...
The Hawaii Longline Logbook E-signature Evaluation has concluded that OMB Assurance Level 1 (little or no confidence in the asserted identity) was appropriate for the Hawaii Longline Logbook. This was a considered decision justified by low likelyhood of occurrence, mostly low impact of harm, and multiple and strong mitigating controls, including: multiple and sometimes counter-balancing sources of information; permitted entities with an ongoing trusted relationship with NMFS; a rigorous certification process for e-logbook applications; and unique identifiers on each e-logbook submission. Although the evaluation concluded that an OMB Assurance Level 1 was appropriate, registration to submit logbooks electronically and association of e-logbook registration with fishing permits are features of the proposed system. But since the existing permit process does not explicitly verify an individual's identity these features do not qualify the proposed system as OMB level 2.
document the The proposed identity assertion, person proofing, and registration , with particular attention to binding and non-repudiation, and reference a broader discussion of starts with a permit holder completing a NMFS electronic logbook agreement, establishing a linkage between the permit, the permit holder, and the fishing vessel operator who is authorized to submit electronic logbooks for that permit. more?... (See Identity Assertion, Person Proofing and Registration for a broader discussion of these issues and alternatives.)
Terms and conditions presented during registration and the signing ceremony contribute to binding the transaction to the entity and non-repudiation.
_and reference (See terms and conditions and signing ceremony for a broader discussion of terms and conditions and signing ceremony alternativesDocument binding and document integrity aspects contribute to to these issues and alternatives.) Terms and conditions specified during the registration process include the following statement on the paper form just above the required signature block:
| Panel | ||
|---|---|---|
| ||
Terms and conditions presented during the signing ceremony (when the vessel operator has entered logbook data into the e-logbook program and is saving the data or when the vessel operator is exporting data to portable media for submission to NMFS) includes the following statement just above the required signature block:
| Panel | ||
|---|---|---|
| ||
Technically the transaction data is bound to entity identity data by a shared identifier (permit number) in the registration data (electronic logbook agreement), the permit database, and in e-logbook submissions. Further binding could be established by asking the e-logbook vendor to correlate customer identities to the unique keys which are embedded in each installation of certified e-logbook software. (See document binding and integrity for a broader discussion of these issues and alternatives.)
Technical controls for document integrity and audit trails also contribute to binding the transaction to the entity and non-repudiation.
_and reference a broader discussion of document binding and integrity alternatives, but those controls are more appropriately discussed in the next section.