jurisdiction, determines specific values within option ranges allowed in the GPF, and creates an RA-specific Local Policy File (LPF) containing this information. The RA sends its LPF to the PG for approval and signature. The RA updates its LPF whenever there is a change in the GPF that affects the information in its LPF, and subsequently makes its current LPF available to all EEs within its jurisdiction.

Assumptions

  • The PG will generate a Global Policy File (GPF), which includes global policies relevant for EEs, as listed in Step 18.1: Policy Configuration Options
  • The PG will make the GPF available to all RAs
  • The RA will combine policy fields in the GPF that are relevant to the EEs under its jurisdiction with its particular local policy fields relevant to those EEs
  • The RA will send its combined local policy file to PG for assessment of compliance with all relevant global policies
  • If approved, the PG will sign the RA-specific integrated policy file (local policy file - LPF) and send it back to the appropriate RA
  • The RA will make the RA-specific integrated policy file (local policy file - LPF) available to all EEs within its jurisdiction
  • The RA will convey changes to the global policies that affect EEs to all EEs within its jurisdiction through an updated LPF

Design

Whenever there is a change in global policies that affect EEs, the RA constructs an updated version of its own LPF, gets its LPF approved (and signed) by the PG, and then makes the LPF available to the EEs within that RA's jurisdiction, i.e., whenever the EE submits a new certificate request, or otherwise contacts the RA, as appropriate. In the cases where the EE software and hardware can still support the global changes in the system, the EE will implement the changes upon receipt of the LPF containing those changes. If the policy changes are too significant for the EE to continue being functional, the EE may need to be updated or else possibly operate in a legacy mode. This could likely be managed by the relevant RA within the restrictions of global policies, but is out-of-scope for POC.