From:	kepa.zubeldia@envoy.com
Sent:	Friday, February 26, 1999 5:38 PM
To:	Interop@afehct.org
Subject:	Proposal #7

Requirements for obtaining an "entity certificate" are as follows:

An application for a certificate, using the stationary of the subject 
entity, listing the parameters of the certificate, such as the name 
components, must be signed by two officers of the corporation.  One 
of the two officers must be the "designated security officer" 
according to HIPAA.  The other officer is any corporate officer 
authorized to request certificates on behalf of the corporation.  
Potentially, if these people already have certificates, they could 
digitally sign the application.

The application must be notarized, and the notary attest to the 
identity of the individuals signing it.  Potentially, in the 
future, the Notary could use a digital signature.

In addition to the signed application, the RA will need either a 
copy of the "Certificate of Good Standing" for the corporation, 
issued by the State, or a copy of a certificate of accreditation by 
the corresponding healthcare professional accreditation 
organization, such as the JCAHO, State license, etc.

And, as a third document, the RA will also need a copy of one of 
the following documents:  1) Front page of the Articles of 
Incorporation with the stamp showing they have been filed with the 
state; 2) Dun and Bradstreet report; or 3) Copy of the business 
license.

The registration process will also verify the DNS name, email 
address and/or IP address listed in the certificate.

The RA maintains copies of the documents submitted, either on paper 
or in digital form.  In some cases the RA will forward these to the 
CA, depending on the relationship between the RA and the CA.

The directory entry for these entity certificates will list which 
documents were used by the RA to identify the entity, but will not 
display a digitized copy of the documents themselves.  This 
information (which documents were used for identification) will be 
available in the directory entry but not on the certificate.

The directory entry will also specify who was the RA that verified 
the documents.

Will this work for non-person entities ?  If it will not work, or 
you think something else is needed to identify the entity, or this 
is too strict, please speak up.

Keep in mind that this cert is not a "credentialed" certificate, it 
is just proof of identity for an entity or organization that is not 
a warm bodied person.

Kepa Zubeldia
ENVOY Corporation
Kepa.Zubeldia@envoy.com