Versions Compared

Old Version 4

changes.mady.by.user Unknown User (marita.gustavsen@vipps.no)

Saved on

compared with

New Version 5

changes.mady.by.user Lise Aas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

RoleNameContact information
Coordinator

PKI

App


Before the ceremony:

StepDescriptionResponsibleTaskDeadlineStatusDocuments and notes
1)
Initiate steps
BITS ApprovalThe respective TSP or Bank will require BITS approval for the following move or merger before ordering an RA ceremony.

TSP or Bank

  1. Need to be describe from TSP/Bank side
  2. Send it to: as@bits.no



Status
titlePlanning

Status
colourYellow
titleIn progress

Status
colourGreen
titlecompleted


2) Internal steps

The respective TSP or Bank will require to have in place internal routines for move or merger of RA's.

Such as:

  • How to deal with the OTP tokens
  • End user impact
  • Information to end users
  • How to deal with logs and how/who to archive (admin logs for certificates)
TSP or Bank

Status
titlePlanning

Status
colourYellow
titleIn progress

Status
colourGreen
titlecompleted


3) Formal order to Vipps

The respective TSP or Bank have to create and send a formal order to Vipps. Either on a signed or electronically signed document by TSP or Bank.

This order should contain:

  • The purpose of the move or merger of the mention RA
  • Detailed move or merger from and to what CA
TSP or Bank

Status
titlePlanning

Status
colourYellow
titleIn progress

Status
colourGreen
titlecompleted


4) Order forms to Vipps

The respective TSP or Bank have to fill out required order forms and send it to Vipps signed before or during the RA ceremony.

A copy must be sent before the RA ceremony.

Order forms templates can be found here: Order forms and information

TSP or Bank

Status
titlePlanning

Status
colourYellow
titleIn progress

Status
colourGreen
titlecompleted


5) Make sure that the prerequisites are in order

RA XML request and Primary CAO token "Dongle"

The RA XML request must be created on the TSP system, for example through HAT tool. Primary CAO token is normally stored in a safe at the respective TSP (CA responsible). 

The respective Key Custodian for the TSP is responsible to carry and bring the RA XML request and the Primary CAO token "dongle" to the RA ceremony.

USB stick and Identification

Vipps recommend that Key Custodian always bring a new and unused USB stick and approved identification such as passport or driver license. If the Key Custodian is a non-Norwegian citizen, they must bring their passport. 

Key custodian for TSP

Status
titlePlanning

Status
colourYellow
titleIn progress

Status
colourGreen
titlecompleted


6) RA ceremony coordination

Vipps will ensure that the following is in place, before going further:

  •  BITS approval - If not provided by the TSP or Bank, contact BITS and verify
  •  Formal Order received
  •  Order forms
    •  Signed - Naming of RA (Required)
    •  Signed - Revoke RA XML Request (Optional)
  •  TSPs Primary CAO token
  •  TSPs/Bank RA XML Request

If all is in place: all stakeholders align and agree on date and time for the following:

  1. RA ceremony
  2. Activation of New RA XML Sign Certificate
  3. Switchover 
  4. Revoke RA XML (Optional)

Normally step 2, 3 and 4 happens within the same 24h.

Vipps

Status
titlePlanning

Status
colourYellow
titleIn progress

Status
colourGreen
titlecompleted


7) Invitations

Vipps are to invite for RA ceremony and the Switchover. These invitation should contain, but not limited to:

  • Purpose and description
  • Date
  • Time
  • Duration
  • Virtual Meeting Link or Address
  • Attendees and contact points
  • Information on what to bring
Vipps

Status
titlePlanning

Status
colourYellow
titleIn progress

Status
colourGreen
titlecompleted


Ceremony:

The Key Custodian for the respective TSPs is on-site with their Primary CAO token and the RA XML sign request.

...