Fixed additional typos. Added explaination of NIS2.

Punktum-dk · Mar 8, 2024 · fb88956 · fb88956
1 parent 1c9dae5
commit fb88956
Showing 1 changed file with 44 additions and 4 deletions.
diff --git a/Contact-Identity-Verification-Draft.md b/Contact-Identity-Verification-Draft.md
@@ -6,10 +6,30 @@ Date: 2024-03-08
 ## Introduction
 This document serves as a draft design covering all technical aspects related to facilitating contact ID verification between registrars and Punktum dk, aligning with the NIS2 directive.
 
+NIS2 refers to the revised version of the Network and Information Systems Directive, a regulatory framework implemented by the European Union to enhance the overall cybersecurity posture of its member states.
+
+### What is NIS2?
+The NIS2 directive focuses on bolstering the resilience of critical information infrastructure, such as communication networks, cloud computing services, and digital service providers. It aims to ensure a high common level of cybersecurity across the European Union, promoting a collaborative and coordinated approach to handling cybersecurity incidents.
+
+### Key Objectives of NIS2:
+Increased Security Measures:
+NIS2 emphasizes the adoption of robust security measures by operators of essential services (OES) and digital service providers (DSPs). This includes implementing measures to prevent and minimize the impact of cybersecurity incidents.
+
+Incident Reporting Requirements:
+The directive mandates OES and DSPs to report significant cybersecurity incidents to the competent national authorities. This facilitates a timely and coordinated response to cyber threats, ultimately enhancing the overall cybersecurity resilience of critical services.
+
+Cooperation and Information Sharing:
+NIS2 encourages collaboration and information sharing among member states, competent authorities, and relevant stakeholders. This cooperative approach aims to address cross-border cybersecurity challenges effectively.
+
+### Alignment with the Contact Identity Verification Draft:
+The Contact Identity Verification Draft has been designed with the principles outlined in the NIS2 directive in mind. By aligning with NIS2, the draft ensures that the contact ID verification process not only complies with technical and legal requirements but also contributes to the overarching cybersecurity goals set forth by the European Union.
+
+In summary, the integration of NIS2 principles into the Contact Identity Verification Draft underscores the commitment to a standardized and secure approach in managing identity verification processes within the regulatory framework of the European Union.
+
 ## Requirements
 The primary objective of the proposed solution is to implement minimal changes to existing integrations, ensuring compliance with all legal and technical requirements. The solution should encompass the following key elements:
 
-1. Enable registrars to inform the registry about completed itendity verification before registrant creation in the registry systems.
+1. Enable registrars to inform the registry about completed identity verification before registrant creation in the registry systems.
 2. Allow registrars to update the registry on identity verification status changes for existing registrants. This includes modifications to the existing registrant information, triggered by any changes in identity verification status (e.g., from 'pending' to 'verified' or 'verified' to 'unverified').
 3. Give registrars the ability to query the registry for the current identity verification status of all registrants under their management.
 4. Implement asynchronous messaging to update registrars on registrant identity verification status changes in the registry.
@@ -29,23 +49,43 @@ A new extension, `<dkhm:id-verification>`, will be incorporated into contact.cre
 - `verified` indicates that identity control has been performed, and relevant documentation has been reviewed and approved by Punktum dk.
 - `rejected` indicates that identity control has been performed, and relevant documentation has been reviewed and rejected by Punktum dk.
 - `pending` indicates that identity control has been requested and currently awaits a response from the contact.
-- `unverified` indicates that identity control has not been completed nor initiated on the contact. Setting this value on contact.create commands specifies that Punktum dk is requested to handle the identity verification process. For contacts residing in Denmark, this automatically triggers a request for identity veritication using MitID, whereas foreign contacts will be subjected to a risk-based evaulation of the provided data, and a manual identification requests will be initiated, if deemed necessary by the risk evaluation results.
+- `unverified` indicates that identity control has not been completed nor initiated on the contact. Setting this value on contact.create commands specifies that Punktum dk is requested to handle the identity verification process. For contacts residing in Denmark, this automatically triggers a request for identity verification using MitID, whereas foreign contacts will be subjected to a risk-based evaulation of the provided data, and a manual identification requests will be initiated, if deemed necessary by the risk evaluation results.
 
 The reason for distinguishing between electronic and documentation-based means of identification is due to the fact that using eID solutions provides instantaneous verification of the contact, compared to document-based identity verification, where a waiting period will occur while awaiting receiving documentation from the contact.
 
 In cases where Punktum dk is responsible for performing the verification process, the `pending` status will be relevant to allow the registrar to follow the ongoing status of the verification process.
 
 ## Notification of Identity Verification Status Changes
-As the verification handled by Punktum dk requires actions to be performed by the contact, the registrar needs to be informed as soon as the identity verification status changes. Notifications on status changes will be issued to the registrar via poll messaging or email, based on the specific communication settings configured in the Registrar Portal.
+As the verification handled by Punktum dk requires actions to be performed by the contact, the registrar needs to be informed as soon as the identity verification status changes. Notifications on status changes will be issued to the registrar without delay via poll messaging or email, based on the specific communication settings configured in the Registrar Portal.
 
 ## Limitations
 * Registrars are only able to provide statuses `eid`, `verified` and `unverified` during contact creation. `pending` and `rejected` are statuses reserved for Punktum dk identity verification process.
-* Once a contact has been assigned status `eid` or `verified` these statuses are locked and cannot been changed.
+* After a contact has been assigned the status of `eid` or `verified`, these statuses are immutable and cannot be altered
 
 ## Questions
 * Is it relevant for registrars to be able to update contact verification status from `unverified` to `verified` or `eid` on already existing contacts?
 * Should pending identity verification requests fall back to status `unverified` upon expiration or would a status `expired` be useful?
 
+## Providin Feedback
+Your input is valuable in refining and improving the Contact Identity Verification Draft. If you have suggestions, comments, or concerns, we encourage you to share your feedback. Your contributions can help enhance the clarity, effectiveness, and completeness of the document.
+
+#### How to Provide Feedback:
+
+1. **GitHub Issues:**
+   - The preferred method for submitting feedback is through GitHub Issues. Visit the [repository's issue tracker](https://github.com/Punktum-dk/epp-service-specification/issues) and create a new issue.
+   - Clearly outline your feedback, providing specific details and context where necessary.
+   - Tag the issue appropriately, such as "enhancement," "clarification," or "bug," to help categorize and prioritize the feedback.
+
+2. **Pull Requests:**
+   - If you have concrete suggestions for changes or improvements, you can submit a pull request.
+   - Fork the repository, make your changes, and submit a pull request for review.
+   - Include a brief description of the changes made and the rationale behind them.
+
+3. **Contacting Punktum dk:**
+   - If you prefer direct communication, you can reach out to Punktum dk through the contact information provided on our official website or relevant communication channels.
+
+Your feedback is essential in ensuring the Contact Identity Verification Draft meets the needs of its users. Punktum dk appreciates your time and effort in contributing to the refinement of this important document.
+
 ## Document History
 Revision: 1.0
 Date: 2024-03-08