srdavidson
commented
2 years ago a new method 3.2.4.1 (7) was added for "Affiliation from company attestation" to address affiliation in the absence of an Enterprise RA.
The separate issue of whether a representative of validated organisation may be a "one off RA" needs to be discussed separately.
For sponsor-validated certificates with Enterprise RA, the validation of the individual identity information can be based on Enterprise RA records (section 3.2.4.1 option 4). For non-Enterprise RA sponsor-validated certificates, there is no equivalent option to rely on an attestation made by the sponsor for the individual identity information (e.g. first name, last name).
Would it be possible to introduce the option to rely on attestation of the validated sponsor in the same way as we would rely on the Enterprise RA records if it meets the same requirements (Section 1.3.2 and Section 8.8) for individual identity information?