cacert-policies/CAcertBookshelf.html

77 lines
17 KiB
HTML
Raw Permalink Normal View History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>CAcert Bookshelf</title><meta name="generator" content="DocBook XSL Stylesheets V1.71.1" /></head><body><div class="set" lang="en" xml:lang="en"><div class="titlepage"><div><div><h1 class="title"><a id="cloud.set"></a>CAcert Bookshelf</h1></div></div><hr /></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="book"><a href="#id406953">CAcert.org Policy Manual</a></span></dt><dd><dl><dt><span class="article"><a href="#cacert.oap">CAcert.org Organisation Assurance Policy</a></span></dt><dd><dl><dt><span class="section"><a href="#cacert.oap.preliminaries">Preliminaries</a></span></dt><dt><span class="section"><a href="#cacert.oap.purpose">Purpose</a></span></dt><dt><span class="section"><a href="#cacert.oap.roles">Roles</a></span></dt><dd><dl><dt><span class="section"><a href="#id1279593">Organisation Assurance Officer</a></span></dt><dt><span class="section"><a href="#id1279669">Organisation Assurer</a></span></dt></dl></dd><dt><span class="section"><a href="#cacert.oap.policies">Policies</a></span></dt><dt><span class="section"><a href="#id1279714">Processes</a></span></dt><dd><dl><dt><span class="section"><a href="#id1279724">Individuals</a></span></dt><dt><span class="section"><a href="#id1279734">Partnerships</a></span></dt><dt><span class="section"><a href="#id1279744">Companies</a></span></dt></dl></dd><dt><span class="section"><a href="#cacert.oap.exceptions">Exceptions</a></span></dt></dl></dd><dt><span class="article"><a href="#id1279764">CAcert.org Organisation Assurance sub-policy for Europe</a></span></dt><dd><dl><dt><span class="section"><a href="#id1279770">Preliminaties</a></span></dt><dt><span class="section"><a href="#id1279847">Scope</a></span></dt><dt><span class="section"><a href="#id1279892">Requirements</a></span></dt><dd><dl><dt><span class="section"><a href="#id1279908">Appoved Registry</a></span></dt><dt><span class="section"><a href="#id1279971">Organisation</a></span></dt><dt><span class="section"><a href="#id1280066">Extract</a></span></dt></dl></dd></dl></dd></dl></dd></dl></div><div class="book" lang="en" xml:lang="en"><div class="titlepage"><div><div><h1 class="title"><a id="id406953"></a>CAcert.org Policy Manual</h1></div><div><div class="author"><h3 class="author"></h3></div></div><div><p class="pubdate">2008-09-16</p></div></div><hr /></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="article"><a href="#cacert.oap">CAcert.org Organisation Assurance Policy</a></span></dt><dd><dl><dt><span class="section"><a href="#cacert.oap.preliminaries">Preliminaries</a></span></dt><dt><span class="section"><a href="#cacert.oap.purpose">Purpose</a></span></dt><dt><span class="section"><a href="#cacert.oap.roles">Roles</a></span></dt><dd><dl><dt><span class="section"><a href="#id1279593">Organisation Assurance Officer</a></span></dt><dt><span class="section"><a href="#id1279669">Organisation Assurer</a></span></dt></dl></dd><dt><span class="section"><a href="#cacert.oap.policies">Policies</a></span></dt><dt><span class="section"><a href="#id1279714">Processes</a></span></dt><dd><dl><dt><span class="section"><a href="#id1279724">Individuals</a></span></dt><dt><span class="section"><a href="#id1279734">Partnerships</a></span></dt><dt><span class="section"><a href="#id1279744">Companies</a></span></dt></dl></dd><dt><span class="section"><a href="#cacert.oap.exceptions">Exceptions</a></span></dt></dl></dd><dt><span class="article"><a href="#id1279764">CAcert.org Organisation Assurance sub-policy for Europe</a></span></dt><dd><dl><dt><span class="section"><a href="#id1279770">Preliminaties</a></span></dt><dt><span class="section"><a href="#id1279847">Scope</a></span></dt><dt><span class="section"><a href="#id1279892">Requirements</a></span></dt><dd><dl><dt><span class="section"><a href="#id1279908">Appoved Registry</a></span></dt><dt><span class="section"><a href="#id1279971">Organisation</a></span></dt><dt><span class="section"><a href="#id1
Policy</em> ("<acronym class="acronym">AP</acronym>") by specifying how
<em class="glossterm">Organisation Assurance</em> ("<acronym class="acronym">OA</acronym>") is
to be conducted by an <em class="glossterm">Organisation Assurer</em>
("<abbr class="abbrev">OrgAssurer</abbr>") under the supervision of the
<em class="glossterm">Organisation Assurance Officer</em>
("<acronym class="acronym">OAO</acronym>").</p><p>This policy is not a <em class="glossterm">Controlled Document</em>, for
purposes of <em class="glossterm">Configuration Control Specification</em>
("<acronym class="acronym">CCS</acronym>").</p></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="cacert.oap.purpose"></a>Purpose</h2></div></div></div><p><em class="glossterm">Organisation Assurance</em> allows an
<em class="glossterm">Organisation</em> to issue
<em class="glossterm">Certificate</em>(s) using CAcert <em class="glossterm">Public Key
Infrastructure</em> (“<span class="quote"><acronym class="acronym">PKI</acronym></span>”).</p></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="cacert.oap.roles"></a>Roles</h2></div></div></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id1279593"></a>Organisation Assurance Officer</h3></div></div></div><p>The <em class="glossterm">Organisation Assurance Officer</em>
(“<span class="quote"><acronym class="acronym">OAO</acronym></span>”) is responsible for
<em class="glossterm">Organisation Assurance</em> and reports to the
<em class="glossterm">Assurance Officer</em>
(“<span class="quote"><acronym class="acronym">AO</acronym></span>”) who in turn reports to the
<em class="glossterm">CAcert Board</em>.</p><p>Responsibilities include:</p><div class="itemizedlist"><ul type="disc"><li><p>Management of all <em class="glossterm">Organisation
Assurer</em>(s)</p></li><li><p>Product management of the process (eg <em class="glossterm">Application
Form</em>, interfaces, etc.)</p></li><li><p>Maintenance of <em class="glossterm">Procedures</em> and
<em class="glossterm">Guidelines</em></p></li></ul></div></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id1279669"></a>Organisation Assurer</h3></div></div></div><p>The <em class="glossterm">Organisation Assurer</em>
(“<span class="quote"><abbr class="abbrev">OrgAssurer</abbr></span>”)...</p></div></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="cacert.oap.policies"></a>Policies</h2></div></div></div><p></p></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id1279714"></a>Processes</h2></div></div></div><p></p><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id1279724"></a>Individuals</h3></div></div></div><p></p></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id1279734"></a>Partnerships</h3></div></div></div><p></p></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id1279744"></a>Companies</h3></div></div></div><p></p></div></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="cacert.oap.exceptions"></a>Exceptions</h2></div></div></div><p></p></div></div><div class="article" lang="en" xml:lang="en"><div class="titlepage"><div><div><h1 class="title"><a id="id1279764"></a>CAcert.org Organisation Assurance sub-policy for Europe</h1></div><div><div class="author"><h3 class="author"><span class="firstname">Teus</span> <span class="surname">Hagen</span></h3><div class="affiliation"><span class="orgname">CAcert, Inc.<br /></span></div></div></div><div><p class="pubdate">2008-09-16</p></div></div><hr /></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="#id1279770">Preliminaties</a></span></dt><dt><span class="section"><a href="#id1279847">Scope</a></span></dt><dt><span class="section"><a href="#id1279892">Requirements</a></span></dt><dd><dl><dt><span class="section"><a href="#id1279908">Appoved Registry</a></span></dt><dt><span class="section"><a href="#id1279971">Organisation</a></span></dt><dt><span class="section"><a href="#id1280066">Extract</a></span></dt></dl></dd></dl></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id1279770"></a>Preliminaties</h2></div></div></div><p>This CAcert sub-policy extends the <em class="glossterm">Organisation Assurance
Policy</em> ("<acronym class="acronym">OAP</acronym>") by specifying how
<em class="glossterm">Organisation Assurance</em> ("<acronym class="acronym">OA</acronym>") is
to be conducted by the assigned <em class="glossterm">Organisation
Assurer</em> ("<abbr class="abbrev">OrgAssurer</abbr>") under the supervision
of the <em class="glossterm">Organisation Assurance Officer</em>
("<acronym class="acronym">OAO</acronym>") for entities within the defined scope.</p></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id1279847"></a>Scope</h2></div></div></div><p>This sub-policy is applicable to:</p><div class="itemizedlist"><ul type="disc"><li><p>Any <em class="glossterm">Organisation</em> registered in Europe
with a pre-approved trade office registry ("<em class="glossterm">Approved
Registry</em>")</p></li></ul></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This follows the European style of Chambers of Commerce (e.g
Chambers of Commerce in continental Europe, Companies House in the
United Kingdom and Ministry of Justice, Finance, or Commerce in Eastern
Europe)</p></div></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id1279892"></a>Requirements</h2></div></div></div><p>This section describes any sub-policy specific requirements that are
not otherwise defined in the <abbr class="abbrev">OAP</abbr>.</p><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id1279908"></a>Appoved Registry</h3></div></div></div><p>An <em class="glossterm">Approved Registry</em>:</p><div class="itemizedlist"><ul type="disc"><li><p>Must follow the general model of a <em class="glossterm">Trade
Office</em> and is thus a formal authority for dealing with
local trade matters</p></li><li><p>Must have an official mandate by law to register certain types
of <em class="glossterm">Organisation</em> (eg sole traders,
partnerships, companies, associations)</p></li><li><p>Must have a search facility service that provides reliable
documentary <em class="glossterm">Record</em> of the registration of an
<em class="glossterm">Organisation</em></p></li></ul></div></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id1279971"></a>Organisation</h3></div></div></div><p>An <em class="glossterm">Organisation</em>:</p><div class="itemizedlist"><ul type="disc"><li><p>Must be registered with an <em class="glossterm">Approved
Registry</em> with an “<span class="quote">active</span>” status or
equivalent.</p></li><li><p>May have zero or more <em class="glossterm">Registered
Name</em>(s) in addition to the name of the <em class="glossterm">Legal
Entity</em>.</p></li><li><p>Must be a distinct <em class="glossterm">Legal Entity</em> (eg
incorporated) OR the constituent <em class="glossterm">Legal
Entity</em>(s) must be identified.</p></li></ul></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>A <em class="glossterm">Legal Entity</em> may have various legal
statuses with different liabilities. The
<em class="glossterm">Organisation</em> may not be capable of legally
becoming a <em class="glossterm">CAcert Member</em>, independently and
separately from the individuals within. The
<abbr class="abbrev">OrgAssurer</abbr> must take care to identify which
individuals are Members, and which are therefore the natural legal
entities behind the names.</p></div></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id1280066"></a>Extract</h3></div></div></div><p><em class="glossterm">Extract</em>(s) supplied by an
<em class="glossterm">Approved Registry</em>:</p><div class="itemizedlist"><ul type="disc"><li><p>Must be obtained by the <abbr class="abbrev">OrgAssurer</abbr> as:</p><div class="itemizedlist"><ul type="circle"><li><p>Original paper <em class="glossterm">Extract</em> obtained
independently from the <em class="glossterm">Approved
Registry</em> by the <abbr class="abbrev">OrgAssurer</abbr></p></li><li><p>Digital <em class="glossterm">Extract</em> obtained online
from the <em class="glossterm">Approved Registry</em> by the
<abbr class="abbrev">OrgAssurer</abbr></p></li><li><p>Digital <em class="glossterm">Extract</em> with a valid,
trusted <em class="glossterm">Digital Signature</em> obtained by
any means</p></li><li><p>Historical supplemental
<em class="glossterm">Extract</em>(s) where it can be shown that
material changes have not been made (e.g., via absence of
subsequent submissions in official document listings)</p></li></ul></div></li><li><p>Must include at least the following information:</p><div class="itemizedlist"><ul type="circle"><li><p><em class="glossterm">Full Name</em> of the <em class="glossterm">Legal
Entity</em></p></li><li><p><em class="glossterm">Unique Identifier</em> of the
<em class="glossterm">Legal Entity</em> within the
<em class="glossterm">Approved Registry</em> (and
<em class="glossterm">Type</em> of <em class="glossterm">Unique
Identifier</em>, eg “<span class="quote">Company
Number</span>”)</p></li><li><p><em class="glossterm">Type</em> of the <em class="glossterm">Legal
Entity</em> (eg “<span class="quote">Limited Liability
Company</span>”)</p></li><li><p><em class="glossterm">Location</em> of the <em class="glossterm">Legal
Entity</em> (which must fall within the
<em class="glossterm">Jurisdiction</em> of the <em class="glossterm">Approved
Registry</em>)</p></li><li><p><em class="glossterm">Representative</em>(s) of the
<em class="glossterm">Organisation</em></p></li></ul></div></li></ul></div><p></p></div></div></div></div></div></body></html>