1. Phillip Hallam-Baker Extended Validation Presentation to ISTTF September 23, 2008 VeriSign/Extended Validation ISTTF Presentation 9/23/2008

2. Overview of Extended Validation Category: Age Verification of Minor Status Launched 2006 (for SSL) 10,000 customers, millions of users daily An industry standard for applying authentication criteria to organizations supported by 3 major browser providers and 30 Issuers Represents a state of the art understanding of the technical/legal/liability issues. ISTTF Presentation 9/23/2008

3. Overview of Proposed Market Child obtains OpenID (or SAML) credential – Can be from any accredited provider – Can employ any strong authentication technique E.g VeriSign supports OATH standard OTP token Child applies for accreditation from school School, identity provider are validated by CA – CA applies EV criteria extended for application CA is audited by WebTrust each year ISTTF Presentation 9/23/2008

4. Overview of Extended Validation Detailed, auditable criteria for verifying the identity of an organization and determining that it is accountable. – These criteria may be extended to schools, churches The CA/Browser forum criteria for SSL will not be directly applicable to this application but: – Extensive practical experience has been gained – Commercial issuers exist – Commercial auditors exist – The criteria were designed with extension in mind ISTTF Presentation 9/23/2008

5. Options 1.Create a parallel organization to CA/B forum – Can use EV criteria as a starting point – Would likely involve many of the same Cas 2.Extend CA/B Forum – Would require a major re-organization – Pro: provides international reach – Pro: avoid proliferating organizations – Con: AC/B Forum already has a mission ISTTF Presentation 9/23/2008

6. Q&A Phillip Hallam-Baker pbaker@verisign.com ISTTF Presentation 9/23/2008