ve issued certificate paragraph a bit clearer and ref to CIP policy.

git-svn-id: http://svn.cacert.org/CAcert/Policies@874 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
Teus Hagen 2008-07-02 10:45:40 +00:00
parent d16b89fa71
commit 194401885b

View file

@ -1,20 +1,19 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=windows-1252">
<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
<TITLE>Assurance Policy</TITLE>
<meta name="CREATEDBY" content="Ian Grigg">
<meta name="CREATED" content="20080530;0">
<meta name="CHANGEDBY" content="Teus Hagen">
<meta name="CHANGED" content="20080701;0">
<meta name="CHANGEDBY" content="Robert Cruikshank">
<meta name="CHANGED" content="20080702;0">
<META NAME="CREATED" CONTENT="20080530;0">
<META NAME="CHANGEDBY" CONTENT="Teus Hagen">
<META NAME="CHANGED" CONTENT="20080702;12375400">
<META NAME="CREATEDBY" CONTENT="Ian Grigg">
<META NAME="CHANGEDBY" CONTENT="Teus Hagen">
<META NAME="CHANGEDBY" CONTENT="Robert Cruikshank">
<STYLE TYPE="text/css">
<!--
P { color: #000000 }
TD P { color: #000000 }
H1 { color: #000000 }
P { color: #000000 }
H2 { color: #000000 }
DT { color: #000000 }
DD { color: #000000 }
@ -26,12 +25,8 @@
<BODY LANG="en-GB" TEXT="#000000" DIR="LTR">
<H1>Assurance Policy for CAcert Community Members</H1>
<P><A HREF="PolicyOnPolicy.html"><IMG SRC="Images/cacert-wip.png" NAME="graphics1" ALT="CAcert Policy Status" ALIGN=BOTTOM WIDTH=90 HEIGHT=33 BORDER=0></A>
<BR>
Author: Ian Grigg<BR>
Creation date: 2008-05-30<BR>
Status: WIP
2008-05-30<BR>
Next status: DRAFT June 2008
<BR>Author: Ian Grigg<BR>Creation date: 2008-05-30<BR>Status: WIP
2008-05-30<BR>Next status: DRAFT June 2008
</P>
<H2>0. Preamble</H2>
<P>Definitions of terms:
@ -54,7 +49,7 @@ Next status: DRAFT June 2008
</DD><DT>
<EM>Name</EM>
</DT><DD>
A Name is the full name of an individual:&nbsp;first name(s), family
A Name is the full name of an individual: first name(s), family
name(s), name extensions, abbreviation of name(s), etc. The Name is
technically spoken a string exactly taken from a governmental issued
photo ID.
@ -71,7 +66,7 @@ The CAcert Web of Trust</H3>
<P>Each Assurance claims a number of Assurance Points, applied to the
assured Member or Member prospect. By combining the Assurances, and
the Assurance Points, CAcert constructs a global <EM>Web-of-Trust</EM>
&nbsp;or &quot;WoT&quot;.
or &quot;WoT&quot;.
</P>
<P>CAcert explicitly chooses to meet its various goals by
construction of a Web-of-Trust of all Members. This is done by
@ -85,7 +80,7 @@ high-level objective of the Assurance process.
Handbook</A>. The policy is controlled by Configuration Control
Specification (<A HREF="http://wiki.cacert.org/wiki/PolicyDrafts/ConfigurationControlSpecification" TARGET="_blank">CCS</A>)
under Policy on Policy (<A HREF="http://www.cacert.org/policy/PolicyOnPolicy.php" TARGET="_blank">PoP</A>)
policy document regime. <BR>Because Assurance is an active area, much
policy document regime.<BR>Because Assurance is an active area, much
of the practice is handed over to the Assurance Handbook, which is
not a controlled policy document, and can more easily respond to
experience and circumstances. It is also more readable.
@ -150,7 +145,7 @@ individual. Names in an ID can differ, so a CAcert account can have
more <FONT COLOR="#000000"><STRIKE>as</STRIKE></FONT><FONT COLOR="#000000"><SPAN STYLE="text-decoration: none">
than</SPAN></FONT> one Name.<BR>The technical form of a Name is a
string of characters. Each Name should be exactly copied once from a
governmental-issued photo ID.&nbsp;</P>
governmental-issued photo ID.</P>
<H3>Multiple Names</H3>
<P>A Member can have multiple individual names. For example, married
name, variations of initials of first or middle names, abbreviation
@ -158,8 +153,8 @@ of a first name, different language or country variations and
transliterations of characters in a name. Each individual Name
originating from a governmental ID must be assured to the applicable
level of 50 Assurance Points before the (comparable) name can be used
as Common Name in a certificate.&nbsp;</P>
<H3>Comparison of&nbsp;names</H3>
as Common Name in a certificate.</P>
<H3>Comparison of names</H3>
<P><A HREF="http://en.wikipedia.org/wiki/Transliteration" TARGET="_blank">Transliteration</A>
of characters as defined in the transliteration character table (<A HREF="http://svn.cacert.org/CAcert/Policies/transtab.utf" TARGET="_blank">UTF
Transtab</A>) for names is permitted, but the result must be 7-bit
@ -171,7 +166,7 @@ transliteration of a name makes the name less discriminative.</P>
name extensions in the name of an individual to one character and the
dot indicating the abbreviation, is permitted. If the first given
name in the ID document is abbreviated, the first given name in the
web account Name may be abbreviated. &nbsp;Abbreviation of a name
web account Name may be abbreviated. Abbreviation of a name
makes the name less discriminative.</P>
<P>Titles and name extensions in the name of an individual may be
omitted.</P>
@ -180,24 +175,31 @@ for</STRIKE></FONT><FONT COLOR="#000000"> pursue</FONT> a highly
discriminative assured Name. The ambition is to have a Name in the
account with no abbreviation(s), no transliteration and case
<FONT COLOR="#000000"><STRIKE>sensitive </STRIKE></FONT><FONT COLOR="#000000">sensitivity</FONT>.</P>
<H3>Names on the certificate issued by CAcert</H3>
<P>The Certificate Implementation Policy (<A HREF="http://svn.cacert.org/CAcert/Policies/CertificateImplementationPolicy.html" TARGET="_blank">CIP</A>)
will define the fields added by CAcert on the issued certificate on
request of the Member.</P>
<P>The Common Name and related certificate fields in the issued
certificate is dependent on the assurance of the Name in the web
account. Abbreviation and transliteration handling in the CN is
defined in the Certificate Implementation Policy (<A HREF="http://svn.cacert.org/CAcert/Policies/CertificateImplementationPolicy.html" TARGET="_blank">CIP</A>)
and is similar to the name comparison as defined in this policy.
However the Common Name may become less discriminative <FONT COLOR="#000000"><STRIKE>as</STRIKE></FONT><FONT COLOR="#000000">
defined in the Certificate Implementation Policy and is similar to
the name comparison as defined in this policy. However the Common
Name may become less discriminative <FONT COLOR="#000000"><STRIKE>as</STRIKE></FONT><FONT COLOR="#000000">
than</FONT> the assured Name as the unique certificate serial number
will lead to the account of the individual in a unique way, and in
this way to the Name and email address of the individual or
organisation. The first given name in the Common Name may be
abbreviated on request.</P>
<P>The certificate issued by CAcert can have on request of the Member
the SubjAltName field. The name as defined by the Member is not
checked by CAcert.</P>
<TABLE BORDER=1 CELLPADDING=2 CELLSPACING=0>
<TR>
<TH WIDTH=25%>
<P><I>name on the ID</I></P>
</TH>
<TH WIDTH=25%>
<P><I>Name in the account</I></P>
<P><I>assured Name in the account</I></P>
</TH>
<TH WIDTH=25%>
<P><I>name in the certificate request</I></P>
@ -208,16 +210,16 @@ abbreviated on request.</P>
</TR>
<TR>
<TD>
<P>Maria Kate Marvel-Java sr</P>
<P>Maria Kate M&auml;rvel-Java sr</P>
</TD>
<TD>
<P>Maria K. Marvel-Java</P>
<P>Maria K. Maervel-Java</P>
</TD>
<TD>
<P>M. K. Marvel-Java</P>
<P>M. K. M&auml;rvel-Java</P>
</TD>
<TD>
<P>Maria K. Marvel-Java</P>
<P>Maria K. Maervel-Java</P>
</TD>
</TR>
<TR>
@ -239,7 +241,7 @@ abbreviated on request.</P>
<P>Moeria Koete v. Java</P>
</TD>
<TD>
<P>M&ouml;ria K&oelig;t&eacute; von Java</P>
<P>M&ouml;ria Kœt&eacute; von Java</P>
</TD>
<TD>
<P>M&ouml;ria K. v. Java</P>
@ -283,7 +285,7 @@ Examples of names in different contexts</FONT></P>
type (title, first given name, secondary given name(s),
middlename(s), family name, and/or name extensions) and the Name in
the web account provides the type of name field attribute, this will
be assured in the Name account administration. </STRIKE>
be assured in the Name account administration.</STRIKE>
</P>
<H3>Capabilities</H3>
<P>A Member has the following capabilities derived from an Assurance:
@ -425,7 +427,7 @@ procedure and process, and is responsible for the results.
Assurer, and reduces any sense of power. It is also an important aid
to the assurance training for future Assurers.
</P>
<P><EM>Evidence of Assurer status</EM> <BR>On the question of
<P><EM>Evidence of Assurer status</EM><BR>On the question of
providing evidence that one is an Assurer, CAcert Policy Statement
(<A HREF="http://svn.cacert.org/CAcert/policy.htm#p3.2" TARGET="_blank">CPS</A>)
says:<EM> &quot;The level at which each Member is Assured is public
@ -440,7 +442,7 @@ Note that, even though they are sometimes referred to as <EM>Web-of-Trust</EM>
(Assurance) Points, or <EM>Trust</EM> Points, the meaning of the word
'Trust' is not well defined.
</P>
<P><EM>Assurance Points Allocation.</EM> <BR>An Assurer can allocate
<P><EM>Assurance Points Allocation.</EM><BR>An Assurer can allocate
a number of Assurance Points to the Member according to the Assurer's
experience (Experience Point system, see below). The allocation of
the maximum means that the Assurer is 100% confident in the
@ -462,7 +464,7 @@ information presented:
<P>Any lesser confidence should result in less Assurance Points for a
Name. If the Assurer has no confidence in the information presented,
then <EM>zero </EM>Assurance Points may be allocated by the
Assurer.&nbsp;For example, this may happen if the identity documents
Assurer. For example, this may happen if the identity documents
are totally unfamiliar to the Assurer. The number of Assurance Points
from <EM>zero</EM> to <EM>maximum </EM>is guided by the Assurance
Handbook and the judgement of the Assurer.
@ -487,7 +489,7 @@ times.
Points per Name. This means that to reach 50 Assurance Points
(certificate with a Name), a Member must have been assured at least
once. To reach 100 Assurance Points, at least one Name of the Member
must have been assured at least twice. </STRIKE>
must have been assured at least twice.</STRIKE>
</P>
<H3>Experience Points</H3>
<P>The maximum number of Assurance Points that may be awarded by an
@ -555,7 +557,7 @@ Assurer is determined by the Experience Points of the Assurer.
</TABLE>
</DL>
<P ALIGN=LEFT STYLE="margin-bottom: 0cm"><FONT SIZE=2><I>table
Maximum of Assurance Points&nbsp;</I></FONT></P>
Maximum of Assurance Points </I></FONT></P>
<P ALIGN=LEFT STYLE="margin-bottom: 0cm"><BR>
</P>
<P>An Assurer is given a maximum of 2 Experience Points for every
@ -680,7 +682,7 @@ areas of risk.
<P>In addition to the Assurance or Experience Points ratings set here
in and in other policies, Assurance Officer or policies can designate
certain applications as high risk. If so, additional measures may be
added to the Assurance process that specifically address the risks.&nbsp;</P>
added to the Assurance process that specifically address the risks.</P>
<P>Additional measures may include additional information. Additional
information can be required in process of assurance:
</P>