ve issued certificate paragraph a bit clearer and ref to CIP policy.
git-svn-id: http://svn.cacert.org/CAcert/Policies@874 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
parent
d16b89fa71
commit
194401885b
1 changed files with 40 additions and 38 deletions
|
@ -1,20 +1,19 @@
|
||||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
||||||
<HTML>
|
<HTML>
|
||||||
<HEAD>
|
<HEAD>
|
||||||
<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=windows-1252">
|
<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
|
||||||
<TITLE>Assurance Policy</TITLE>
|
<TITLE>Assurance Policy</TITLE>
|
||||||
<meta name="CREATEDBY" content="Ian Grigg">
|
<META NAME="CREATED" CONTENT="20080530;0">
|
||||||
<meta name="CREATED" content="20080530;0">
|
<META NAME="CHANGEDBY" CONTENT="Teus Hagen">
|
||||||
<meta name="CHANGEDBY" content="Teus Hagen">
|
<META NAME="CHANGED" CONTENT="20080702;12375400">
|
||||||
<meta name="CHANGED" content="20080701;0">
|
<META NAME="CREATEDBY" CONTENT="Ian Grigg">
|
||||||
<meta name="CHANGEDBY" content="Robert Cruikshank">
|
<META NAME="CHANGEDBY" CONTENT="Teus Hagen">
|
||||||
<meta name="CHANGED" content="20080702;0">
|
<META NAME="CHANGEDBY" CONTENT="Robert Cruikshank">
|
||||||
|
|
||||||
<STYLE TYPE="text/css">
|
<STYLE TYPE="text/css">
|
||||||
<!--
|
<!--
|
||||||
|
P { color: #000000 }
|
||||||
TD P { color: #000000 }
|
TD P { color: #000000 }
|
||||||
H1 { color: #000000 }
|
H1 { color: #000000 }
|
||||||
P { color: #000000 }
|
|
||||||
H2 { color: #000000 }
|
H2 { color: #000000 }
|
||||||
DT { color: #000000 }
|
DT { color: #000000 }
|
||||||
DD { color: #000000 }
|
DD { color: #000000 }
|
||||||
|
@ -26,12 +25,8 @@
|
||||||
<BODY LANG="en-GB" TEXT="#000000" DIR="LTR">
|
<BODY LANG="en-GB" TEXT="#000000" DIR="LTR">
|
||||||
<H1>Assurance Policy for CAcert Community Members</H1>
|
<H1>Assurance Policy for CAcert Community Members</H1>
|
||||||
<P><A HREF="PolicyOnPolicy.html"><IMG SRC="Images/cacert-wip.png" NAME="graphics1" ALT="CAcert Policy Status" ALIGN=BOTTOM WIDTH=90 HEIGHT=33 BORDER=0></A>
|
<P><A HREF="PolicyOnPolicy.html"><IMG SRC="Images/cacert-wip.png" NAME="graphics1" ALT="CAcert Policy Status" ALIGN=BOTTOM WIDTH=90 HEIGHT=33 BORDER=0></A>
|
||||||
<BR>
|
<BR>Author: Ian Grigg<BR>Creation date: 2008-05-30<BR>Status: WIP
|
||||||
Author: Ian Grigg<BR>
|
2008-05-30<BR>Next status: DRAFT June 2008
|
||||||
Creation date: 2008-05-30<BR>
|
|
||||||
Status: WIP
|
|
||||||
2008-05-30<BR>
|
|
||||||
Next status: DRAFT June 2008
|
|
||||||
</P>
|
</P>
|
||||||
<H2>0. Preamble</H2>
|
<H2>0. Preamble</H2>
|
||||||
<P>Definitions of terms:
|
<P>Definitions of terms:
|
||||||
|
@ -54,7 +49,7 @@ Next status: DRAFT June 2008
|
||||||
</DD><DT>
|
</DD><DT>
|
||||||
<EM>Name</EM>
|
<EM>Name</EM>
|
||||||
</DT><DD>
|
</DT><DD>
|
||||||
A Name is the full name of an individual: first name(s), family
|
A Name is the full name of an individual: first name(s), family
|
||||||
name(s), name extensions, abbreviation of name(s), etc. The Name is
|
name(s), name extensions, abbreviation of name(s), etc. The Name is
|
||||||
technically spoken a string exactly taken from a governmental issued
|
technically spoken a string exactly taken from a governmental issued
|
||||||
photo ID.
|
photo ID.
|
||||||
|
@ -71,7 +66,7 @@ The CAcert Web of Trust</H3>
|
||||||
<P>Each Assurance claims a number of Assurance Points, applied to the
|
<P>Each Assurance claims a number of Assurance Points, applied to the
|
||||||
assured Member or Member prospect. By combining the Assurances, and
|
assured Member or Member prospect. By combining the Assurances, and
|
||||||
the Assurance Points, CAcert constructs a global <EM>Web-of-Trust</EM>
|
the Assurance Points, CAcert constructs a global <EM>Web-of-Trust</EM>
|
||||||
or "WoT".
|
or "WoT".
|
||||||
</P>
|
</P>
|
||||||
<P>CAcert explicitly chooses to meet its various goals by
|
<P>CAcert explicitly chooses to meet its various goals by
|
||||||
construction of a Web-of-Trust of all Members. This is done by
|
construction of a Web-of-Trust of all Members. This is done by
|
||||||
|
@ -85,7 +80,7 @@ high-level objective of the Assurance process.
|
||||||
Handbook</A>. The policy is controlled by Configuration Control
|
Handbook</A>. The policy is controlled by Configuration Control
|
||||||
Specification (<A HREF="http://wiki.cacert.org/wiki/PolicyDrafts/ConfigurationControlSpecification" TARGET="_blank">CCS</A>)
|
Specification (<A HREF="http://wiki.cacert.org/wiki/PolicyDrafts/ConfigurationControlSpecification" TARGET="_blank">CCS</A>)
|
||||||
under Policy on Policy (<A HREF="http://www.cacert.org/policy/PolicyOnPolicy.php" TARGET="_blank">PoP</A>)
|
under Policy on Policy (<A HREF="http://www.cacert.org/policy/PolicyOnPolicy.php" TARGET="_blank">PoP</A>)
|
||||||
policy document regime. <BR>Because Assurance is an active area, much
|
policy document regime.<BR>Because Assurance is an active area, much
|
||||||
of the practice is handed over to the Assurance Handbook, which is
|
of the practice is handed over to the Assurance Handbook, which is
|
||||||
not a controlled policy document, and can more easily respond to
|
not a controlled policy document, and can more easily respond to
|
||||||
experience and circumstances. It is also more readable.
|
experience and circumstances. It is also more readable.
|
||||||
|
@ -150,7 +145,7 @@ individual. Names in an ID can differ, so a CAcert account can have
|
||||||
more <FONT COLOR="#000000"><STRIKE>as</STRIKE></FONT><FONT COLOR="#000000"><SPAN STYLE="text-decoration: none">
|
more <FONT COLOR="#000000"><STRIKE>as</STRIKE></FONT><FONT COLOR="#000000"><SPAN STYLE="text-decoration: none">
|
||||||
than</SPAN></FONT> one Name.<BR>The technical form of a Name is a
|
than</SPAN></FONT> one Name.<BR>The technical form of a Name is a
|
||||||
string of characters. Each Name should be exactly copied once from a
|
string of characters. Each Name should be exactly copied once from a
|
||||||
governmental-issued photo ID. </P>
|
governmental-issued photo ID.</P>
|
||||||
<H3>Multiple Names</H3>
|
<H3>Multiple Names</H3>
|
||||||
<P>A Member can have multiple individual names. For example, married
|
<P>A Member can have multiple individual names. For example, married
|
||||||
name, variations of initials of first or middle names, abbreviation
|
name, variations of initials of first or middle names, abbreviation
|
||||||
|
@ -158,8 +153,8 @@ of a first name, different language or country variations and
|
||||||
transliterations of characters in a name. Each individual Name
|
transliterations of characters in a name. Each individual Name
|
||||||
originating from a governmental ID must be assured to the applicable
|
originating from a governmental ID must be assured to the applicable
|
||||||
level of 50 Assurance Points before the (comparable) name can be used
|
level of 50 Assurance Points before the (comparable) name can be used
|
||||||
as Common Name in a certificate. </P>
|
as Common Name in a certificate.</P>
|
||||||
<H3>Comparison of names</H3>
|
<H3>Comparison of names</H3>
|
||||||
<P><A HREF="http://en.wikipedia.org/wiki/Transliteration" TARGET="_blank">Transliteration</A>
|
<P><A HREF="http://en.wikipedia.org/wiki/Transliteration" TARGET="_blank">Transliteration</A>
|
||||||
of characters as defined in the transliteration character table (<A HREF="http://svn.cacert.org/CAcert/Policies/transtab.utf" TARGET="_blank">UTF
|
of characters as defined in the transliteration character table (<A HREF="http://svn.cacert.org/CAcert/Policies/transtab.utf" TARGET="_blank">UTF
|
||||||
Transtab</A>) for names is permitted, but the result must be 7-bit
|
Transtab</A>) for names is permitted, but the result must be 7-bit
|
||||||
|
@ -171,7 +166,7 @@ transliteration of a name makes the name less discriminative.</P>
|
||||||
name extensions in the name of an individual to one character and the
|
name extensions in the name of an individual to one character and the
|
||||||
dot indicating the abbreviation, is permitted. If the first given
|
dot indicating the abbreviation, is permitted. If the first given
|
||||||
name in the ID document is abbreviated, the first given name in the
|
name in the ID document is abbreviated, the first given name in the
|
||||||
web account Name may be abbreviated. Abbreviation of a name
|
web account Name may be abbreviated. Abbreviation of a name
|
||||||
makes the name less discriminative.</P>
|
makes the name less discriminative.</P>
|
||||||
<P>Titles and name extensions in the name of an individual may be
|
<P>Titles and name extensions in the name of an individual may be
|
||||||
omitted.</P>
|
omitted.</P>
|
||||||
|
@ -180,24 +175,31 @@ for</STRIKE></FONT><FONT COLOR="#000000"> pursue</FONT> a highly
|
||||||
discriminative assured Name. The ambition is to have a Name in the
|
discriminative assured Name. The ambition is to have a Name in the
|
||||||
account with no abbreviation(s), no transliteration and case
|
account with no abbreviation(s), no transliteration and case
|
||||||
<FONT COLOR="#000000"><STRIKE>sensitive </STRIKE></FONT><FONT COLOR="#000000">sensitivity</FONT>.</P>
|
<FONT COLOR="#000000"><STRIKE>sensitive </STRIKE></FONT><FONT COLOR="#000000">sensitivity</FONT>.</P>
|
||||||
|
<H3>Names on the certificate issued by CAcert</H3>
|
||||||
|
<P>The Certificate Implementation Policy (<A HREF="http://svn.cacert.org/CAcert/Policies/CertificateImplementationPolicy.html" TARGET="_blank">CIP</A>)
|
||||||
|
will define the fields added by CAcert on the issued certificate on
|
||||||
|
request of the Member.</P>
|
||||||
<P>The Common Name and related certificate fields in the issued
|
<P>The Common Name and related certificate fields in the issued
|
||||||
certificate is dependent on the assurance of the Name in the web
|
certificate is dependent on the assurance of the Name in the web
|
||||||
account. Abbreviation and transliteration handling in the CN is
|
account. Abbreviation and transliteration handling in the CN is
|
||||||
defined in the Certificate Implementation Policy (<A HREF="http://svn.cacert.org/CAcert/Policies/CertificateImplementationPolicy.html" TARGET="_blank">CIP</A>)
|
defined in the Certificate Implementation Policy and is similar to
|
||||||
and is similar to the name comparison as defined in this policy.
|
the name comparison as defined in this policy. However the Common
|
||||||
However the Common Name may become less discriminative <FONT COLOR="#000000"><STRIKE>as</STRIKE></FONT><FONT COLOR="#000000">
|
Name may become less discriminative <FONT COLOR="#000000"><STRIKE>as</STRIKE></FONT><FONT COLOR="#000000">
|
||||||
than</FONT> the assured Name as the unique certificate serial number
|
than</FONT> the assured Name as the unique certificate serial number
|
||||||
will lead to the account of the individual in a unique way, and in
|
will lead to the account of the individual in a unique way, and in
|
||||||
this way to the Name and email address of the individual or
|
this way to the Name and email address of the individual or
|
||||||
organisation. The first given name in the Common Name may be
|
organisation. The first given name in the Common Name may be
|
||||||
abbreviated on request.</P>
|
abbreviated on request.</P>
|
||||||
|
<P>The certificate issued by CAcert can have on request of the Member
|
||||||
|
the SubjAltName field. The name as defined by the Member is not
|
||||||
|
checked by CAcert.</P>
|
||||||
<TABLE BORDER=1 CELLPADDING=2 CELLSPACING=0>
|
<TABLE BORDER=1 CELLPADDING=2 CELLSPACING=0>
|
||||||
<TR>
|
<TR>
|
||||||
<TH WIDTH=25%>
|
<TH WIDTH=25%>
|
||||||
<P><I>name on the ID</I></P>
|
<P><I>name on the ID</I></P>
|
||||||
</TH>
|
</TH>
|
||||||
<TH WIDTH=25%>
|
<TH WIDTH=25%>
|
||||||
<P><I>Name in the account</I></P>
|
<P><I>assured Name in the account</I></P>
|
||||||
</TH>
|
</TH>
|
||||||
<TH WIDTH=25%>
|
<TH WIDTH=25%>
|
||||||
<P><I>name in the certificate request</I></P>
|
<P><I>name in the certificate request</I></P>
|
||||||
|
@ -208,16 +210,16 @@ abbreviated on request.</P>
|
||||||
</TR>
|
</TR>
|
||||||
<TR>
|
<TR>
|
||||||
<TD>
|
<TD>
|
||||||
<P>Maria Kate Marvel-Java sr</P>
|
<P>Maria Kate Märvel-Java sr</P>
|
||||||
</TD>
|
</TD>
|
||||||
<TD>
|
<TD>
|
||||||
<P>Maria K. Marvel-Java</P>
|
<P>Maria K. Maervel-Java</P>
|
||||||
</TD>
|
</TD>
|
||||||
<TD>
|
<TD>
|
||||||
<P>M. K. Marvel-Java</P>
|
<P>M. K. Märvel-Java</P>
|
||||||
</TD>
|
</TD>
|
||||||
<TD>
|
<TD>
|
||||||
<P>Maria K. Marvel-Java</P>
|
<P>Maria K. Maervel-Java</P>
|
||||||
</TD>
|
</TD>
|
||||||
</TR>
|
</TR>
|
||||||
<TR>
|
<TR>
|
||||||
|
@ -239,7 +241,7 @@ abbreviated on request.</P>
|
||||||
<P>Moeria Koete v. Java</P>
|
<P>Moeria Koete v. Java</P>
|
||||||
</TD>
|
</TD>
|
||||||
<TD>
|
<TD>
|
||||||
<P>Möria Kœté von Java</P>
|
<P>Möria Kœté von Java</P>
|
||||||
</TD>
|
</TD>
|
||||||
<TD>
|
<TD>
|
||||||
<P>Möria K. v. Java</P>
|
<P>Möria K. v. Java</P>
|
||||||
|
@ -283,7 +285,7 @@ Examples of names in different contexts</FONT></P>
|
||||||
type (title, first given name, secondary given name(s),
|
type (title, first given name, secondary given name(s),
|
||||||
middlename(s), family name, and/or name extensions) and the Name in
|
middlename(s), family name, and/or name extensions) and the Name in
|
||||||
the web account provides the type of name field attribute, this will
|
the web account provides the type of name field attribute, this will
|
||||||
be assured in the Name account administration. </STRIKE>
|
be assured in the Name account administration.</STRIKE>
|
||||||
</P>
|
</P>
|
||||||
<H3>Capabilities</H3>
|
<H3>Capabilities</H3>
|
||||||
<P>A Member has the following capabilities derived from an Assurance:
|
<P>A Member has the following capabilities derived from an Assurance:
|
||||||
|
@ -425,7 +427,7 @@ procedure and process, and is responsible for the results.
|
||||||
Assurer, and reduces any sense of power. It is also an important aid
|
Assurer, and reduces any sense of power. It is also an important aid
|
||||||
to the assurance training for future Assurers.
|
to the assurance training for future Assurers.
|
||||||
</P>
|
</P>
|
||||||
<P><EM>Evidence of Assurer status</EM> <BR>On the question of
|
<P><EM>Evidence of Assurer status</EM><BR>On the question of
|
||||||
providing evidence that one is an Assurer, CAcert Policy Statement
|
providing evidence that one is an Assurer, CAcert Policy Statement
|
||||||
(<A HREF="http://svn.cacert.org/CAcert/policy.htm#p3.2" TARGET="_blank">CPS</A>)
|
(<A HREF="http://svn.cacert.org/CAcert/policy.htm#p3.2" TARGET="_blank">CPS</A>)
|
||||||
says:<EM> "The level at which each Member is Assured is public
|
says:<EM> "The level at which each Member is Assured is public
|
||||||
|
@ -440,7 +442,7 @@ Note that, even though they are sometimes referred to as <EM>Web-of-Trust</EM>
|
||||||
(Assurance) Points, or <EM>Trust</EM> Points, the meaning of the word
|
(Assurance) Points, or <EM>Trust</EM> Points, the meaning of the word
|
||||||
'Trust' is not well defined.
|
'Trust' is not well defined.
|
||||||
</P>
|
</P>
|
||||||
<P><EM>Assurance Points Allocation.</EM> <BR>An Assurer can allocate
|
<P><EM>Assurance Points Allocation.</EM><BR>An Assurer can allocate
|
||||||
a number of Assurance Points to the Member according to the Assurer's
|
a number of Assurance Points to the Member according to the Assurer's
|
||||||
experience (Experience Point system, see below). The allocation of
|
experience (Experience Point system, see below). The allocation of
|
||||||
the maximum means that the Assurer is 100% confident in the
|
the maximum means that the Assurer is 100% confident in the
|
||||||
|
@ -462,7 +464,7 @@ information presented:
|
||||||
<P>Any lesser confidence should result in less Assurance Points for a
|
<P>Any lesser confidence should result in less Assurance Points for a
|
||||||
Name. If the Assurer has no confidence in the information presented,
|
Name. If the Assurer has no confidence in the information presented,
|
||||||
then <EM>zero </EM>Assurance Points may be allocated by the
|
then <EM>zero </EM>Assurance Points may be allocated by the
|
||||||
Assurer. For example, this may happen if the identity documents
|
Assurer. For example, this may happen if the identity documents
|
||||||
are totally unfamiliar to the Assurer. The number of Assurance Points
|
are totally unfamiliar to the Assurer. The number of Assurance Points
|
||||||
from <EM>zero</EM> to <EM>maximum </EM>is guided by the Assurance
|
from <EM>zero</EM> to <EM>maximum </EM>is guided by the Assurance
|
||||||
Handbook and the judgement of the Assurer.
|
Handbook and the judgement of the Assurer.
|
||||||
|
@ -487,7 +489,7 @@ times.
|
||||||
Points per Name. This means that to reach 50 Assurance Points
|
Points per Name. This means that to reach 50 Assurance Points
|
||||||
(certificate with a Name), a Member must have been assured at least
|
(certificate with a Name), a Member must have been assured at least
|
||||||
once. To reach 100 Assurance Points, at least one Name of the Member
|
once. To reach 100 Assurance Points, at least one Name of the Member
|
||||||
must have been assured at least twice. </STRIKE>
|
must have been assured at least twice.</STRIKE>
|
||||||
</P>
|
</P>
|
||||||
<H3>Experience Points</H3>
|
<H3>Experience Points</H3>
|
||||||
<P>The maximum number of Assurance Points that may be awarded by an
|
<P>The maximum number of Assurance Points that may be awarded by an
|
||||||
|
@ -555,7 +557,7 @@ Assurer is determined by the Experience Points of the Assurer.
|
||||||
</TABLE>
|
</TABLE>
|
||||||
</DL>
|
</DL>
|
||||||
<P ALIGN=LEFT STYLE="margin-bottom: 0cm"><FONT SIZE=2><I>table
|
<P ALIGN=LEFT STYLE="margin-bottom: 0cm"><FONT SIZE=2><I>table
|
||||||
Maximum of Assurance Points </I></FONT></P>
|
Maximum of Assurance Points </I></FONT></P>
|
||||||
<P ALIGN=LEFT STYLE="margin-bottom: 0cm"><BR>
|
<P ALIGN=LEFT STYLE="margin-bottom: 0cm"><BR>
|
||||||
</P>
|
</P>
|
||||||
<P>An Assurer is given a maximum of 2 Experience Points for every
|
<P>An Assurer is given a maximum of 2 Experience Points for every
|
||||||
|
@ -680,7 +682,7 @@ areas of risk.
|
||||||
<P>In addition to the Assurance or Experience Points ratings set here
|
<P>In addition to the Assurance or Experience Points ratings set here
|
||||||
in and in other policies, Assurance Officer or policies can designate
|
in and in other policies, Assurance Officer or policies can designate
|
||||||
certain applications as high risk. If so, additional measures may be
|
certain applications as high risk. If so, additional measures may be
|
||||||
added to the Assurance process that specifically address the risks. </P>
|
added to the Assurance process that specifically address the risks.</P>
|
||||||
<P>Additional measures may include additional information. Additional
|
<P>Additional measures may include additional information. Additional
|
||||||
information can be required in process of assurance:
|
information can be required in process of assurance:
|
||||||
</P>
|
</P>
|
||||||
|
|
Loading…
Reference in a new issue