A registration authority (RA) is an entity that is trusted by the certification authority to register or vouch for the identity of users to a certification authority. An RA focuses on identifying and authenticating users; it does not sign or issue digital certificates. However, it is required to comply with preset standards for verifying a person’s identity.
In the registration process an applicant undergoes identity proofing by a trusted registration authority. If the RA is able to verify the applicant’s identity, the CSP registers or gives the applicant a token and issues a credential as needed to bind that token to the identity or some related attribute. The applicant is now a subscriber of the CSP and may use the token as a claimant in an authentication protocol.
The RA may be a part of the CSP, or the RA may be a separate and independent entity; however a trusted relationship always exists between the RA and CSP. Either the RA or CSP must maintain records of the registration. The RA and CSP may provide services on behalf of an organization or may provide services to the public. The processes and mechanisms available to the RA for identity proofing may differ as a result. Where the RA operates on behalf of an organization, the identity proofing process may be able to leverage a pre-existing relationship (e.g., the applicant is employee or student). Where the RA provides services to the public, the identity proofing process is generally limited to confirming publicly available information and previously issued credentials.