THIS IS A WORKING DRAFT AT THIS POINT
Someone who manages the VeraId setup for an organisation (like
- Provision DNSSEC and VeraId server.
- Rotate asymmetric key (i.e., simply update DNS).
- Onboard member.
- Offboard member.
A member can be either a user or a bot. Users have unique names under the organisation (like
acme.com). Bots, on the other hand, don’t have names because they’re meant to act on behalf of the organisation – but organisation admins can still assign them names privately for internal organisation purposes.
- Provision certificate for use in a given service.
- Deprovision/revoke certificate.
A developer building software that produces VeraId signatures.
- Import certificate using VeraId library.
- Periodically renew certificate using VeraId library.
- Produce signatures using VeraId library.
A developer building software that verifies VeraId signatures.
- Implement verification of contents with VeraId library.
An end user of an app that verifies VeraId signatures.
No human intervention needed.
An individual or team that defines the parameters to be honoured by signature producers and verifiers. Parameters include: OID of the service and maximum TTL of digital signatures (from DNSSEC answer).