2008-06-30 17:48:01 +00:00
|
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
2008-07-03 20:00:19 +00:00
|
|
|
<html><head>
|
|
|
|
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8"><title>Assurance Policy</title>
|
|
|
|
|
|
|
|
<meta name="CREATED" content="20080530;0">
|
2008-07-07 13:32:49 +00:00
|
|
|
<meta name="CHANGEDBY" content="Teus Hagen">
|
2008-07-09 10:49:24 +00:00
|
|
|
<meta name="CHANGED" content="20080709;12381800">
|
2008-07-03 20:00:19 +00:00
|
|
|
<meta name="CREATEDBY" content="Ian Grigg">
|
|
|
|
<meta name="CHANGEDBY" content="Teus Hagen">
|
|
|
|
<meta name="CHANGEDBY" content="Robert Cruikshank">
|
|
|
|
<meta name="CHANGEDBY" content="Teus Hagen">
|
|
|
|
<style type="text/css">
|
|
|
|
<!--
|
|
|
|
P { color: #000000 }
|
|
|
|
TD P { color: #000000 }
|
|
|
|
H1 { color: #000000 }
|
|
|
|
H2 { color: #000000 }
|
|
|
|
DT { color: #000000 }
|
|
|
|
DD { color: #000000 }
|
|
|
|
H3 { color: #000000 }
|
|
|
|
TH P { color: #000000 }
|
|
|
|
-->
|
2008-07-09 10:49:24 +00:00
|
|
|
</style></head>
|
2008-07-14 17:46:02 +00:00
|
|
|
|
2008-07-03 20:00:19 +00:00
|
|
|
<body style="direction: ltr; color: rgb(0, 0, 0);" lang="en-GB">
|
|
|
|
<h1>Assurance Policy for CAcert Community Members</h1>
|
|
|
|
<p><a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" name="graphics1" alt="CAcert Policy Status" align="bottom" border="0" height="33" width="90"></a>
|
|
|
|
<br>
|
2008-07-09 15:42:37 +00:00
|
|
|
Editor: Teus Hagen<br>
|
2008-07-03 20:00:19 +00:00
|
|
|
Creation date: 2008-05-30<br>
|
2008-07-09 15:42:37 +00:00
|
|
|
Last change by: Iang<br>
|
2008-07-14 17:46:02 +00:00
|
|
|
Last change date: 2008-07-14 18:00 MET<br>
|
|
|
|
Status: DRAFT 2008-07-12<br>
|
|
|
|
Next status: POLICY 2008-09-30 </p>
|
|
|
|
|
|
|
|
<h2><a name="0">0.</a> Preamble</h2>
|
|
|
|
<h3><a name="0.1">0.1.</a> Definition of Terms</h3>
|
2008-07-03 20:00:19 +00:00
|
|
|
<dl>
|
2008-07-09 10:49:24 +00:00
|
|
|
<dt><i>Member</i> </dt>
|
2008-07-03 20:00:19 +00:00
|
|
|
<dd> A Member is an individual who has agreed to the CAcert
|
2008-07-14 17:46:02 +00:00
|
|
|
Community Agreement
|
|
|
|
(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php" target="_blank">CCA</a>)
|
|
|
|
and has created successfully
|
2008-07-07 13:32:49 +00:00
|
|
|
a CAcert login account on the CAcert web site. </dd>
|
2008-07-09 10:49:24 +00:00
|
|
|
<dt> <i>Assurance</i> </dt>
|
2008-07-03 20:00:19 +00:00
|
|
|
<dd> Assurance is the process by which a Member of CAcert
|
2008-07-07 13:32:49 +00:00
|
|
|
Community (Assurer) identifies an individual (<span lang="en-US">Assuree</span>).
|
|
|
|
</dd>
|
|
|
|
<dt> <i>Prospective Member</i> </dt>
|
2008-07-14 17:46:02 +00:00
|
|
|
<dd> An individual who participates in the process of Assurance,
|
|
|
|
but has not yet created <s>successfully</s> a CAcert login account. </dd>
|
2008-07-09 10:49:24 +00:00
|
|
|
<dt> <i>Name</i> </dt>
|
2008-07-14 17:46:02 +00:00
|
|
|
<dd> A Name is the full name of an individual.
|
|
|
|
<s> <br> with all
|
2008-07-07 13:32:49 +00:00
|
|
|
components of that name.</dd>
|
2008-07-14 17:46:02 +00:00
|
|
|
(Title(s), first name(s), family name(s), name extensions,
|
2008-07-07 13:32:49 +00:00
|
|
|
abbreviation of name(s), etc. <br>
|
|
|
|
The Name is technically spoken a string exactly taken e.g. from a
|
2008-07-14 17:46:02 +00:00
|
|
|
governmental issued photo ID.) </s>
|
|
|
|
</dd>
|
2008-07-09 10:49:24 +00:00
|
|
|
<dt> <i>Secondary Distinguishing Feature</i>
|
2008-07-14 17:46:02 +00:00
|
|
|
</dt>
|
|
|
|
<dd> <b> An additional personal data item of the Member
|
|
|
|
that assists discrimination from Members with similar full names.
|
|
|
|
Currently this is the Date of Birth (DoB). </b>
|
|
|
|
<s> A Name for an individual is discriminated from similar
|
2008-07-07 13:32:49 +00:00
|
|
|
full names by a secondary distinguished feature, as recorded on the
|
|
|
|
on-line CAcert (web) account. <br>
|
2008-07-14 17:46:02 +00:00
|
|
|
(Currently this is the date of birth (DoB) of the individual. )</s>
|
|
|
|
</dd>
|
2008-07-03 20:00:19 +00:00
|
|
|
</dl>
|
2008-07-14 17:46:02 +00:00
|
|
|
|
|
|
|
<h3><a name="0.2">0.2.</a> The CAcert Web of Trust</h3>
|
|
|
|
<p><b>In face-to-face meetings,
|
|
|
|
an Assurer allocates a number of Assurance Points
|
|
|
|
to the Member being Assured.
|
|
|
|
CAcert combines the Assurance Points
|
|
|
|
into a global <i>Web-of-Trust</i> (or "WoT").</b>
|
|
|
|
<s><br> At each Assurance one allocates a number of Assurance Points,
|
|
|
|
-applied to the assured Member. By combining the Assurances, and the
|
|
|
|
-Assurance Points, CAcert constructs a global <i>Web-of-Trust</i> </s> </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
<p>CAcert explicitly chooses to meet its various goals by
|
2008-07-14 17:46:02 +00:00
|
|
|
construction of a Web-of-Trust of all Members.
|
|
|
|
<s> This is done by
|
|
|
|
-face-to-face meetings, identifying and sharing claims in a network.</s>
|
|
|
|
Maintaining a sufficient strength of the Web-of-Trust is a
|
2008-07-03 20:00:19 +00:00
|
|
|
high-level objective of the Assurance process. </p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<h3><a name="0.3">0.3.</a> Related Documentation</h3>
|
2008-07-03 20:00:19 +00:00
|
|
|
<p>Documentation on Assurance is split between this Assurance
|
|
|
|
Policy
|
|
|
|
(AP) and the <a href="http://wiki.cacert.org/wiki/AssuranceHandbook2" target="_blank">Assurance
|
|
|
|
Handbook</a>. The policy is controlled by Configuration Control
|
|
|
|
Specification (<a href="http://wiki.cacert.org/wiki/PolicyDrafts/ConfigurationControlSpecification" target="_blank">CCS</a>)
|
|
|
|
under Policy on Policy (<a href="http://www.cacert.org/policy/PolicyOnPolicy.php" target="_blank">PoP</a>)
|
2008-07-14 17:46:02 +00:00
|
|
|
policy document regime. Because Assurance is an active area, much
|
2008-07-01 19:48:57 +00:00
|
|
|
of the practice is handed over to the Assurance Handbook, which is
|
|
|
|
not a controlled policy document, and can more easily respond to
|
2008-07-03 20:00:19 +00:00
|
|
|
experience and circumstances. It is also more readable. </p>
|
|
|
|
<p>See also Organisation Assurance Policy (<a href="http://www.cacert.org/policy/OrganisationAssurancePolicy.php" target="_blank">OAP</a>)
|
|
|
|
and CAcert Policy Statement (<a href="http://svn.cacert.org/CAcert/policy.htm" target="_blank">CPS</a>).
|
|
|
|
</p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<h2><a name="1">1.</a> Assurance Purpose</h2>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>The purpose of Assurance is to add confidence
|
2008-07-07 13:32:49 +00:00
|
|
|
in the Assurance Statement made by the CAcert Community of a Member. </p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<p>With sufficient assurances, a Member may: (a) issue certificates
|
2008-07-03 20:00:19 +00:00
|
|
|
with their assured Name included, (b) participate in assuring others,
|
2008-07-07 13:32:49 +00:00
|
|
|
and (c) other related activities. The strength of these activities is
|
|
|
|
based on the strength of the assurance. </p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<h3><a name="1.1">1.1.</a>The Assurance Statement</h3>
|
|
|
|
<p><b>The Assurance Statement makes the following claims
|
|
|
|
about a person</b>:
|
|
|
|
<s><br>The following claims can be made about a person who is
|
|
|
|
assured:</s>
|
|
|
|
</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
<ol>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>The person is a bona fide Member. In other words, the
|
|
|
|
person is a member of the CAcert Community as defined by the CAcert
|
|
|
|
Community Agreement (<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php" target="_blank">CCA</a>); </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>The Member has a (login) account with CAcert's on-line
|
|
|
|
registration and service system; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>The Member can be determined from any CAcert certificate
|
|
|
|
issued by the Account; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>The Member is bound into CAcert's Arbitration as defined
|
2008-07-14 17:46:02 +00:00
|
|
|
by the CAcert Community Agreement; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<p>Some personal details of the Member are known to CAcert:
|
2008-07-07 13:32:49 +00:00
|
|
|
the individual Name(s), primary and other listed individual email
|
2008-07-14 17:46:02 +00:00
|
|
|
address(es), secondary distinguish<b>ing</b><s>ed</s> feature (e.g. DoB). </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
</ol>
|
2008-07-14 17:46:02 +00:00
|
|
|
<p>The confidence level of the Assurance Statement is expressed by
|
2008-07-03 20:00:19 +00:00
|
|
|
the Assurance Points. </p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<h3><a name="1.2">1.2.</a>Relying Party Statement</h3>
|
2008-07-03 20:00:19 +00:00
|
|
|
<p>The primary goal of the Assurance Statement is for the express
|
2008-07-14 17:46:02 +00:00
|
|
|
purpose of certificates to meet the needs of the <i>Relying Party
|
|
|
|
Statement</i>, which latter is found in the Certification Practice
|
2008-07-07 13:32:49 +00:00
|
|
|
Statement (<a href="http://svn.cacert.org/CAcert/policy.htm" target="_blank">CPS</a>).
|
2008-07-03 20:00:19 +00:00
|
|
|
</p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<p>When a certificate is issued, some of the Assurance Statement may
|
2008-07-03 20:00:19 +00:00
|
|
|
be incorporated, e.g. Name. Other parts may be implied, e.g.
|
2008-07-07 13:32:49 +00:00
|
|
|
Membership, exact account and status. They all are part of the
|
2008-07-14 17:46:02 +00:00
|
|
|
<i>Relying Party Statement</i>. In short, this means that other
|
2008-07-07 13:32:49 +00:00
|
|
|
Members of the Community may rely on the information verified by
|
2008-07-14 17:46:02 +00:00
|
|
|
Assurance and found in the certificate.</p>
|
|
|
|
<p>In particular, certificates are sometimes considered to provide
|
2008-07-03 20:00:19 +00:00
|
|
|
reliable indications of e.g. the Member's Name and email address. The
|
2008-07-02 08:56:16 +00:00
|
|
|
nature of Assurance, the number of Assurance Points, and other
|
|
|
|
policies and processes should be understood as limitations on any
|
2008-07-03 20:00:19 +00:00
|
|
|
reliance. </p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<h2><a name="2">2.</a> The Member</h2>
|
|
|
|
<h3><a name="2.1">2.1.</a> The <b>Member's</b> Name <s>in the CAcert login account</s> </h3>
|
|
|
|
<p>At least one individual Name is recorded in the Member's
|
|
|
|
CAcert login account. <b>The general standard of a Name is:</b>
|
|
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li>
|
|
|
|
<p>The Name should be <b>recorded</b> as <s>fully</s> written in a
|
|
|
|
government-issued <b>photo</b> identity document (ID).</p>
|
|
|
|
</li>
|
|
|
|
<p> <b>The Name should be recorded as completely as possible.
|
|
|
|
That is, including all middle names, any titles and extensions,
|
|
|
|
without abbreviations, and without transliteration of characters.
|
|
|
|
</b>
|
|
|
|
<s><br>
|
|
|
|
A Name should be as fully written in a
|
2008-07-07 13:32:49 +00:00
|
|
|
government-issued identity document (ID). A Name should be as
|
|
|
|
complete as possible, that is not abbreviated, no transliteration of
|
2008-07-14 17:46:02 +00:00
|
|
|
characters in the Name.
|
|
|
|
</s></p>
|
|
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<p>The Name is recorded as a string of characters,
|
|
|
|
encoded in <span lang="en-US">unicode</span>
|
|
|
|
transformation format.</p>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
|
|
<h3><a name="2.2">2.2.</a> Multiple Names and variations</h3>
|
|
|
|
<p>
|
|
|
|
<b>
|
|
|
|
In order to handle the contradictions in the above general standard,
|
|
|
|
a Member may record multiple Names or multiple variations of a Name
|
|
|
|
in her CAcert online Account.
|
|
|
|
Examples of variations include married names,
|
|
|
|
variations of initials of first or middle names,
|
|
|
|
abbreviations of a first name,
|
|
|
|
different language or country variations,
|
|
|
|
and transliterations of characters in a name.</p>
|
|
|
|
</b>
|
|
|
|
|
|
|
|
<s> <p>
|
|
|
|
A Member may have multiple Names or multiple variations of a
|
2008-07-03 20:00:19 +00:00
|
|
|
Name.
|
|
|
|
For example, married name, variations of initials of first or middle
|
|
|
|
names, abbreviation of a first name, different language or country
|
2008-07-07 13:32:49 +00:00
|
|
|
variations and transliterations of characters in a name.</p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<p>The login account may record multiple Names. Each of the Assured
|
|
|
|
Names can be selected to be used in a certificate issued by CAcert.
|
|
|
|
</p> </s>
|
2008-07-09 10:49:24 +00:00
|
|
|
<!--
|
|
|
|
FOLLOWING GOES TO ASSURER HANDBOOK
|
2008-07-14 17:46:02 +00:00
|
|
|
<h3><a name=""> </a>Comparison of names</h3>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p><a href="http://en.wikipedia.org/wiki/Transliteration" target="_blank">Transliteration</a>
|
2008-07-03 20:00:19 +00:00
|
|
|
of characters as defined in the transliteration character table (<a href="http://svn.cacert.org/CAcert/Policies/transtab.utf" target="_blank">UTF
|
|
|
|
Transtab</a>) for names is permitted, but the result must be
|
|
|
|
7-bit
|
2008-07-02 08:56:16 +00:00
|
|
|
ASCII for the full name. Transliteration is one way and is towards
|
|
|
|
7-bit ASCII. Transliteration is a way to compare two names. However
|
2008-07-09 10:49:24 +00:00
|
|
|
transliteration of a Name makes the Name less discriminative.</p>
|
|
|
|
<p>In general names are handled case insensitively.</p>
|
|
|
|
<p>Abbreviation of second given name(s), middle name(s),
|
2008-07-03 20:00:19 +00:00
|
|
|
titles and name extensions in the name of an individual to one
|
|
|
|
character and the dot indicating the abbreviation, is permitted. If
|
|
|
|
the first given name in the ID document is abbreviated, the first
|
|
|
|
given name in the web account Name may be abbreviated. Abbreviation
|
2008-07-09 10:49:24 +00:00
|
|
|
of a name makes the name less discriminative.</p>
|
|
|
|
<p>A Name on an ID which has initials (abbreviations) for
|
2008-07-07 13:32:49 +00:00
|
|
|
titles, name extensions and given names, and/or transliterations as
|
|
|
|
defined in the transliteration table can be taken into account for
|
|
|
|
assurance for a Name in the account which is not abbreviated or
|
2008-07-09 10:49:24 +00:00
|
|
|
transliterated.</p>
|
|
|
|
<p>Titles and name extensions in the name of an individual
|
|
|
|
may be omitted.</p>
|
|
|
|
<p>The assurance ambition is to pursue
|
2008-07-07 13:32:49 +00:00
|
|
|
a highly discriminative assured Name in the account. The ambition is
|
|
|
|
to have only a Name in the account which has no abbreviation(s), no
|
2008-07-09 10:49:24 +00:00
|
|
|
transliteration and is case sensitive.</p>
|
|
|
|
|
|
|
|
FOLLOWING GOES TO Certficate Implementation Policy
|
2008-07-14 17:46:02 +00:00
|
|
|
<h3><a name=""> </a>Names on the certificate issued by CAcert</h3>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>The Certificate Implementation Policy (<a href="http://svn.cacert.org/CAcert/Policies/CertificateImplementationPolicy.html" target="_blank">CIP</a>)
|
2008-07-02 10:45:40 +00:00
|
|
|
will define the fields added by CAcert on the issued certificate on
|
2008-07-09 10:49:24 +00:00
|
|
|
request of the Member.</p>
|
|
|
|
<p>The Common Name and related certificate fields in the
|
2008-07-03 20:00:19 +00:00
|
|
|
issued certificate is dependent on the assurance of the Name in the
|
|
|
|
web account. Abbreviation and transliteration handling in the CN is
|
2008-07-02 10:45:40 +00:00
|
|
|
defined in the Certificate Implementation Policy and is similar to
|
|
|
|
the name comparison as defined in this policy. However the Common
|
2008-07-07 13:32:49 +00:00
|
|
|
Name may become less discriminative as than
|
|
|
|
the assured Name as the unique certificate serial number will lead to
|
|
|
|
the account of the individual in a unique way, and in this way to the
|
|
|
|
Name and email address of the individual or organisation. The first
|
2008-07-09 10:49:24 +00:00
|
|
|
given name in the Common Name may be abbreviated on request.</p>
|
|
|
|
<p>The certificate issued by CAcert can have on request of
|
2008-07-03 20:00:19 +00:00
|
|
|
the Member the SubjAltName field. The name as defined by the Member
|
2008-07-09 10:49:24 +00:00
|
|
|
is not checked by CAcert.</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
<table border="1" cellpadding="2" cellspacing="0">
|
|
|
|
<tbody>
|
|
|
|
<tr>
|
|
|
|
<th width="25%">
|
2008-07-09 10:49:24 +00:00
|
|
|
<p><i>name on the ID</i></p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</th>
|
|
|
|
<th width="25%">
|
2008-07-09 10:49:24 +00:00
|
|
|
<p><i>assured Name in the account</i></p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</th>
|
|
|
|
<th width="25%">
|
2008-07-09 10:49:24 +00:00
|
|
|
<p><i>name in the certificate request</i></p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</th>
|
|
|
|
<th width="25%">
|
2008-07-09 10:49:24 +00:00
|
|
|
<p><i>name on the issued certificate</i></p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</th>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>Maria Kate Märvel-Java </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>Maria K. Maervel-Java</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>M. K. Märvel-Java</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>Maria K. Maervel-Java</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>prof. dr. John K. Marvel</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>John K. Marvel</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>John K. Marvel</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>John K. Marvel</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>Moeria Koete v. Java</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>Möria Kœté von Java</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>Möria K. v. Java</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>Möria K. v. Java</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>Jamé de Häring sr</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>Jame de Haering</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>J. d. Häring</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>J. d. Haering</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>Jame d. Haering sr</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>dr Jamé de Häring</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>John de Haering</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>dr Jamé de Häring</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
</tbody>
|
|
|
|
</table>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p align="center"><font size="2">table
|
2008-07-07 13:32:49 +00:00
|
|
|
Examples of names in
|
2008-07-09 10:49:24 +00:00
|
|
|
different contexts</font></p>
|
|
|
|
-->
|
2008-07-14 17:46:02 +00:00
|
|
|
<h3><a name="2.3">2.3.</a> Status and Capabilities</h3>
|
|
|
|
<b>
|
|
|
|
<p>A Name which has reached
|
|
|
|
the level of 50 Assurance Points is defined as an Assured
|
|
|
|
Name. An Assured Name can be used in a certificate issued by CAcert.
|
|
|
|
A Member with at least one Assured Name has reached the Assured
|
|
|
|
Member status.
|
|
|
|
Additional capabilities are described in Table 1.</p>
|
|
|
|
</b>
|
|
|
|
|
|
|
|
<s><p>
|
|
|
|
A Member has the following capabilities derived from
|
|
|
|
Assurance: </p></s>
|
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
<p align="left"><font size="2"><i>Table 1:
|
|
|
|
Assurance Capability</i></font></p>
|
2008-07-03 20:00:19 +00:00
|
|
|
<table border="1" cellpadding="5" cellspacing="0">
|
|
|
|
<tbody>
|
|
|
|
<tr>
|
|
|
|
<td width="10%">
|
2008-07-07 13:32:49 +00:00
|
|
|
<p align="left"><i>Minimum Assurance Points</i></p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td width="15%">
|
2008-07-07 13:32:49 +00:00
|
|
|
<p align="left"><i>Capability</i></p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td width="15%">
|
|
|
|
<p align="left"><i>Status</i></p>
|
|
|
|
</td>
|
2008-07-07 13:32:49 +00:00
|
|
|
<td width="60%">
|
|
|
|
<p align="left"><i>Comment</i></p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
<tr valign="top">
|
|
|
|
<td>
|
|
|
|
<p align="center">0</p>
|
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p align="left">Request Assurance</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
|
|
|
<p align="left">Prospective Member</p>
|
|
|
|
</td>
|
|
|
|
<td>
|
|
|
|
<p align="left">Individual taking part of an
|
|
|
|
Assurance, who does not have created a CAcert login account (yet). The
|
|
|
|
allocation of Assurance Points is awaiting login account creation.</p>
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
<tr valign="top">
|
|
|
|
<td>
|
|
|
|
<p align="center">0</p>
|
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-14 17:46:02 +00:00
|
|
|
<p align="left">Request unnamed certificates</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
|
|
|
<p align="left">Member</p>
|
|
|
|
</td>
|
|
|
|
<td>
|
|
|
|
<p align="left">Although the Member's details are
|
|
|
|
recorded in the account, they are not highly assured.</p>
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
<tr valign="top">
|
|
|
|
<td>
|
|
|
|
<p align="center">50</p>
|
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-14 17:46:02 +00:00
|
|
|
<p align="left">Request named certificates</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
|
|
|
<p align="left">Assured Member</p>
|
|
|
|
</td>
|
|
|
|
<td>
|
|
|
|
<p align="left">Statements of Assurance: the Name is
|
|
|
|
assured to 50 Assurance Points or more</p>
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
<tr valign="top">
|
|
|
|
<td>
|
|
|
|
<p align="center">100</p>
|
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-14 17:46:02 +00:00
|
|
|
<p align="left">Become an Assurer</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p align="left">Prospective Assurer</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
|
|
|
<p align="left">Assured to 100 Assurance Points (or
|
|
|
|
more) on at least one Name, and passing the Assurer Challenge.</p>
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
</tbody>
|
|
|
|
</table>
|
2008-07-14 17:46:02 +00:00
|
|
|
</blockquote>
|
2008-07-03 20:00:19 +00:00
|
|
|
<p>A Member may check the status of another Member, especially
|
2008-07-14 17:46:02 +00:00
|
|
|
for an assurance process.
|
|
|
|
<b>
|
|
|
|
Status may be implied from information in a certificate.
|
|
|
|
The number of Assurance Points for each Member is not published.
|
|
|
|
</b>
|
|
|
|
</p>
|
|
|
|
<p>The CAcert Policy Statement
|
|
|
|
(<a href="http://svn.cacert.org/CAcert/policy.htm" target="_blank">CPS</a>)
|
2008-07-07 13:32:49 +00:00
|
|
|
and other policies may list other capabilities that rely on Assurance
|
|
|
|
Points. </p>
|
2008-07-14 17:46:02 +00:00
|
|
|
|
|
|
|
<h2><a name="3">3.</a> The Assurer</h2>
|
2008-07-03 20:00:19 +00:00
|
|
|
<p>An Assurer is a Member with the following: </p>
|
|
|
|
<ul>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Is assured to a minimum of 100 Assurance Points; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<p>Has passed the CAcert Assurer Challenge. </p>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
|
|
<p>The Assurer Challenge is administered by the Education Team on
|
|
|
|
behalf of the Assurance Officer. </p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<h3><a name="3.1">3.1.</a> The Obligations of the Assurer</h3>
|
2008-07-03 20:00:19 +00:00
|
|
|
<p>The Assurer is obliged to: </p>
|
|
|
|
<ul>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Follow this Assurance Policy; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Follow any additional rules of detail laid out by the
|
|
|
|
CAcert Assurance Officer; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<p>Be guided by the CAcert <a href="http://wiki.cacert.org/wiki/AssuranceHandbook2" target="_blank">Assurance Handbook</a> in their
|
|
|
|
judgement; </p>
|
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Make a good faith effort at identifying and verifying
|
|
|
|
Members; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Maintain the documentation on each Assurance; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Deliver documentation to Arbitration, or as otherwise
|
|
|
|
directed by the Arbitrator; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<p>Keep up-to-date with developments within the CAcert
|
|
|
|
Community. </p>
|
|
|
|
</li>
|
|
|
|
</ul>
|
2008-07-14 17:46:02 +00:00
|
|
|
<h2><a name="4">4.</a> The Assurance</h2>
|
|
|
|
<h3><a name="4.1">4.1.</a> The Assurance Process</h3>
|
2008-07-03 20:00:19 +00:00
|
|
|
<p>The Assurer conducts the process of Assurance with each
|
|
|
|
Member. </p>
|
|
|
|
<p>The process consists of: </p>
|
|
|
|
<ol>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Voluntary agreement by both Assurer and Member or
|
|
|
|
Prospective Member to conduct the Assurance; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Personal meeting of Assurer and Member or Prospective
|
2008-07-03 20:00:19 +00:00
|
|
|
Member; </p>
|
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Recording of essential details on CAcert Assurance
|
|
|
|
Programme form; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Examination of Identity documents by Assurer and
|
|
|
|
verification of recorded details (the Name(s) and Secondary
|
|
|
|
Distinguishing Feature, e.g., DoB); </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Allocation of Assurance Points by Assurer; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Optional: supervision of reciprocal Assurance made by
|
|
|
|
Assuree (Mutual Assurance); </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-14 17:46:02 +00:00
|
|
|
<p>Safekeeping of the CAcert Assurance Programme (<a href="http://www.cacert.org/cap.php" target="_blank">CAP</a>)
|
2008-07-07 13:32:49 +00:00
|
|
|
forms by Assurer. </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
</ol>
|
2008-07-14 17:46:02 +00:00
|
|
|
<h3><a name="4.2">4.2.</a> Mutual Assurance</h3>
|
2008-07-03 20:00:19 +00:00
|
|
|
<p>Mutual Assurance follows the principle of reciprocity. This
|
|
|
|
means
|
2008-06-30 17:48:01 +00:00
|
|
|
that the Assurance may be two-way, and that each member participating
|
|
|
|
in the Assurance procedure should be able to show evidence of their
|
2008-07-03 20:00:19 +00:00
|
|
|
identity to the other. </p>
|
|
|
|
<p>In the event that an Assurer is assured by a Member who is not
|
2008-06-30 17:48:01 +00:00
|
|
|
certified as an Assurer, the Assurer supervises the Assurance
|
2008-07-03 20:00:19 +00:00
|
|
|
procedure and process, and is responsible for the results. </p>
|
|
|
|
<p>Reciprocity maintains a balance between the (new) member and
|
|
|
|
the
|
2008-06-30 17:48:01 +00:00
|
|
|
Assurer, and reduces any sense of power. It is also an important aid
|
2008-07-03 20:00:19 +00:00
|
|
|
to the assurance training for future Assurers. </p>
|
2008-07-14 17:46:02 +00:00
|
|
|
|
|
|
|
<s>
|
2008-07-09 10:49:24 +00:00
|
|
|
<h3>4.3. Evidence of Assurer status</h3>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>On the question of providing evidence that one is an Assurer,
|
|
|
|
CAcert Policy Statement (<a href="http://svn.cacert.org/CAcert/policy.htm#p3.2" target="_blank">CPS</a>)
|
2008-07-09 10:49:24 +00:00
|
|
|
says:<i> "The level at which each Member is Assured is public
|
2008-07-01 19:48:57 +00:00
|
|
|
data. The number of Assurance Points for each Member is not
|
2008-07-09 10:49:24 +00:00
|
|
|
published.</i>.".</p>
|
2008-07-14 17:46:02 +00:00
|
|
|
</s>
|
|
|
|
|
|
|
|
<h3><a name="4.3">4.3.</a> Assurance Points</h3>
|
2008-07-03 20:00:19 +00:00
|
|
|
<p>The Assurance applies Assurance Points to each Member which
|
2008-06-30 17:48:01 +00:00
|
|
|
measure the increase of confidence in the Statement (above).
|
2008-06-03 14:43:44 +00:00
|
|
|
Assurance Points should not be interpreted for any other purpose.
|
2008-07-09 10:49:24 +00:00
|
|
|
Note that, even though they are sometimes referred to as <i>Web-of-Trust</i>
|
|
|
|
(Assurance) Points, or <i>Trust</i> Points, the meaning
|
2008-07-03 20:00:19 +00:00
|
|
|
of the word
|
|
|
|
'Trust' is not well defined. </p>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p><i>Assurance Points Allocation</i><br>
|
2008-07-03 20:00:19 +00:00
|
|
|
An Assurer can allocate a
|
|
|
|
number of Assurance Points to the Member according to the Assurer's
|
2008-06-30 17:48:01 +00:00
|
|
|
experience (Experience Point system, see below). The allocation of
|
|
|
|
the maximum means that the Assurer is 100% confident in the
|
2008-07-03 20:00:19 +00:00
|
|
|
information presented: </p>
|
|
|
|
<ul>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Detail on form, system, documents, person in accordance; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Sufficient quality identity documents have been checked; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Assurer's familiarity with identity documents; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<p>The Assurance Statement is confirmed. </p>
|
|
|
|
</li>
|
|
|
|
</ul>
|
2008-07-14 17:46:02 +00:00
|
|
|
<p>Any lesser confidence should result in less Assurance Points for a
|
2008-06-30 17:48:01 +00:00
|
|
|
Name. If the Assurer has no confidence in the information presented,
|
2008-07-14 17:46:02 +00:00
|
|
|
then <i>zero</i> Assurance Points may be allocated by the Assurer.
|
2008-07-03 20:00:19 +00:00
|
|
|
For example, this may happen if the identity documents are totally
|
2008-07-09 10:49:24 +00:00
|
|
|
unfamiliar to the Assurer. The number of Assurance Points from <i>zero</i>
|
|
|
|
to <i>maximum </i>is guided by the Assurance Handbook
|
2008-07-14 17:46:02 +00:00
|
|
|
and the judgement of the Assurer.
|
|
|
|
<b>
|
|
|
|
If there is negative confidence the Assurer should consider
|
|
|
|
filing a dispute.</b></p>
|
|
|
|
<p>Multiple Names should be allocated Assurance Points
|
|
|
|
independently within a single Assurance. </p>
|
|
|
|
<p>A <s>(new)</s> Member who is not an Assurer may award an Assurer in a
|
|
|
|
reciprocal process a maximum of 2 Assurance Points, according to
|
|
|
|
<b>her</b> <s>his</s>
|
2008-06-30 17:48:01 +00:00
|
|
|
judgement. The Assurer should strive to have the Member allocate
|
2008-07-14 17:46:02 +00:00
|
|
|
according to the Member's judgement, and stay on the cautious side
|
|
|
|
<s>a maximum of AssurancePoints per Name</s> ;
|
|
|
|
the <s>(new)</s> Member new to the assurance process
|
|
|
|
should allocate <i>zero</i> Assurance Points
|
|
|
|
until <b>she gains</b> <s>they gets</s> some confidence in what is happening.</p>
|
|
|
|
<p><b>In general, for a Member to reach 50 Assurance Points, the Member must
|
|
|
|
have participated in at least two assurances, and
|
|
|
|
at least one Name will have been assured to that level.</b>
|
|
|
|
<s><br> To reach 50 Assurance Points for a Name the Member must
|
2008-07-07 13:32:49 +00:00
|
|
|
have had at least two assurances on that Name: the Assured Member has
|
2008-07-14 17:46:02 +00:00
|
|
|
at least one Name assured, the Assured Name.</s>
|
|
|
|
</p>
|
|
|
|
|
2008-07-09 10:49:24 +00:00
|
|
|
<p>To reach 100 Assurance
|
2008-07-07 13:32:49 +00:00
|
|
|
Points, at least one Name of the Assured Member must have been
|
2008-07-09 10:49:24 +00:00
|
|
|
assured at least three times.</p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<p>The maximum number of Assurance
|
|
|
|
Points which can be allocated for an <s>Name</s> Assurance under this policy
|
|
|
|
and <b>under any act under any</b>
|
|
|
|
Subsidiary Policy (below) is 50 Assurance Points.</p>
|
|
|
|
<h3><a name="4.4">4.4.</a> Experience Points</h3>
|
2008-07-03 20:00:19 +00:00
|
|
|
<p>The maximum number of Assurance Points that may be awarded by
|
|
|
|
an
|
|
|
|
Assurer is determined by the Experience Points of the Assurer. </p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<blockquote>
|
|
|
|
<p align="left"><font size="2"><i>Table 2:
|
|
|
|
Maximum of Assurance Points </i></font>
|
|
|
|
</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
<table border="1" cellpadding="2" cellspacing="0" width="15%">
|
|
|
|
<tbody>
|
|
|
|
<tr>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p><i>Assurer's Experience Points</i></p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
<td>
|
2008-07-09 10:49:24 +00:00
|
|
|
<p><i>Allocatable Assurance Points</i></p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>
|
|
|
|
<p align="center">0</p>
|
|
|
|
</td>
|
|
|
|
<td>
|
|
|
|
<p align="center">10</p>
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>
|
|
|
|
<p align="center">10</p>
|
|
|
|
</td>
|
|
|
|
<td>
|
|
|
|
<p align="center">15</p>
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>
|
|
|
|
<p align="center">20</p>
|
|
|
|
</td>
|
|
|
|
<td>
|
|
|
|
<p align="center">20</p>
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>
|
|
|
|
<p align="center">30</p>
|
|
|
|
</td>
|
|
|
|
<td>
|
|
|
|
<p align="center">25</p>
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>
|
|
|
|
<p align="center">40</p>
|
|
|
|
</td>
|
|
|
|
<td>
|
|
|
|
<p align="center">30</p>
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>
|
|
|
|
<p align="center">>=50</p>
|
|
|
|
</td>
|
|
|
|
<td>
|
|
|
|
<p align="center">35</p>
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
</tbody>
|
|
|
|
</table>
|
2008-07-14 17:46:02 +00:00
|
|
|
</blockquote>
|
2008-07-03 20:00:19 +00:00
|
|
|
<p>An Assurer is given a maximum of 2 Experience Points for every
|
2008-06-30 17:48:01 +00:00
|
|
|
completed Assurance. On reaching Assurer status, the Experience
|
2008-07-03 20:00:19 +00:00
|
|
|
Points start at 0 (zero). </p>
|
|
|
|
<p>Less Experience Points (1) may be given for mass Assurance
|
|
|
|
events,
|
|
|
|
where each Assurance is quicker. </p>
|
|
|
|
<p>Additional Experience Points may be granted temporarily or
|
2008-07-01 19:48:57 +00:00
|
|
|
permanently to an Assurer by CAcert Inc.'s Committee (board), on
|
2008-07-03 20:00:19 +00:00
|
|
|
recommendation from the Assurance Officer. </p>
|
|
|
|
<p>Experience Points are not to be confused with Assurance
|
|
|
|
Points. </p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<h3><a name="4.5">4.5.</a> CAcert Assurance Programme (CAP) form</h3>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>The CAcert Assurance Programme (<a href="http://www.cacert.org/cap.php" target="_blank">CAP</a>)
|
|
|
|
form requests the following details of each Member or Prospective
|
|
|
|
Member: </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
<ul>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Name(s), as recorded in the on-line account; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Primary email address, as recorded in the on-line account;
|
|
|
|
</p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Secondary Distinguishing Feature, as recorded in the
|
|
|
|
on-line account (normally, date of birth); </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Statement of agreement with the CAcert Community
|
|
|
|
Agreement; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Permission to the Assurer to conduct the Assurance
|
|
|
|
(required for privacy reasons); </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<p>Date and signature of the Assuree. </p>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
|
|
<p>The CAP form requests the following details of the Assurer: </p>
|
|
|
|
<ul>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>At least one Name as recorded in the on-line account of
|
|
|
|
the Assurer; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Assurance Points for each Name in the identity
|
|
|
|
document(s); </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Statement of Assurance; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Optional: If the Assurance is reciprocal, then the
|
|
|
|
Assurer's email address and Secondary Distinguishing Feature are
|
|
|
|
required as well; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<p>Date, location of Assurance and signature of Assurer. </p>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
|
|
<p>The CAP forms are to be kept at least for 7 years by the
|
|
|
|
Assurer. </p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<h2><a name="5">5.</a> The Assurance Officer</h2>
|
2008-07-03 20:00:19 +00:00
|
|
|
<p>The Committee (board) of CAcert Inc. appoints an Assurance
|
|
|
|
Officer
|
|
|
|
with the following responsibilities: </p>
|
|
|
|
<ul>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Reporting to the Committee and advising on all matters to
|
|
|
|
do with Assurance; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Training and testing of Assurers, in association with the
|
|
|
|
Education Team; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Updating this Assurance Policy, under the process
|
|
|
|
established by Policy on Policy (<a href="https://www.cacert.org/policy/PolicyOnPolicy.php" target="_blank">PoP</a>); </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Management of all Subsidiary Policies (see below) for
|
|
|
|
Assurances, under Policy on Policy; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Managing and creating rules of detail or procedure where
|
|
|
|
inappropriate for policies; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Incorporating rulings from Arbitration into policies,
|
|
|
|
procedures or guidelines; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Assisting the Arbitrator in any requests; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Managing the Assurer Handbook; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<p>Maintaining a sufficient strength in the Assurance process
|
|
|
|
(web-of-trust) to meet the agreed needs of the Community. </p>
|
|
|
|
</li>
|
|
|
|
</ul>
|
2008-07-14 17:46:02 +00:00
|
|
|
<h2><a name="6">6.</a> Subsidiary Policies</h2>
|
|
|
|
<p>The Assurance Officer manages various exceptions and additional
|
2008-06-30 17:48:01 +00:00
|
|
|
processes. Each must be covered by an approved Subsidiary Policy
|
2008-07-03 20:00:19 +00:00
|
|
|
(refer to Policy on Policy => CAcert Official Document COD1).
|
2008-07-07 13:32:49 +00:00
|
|
|
Subsidiary Policies specify any additional tests of knowledge
|
|
|
|
required and variations to process and documentation, within the
|
|
|
|
general standard stated here. </p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<h3><a name="6.1">6.1.</a> Standard</h3>
|
2008-07-03 20:00:19 +00:00
|
|
|
<p>Each Subsidiary Policy must augment and improve the general
|
2008-06-30 17:48:01 +00:00
|
|
|
standards in this Assurance Policy. It is the responsibility of each
|
|
|
|
Subsidiary Policy to describe how it maintains and improves the
|
|
|
|
specific and overall goals. It must describe exceptions and potential
|
2008-07-03 20:00:19 +00:00
|
|
|
areas of risk. </p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<h3><a name="6.2">6.2.</a> High Risk Applications</h3>
|
2008-07-03 20:00:19 +00:00
|
|
|
<p>In addition to the Assurance or Experience Points ratings set
|
2008-07-14 17:46:02 +00:00
|
|
|
here and in other subsidiary policies, the Assurance Officer or policies can
|
2008-07-07 13:32:49 +00:00
|
|
|
designate certain applications as high risk. If so, additional
|
|
|
|
measures may be added to the Assurance process that specifically
|
|
|
|
address the risks.</p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<p>Additional measures may include <s>additional information</s>:
|
2008-07-03 20:00:19 +00:00
|
|
|
<ul>
|
2008-07-14 17:46:02 +00:00
|
|
|
<li>
|
|
|
|
Additional information can be required in process of assurance: </p>
|
|
|
|
<ul>
|
|
|
|
<li>unique numbers of identity documents,</li>
|
|
|
|
<li>photocopy of identity documents,</li>
|
|
|
|
<li>photo of User,</li>
|
|
|
|
<li>address of User.</li>
|
2008-07-03 20:00:19 +00:00
|
|
|
</ul>
|
|
|
|
<p>Additional Information is to be kept by Assurer, attached to
|
2008-07-07 13:32:49 +00:00
|
|
|
CAcert Assurance Programme (<a href="http://www.cacert.org/cap.php" target="_blank">CAP</a>)
|
|
|
|
form. Assurance Points allocation by this assurance is unchanged.
|
2008-07-03 20:00:19 +00:00
|
|
|
User's CAcert login account should be annotated to record type of
|
2008-07-14 17:46:02 +00:00
|
|
|
additional information;</p>
|
|
|
|
</li>
|
2008-07-03 20:00:19 +00:00
|
|
|
<li>
|
|
|
|
<p>Arbitration: </p>
|
|
|
|
<ul>
|
2008-07-14 17:46:02 +00:00
|
|
|
<li> Member to participate in Arbitration. This confirms
|
2008-07-07 13:32:49 +00:00
|
|
|
their acceptance of the forum as well as trains in the process and
|
2008-07-14 17:46:02 +00:00
|
|
|
import,
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
2008-07-14 17:46:02 +00:00
|
|
|
<li> Member to file Arbitration to present case. This
|
|
|
|
allows Arbitrator as final authority;
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<p>Additional training; </p>
|
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Member to be Assurer (at least 100 Assurance Points and
|
|
|
|
passed Assurer Challenge); </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Member agrees to additional specific agreement(s); </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<p>Additional checking/auditing of systems data by CAcert
|
|
|
|
support administrators. </p>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
|
|
<p>Applications that might attract additional measures include
|
|
|
|
code-signing certificates and administration roles. </p>
|
2008-07-14 17:46:02 +00:00
|
|
|
<h2><a name="7">7.</a> Privacy</h2>
|
2008-07-03 20:00:19 +00:00
|
|
|
<p>CAcert is a "privacy" organisation, and takes the
|
2008-06-30 17:48:01 +00:00
|
|
|
privacy of its Members seriously. The process maintains the security
|
2008-07-03 20:00:19 +00:00
|
|
|
and privacy of both parties. </p>
|
|
|
|
<p>Information is collected primarily to make claims within the
|
2008-07-01 19:48:57 +00:00
|
|
|
certificates requested by users and to contact the Members. It is
|
2008-06-30 17:48:01 +00:00
|
|
|
used secondarily for training, testing, administration and other
|
2008-07-03 20:00:19 +00:00
|
|
|
internal purposes. </p>
|
|
|
|
<p>The Member's information can be accessed under these
|
|
|
|
circumstances: </p>
|
|
|
|
<ul>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>Under Arbitrator ruling, in a duly filed dispute (<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.html" target="_blank">Dispute Resolution Policy</a>
|
2008-07-03 20:00:19 +00:00
|
|
|
=> COD7); </p>
|
|
|
|
</li>
|
|
|
|
<li>
|
2008-07-07 13:32:49 +00:00
|
|
|
<p>An Assurer in the process of an Assurance, as permitted on
|
|
|
|
the CAcert Assurance Programme (<a href="http://www.cacert.org/cap.php" target="_blank">CAP</a>)
|
|
|
|
form; </p>
|
2008-07-03 20:00:19 +00:00
|
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<p>CAcert support administration and CAcert systems
|
|
|
|
administration when operating under the authority of Arbitrator or
|
|
|
|
under CAcert policy. </p>
|
|
|
|
</li>
|
|
|
|
</ul>
|
2008-07-14 17:46:02 +00:00
|
|
|
<p><a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-xhtml11-blue" name="graphics2" alt="Valid XHTML 1.1" align="bottom" border="0" height="33" width="90"></a>
|
2008-07-03 20:00:19 +00:00
|
|
|
</p>
|
2008-07-09 15:42:37 +00:00
|
|
|
</body></html>
|