ve issued certificate paragraph a bit clearer and ref to CIP policy.

git-svn-id: http://svn.cacert.org/CAcert/Policies@874 14b1bab8-4ef6-0310-b690-991c95c89dfd
2008-07-02 10:45:40 +00:00 · 2008-07-02 10:45:40 +00:00 · 194401885b
commit 194401885b
parent d16b89fa71
1 changed files with 40 additions and 38 deletions
--- a/AssurancePolicy.html
+++ b/AssurancePolicy.html
@ -1,20 +1,19 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 <HTML>
 <HEAD>
-	<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=windows-1252">
+	<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
 	<TITLE>Assurance Policy</TITLE>
-<meta name="CREATEDBY" content="Ian Grigg">
-<meta name="CREATED" content="20080530;0">
-<meta name="CHANGEDBY" content="Teus Hagen">
-<meta name="CHANGED" content="20080701;0">
-<meta name="CHANGEDBY" content="Robert Cruikshank">
-<meta name="CHANGED" content="20080702;0">
-
+	<META NAME="CREATED" CONTENT="20080530;0">
+	<META NAME="CHANGEDBY" CONTENT="Teus Hagen">
+	<META NAME="CHANGED" CONTENT="20080702;12375400">
+	<META NAME="CREATEDBY" CONTENT="Ian Grigg">
+	<META NAME="CHANGEDBY" CONTENT="Teus Hagen">
+	<META NAME="CHANGEDBY" CONTENT="Robert Cruikshank">
 	<STYLE TYPE="text/css">
 	<!--
+		P { color: #000000 }
 		TD P { color: #000000 }
 		H1 { color: #000000 }
-		P { color: #000000 }
 		H2 { color: #000000 }
 		DT { color: #000000 }
 		DD { color: #000000 }
@ -26,12 +25,8 @@
 <BODY LANG="en-GB" TEXT="#000000" DIR="LTR">
 <H1>Assurance Policy for CAcert Community Members</H1>
 <P><A HREF="PolicyOnPolicy.html"><IMG SRC="Images/cacert-wip.png" NAME="graphics1" ALT="CAcert Policy Status" ALIGN=BOTTOM WIDTH=90 HEIGHT=33 BORDER=0></A>
-<BR>
-Author: Ian Grigg<BR>
-Creation date: 2008-05-30<BR>
-Status: WIP
-2008-05-30<BR>
-Next status: DRAFT June 2008
+<BR>Author: Ian Grigg<BR>Creation date: 2008-05-30<BR>Status: WIP
+2008-05-30<BR>Next status: DRAFT June 2008 
 </P>
 <H2>0. Preamble</H2>
 <P>Definitions of terms: 
@ -54,7 +49,7 @@ Next status: DRAFT June 2008
 	</DD><DT>
 	<EM>Name</EM> 
 	</DT><DD>
-	A Name is the full name of an individual:&nbsp;first name(s), family
+	A Name is the full name of an individual: first name(s), family
 	name(s), name extensions, abbreviation of name(s), etc. The Name is
 	technically spoken a string exactly taken from a governmental issued
 	photo ID. 
@ -71,7 +66,7 @@ The CAcert Web of Trust</H3>
 <P>Each Assurance claims a number of Assurance Points, applied to the
 assured Member or Member prospect. By combining the Assurances, and
 the Assurance Points, CAcert constructs a global <EM>Web-of-Trust</EM>
-&nbsp;or &quot;WoT&quot;. 
+ or &quot;WoT&quot;. 
 </P>
 <P>CAcert explicitly chooses to meet its various goals by
 construction of a Web-of-Trust of all Members. This is done by
@ -85,7 +80,7 @@ high-level objective of the Assurance process.
 Handbook</A>. The policy is controlled by Configuration Control
 Specification (<A HREF="http://wiki.cacert.org/wiki/PolicyDrafts/ConfigurationControlSpecification" TARGET="_blank">CCS</A>)
 under Policy on Policy (<A HREF="http://www.cacert.org/policy/PolicyOnPolicy.php" TARGET="_blank">PoP</A>)
-policy document regime. <BR>Because Assurance is an active area, much
+policy document regime.<BR>Because Assurance is an active area, much
 of the practice is handed over to the Assurance Handbook, which is
 not a controlled policy document, and can more easily respond to
 experience and circumstances. It is also more readable. 
@ -150,7 +145,7 @@ individual. Names in an ID can differ, so a CAcert account can have
 more <FONT COLOR="#000000"><STRIKE>as</STRIKE></FONT><FONT COLOR="#000000"><SPAN STYLE="text-decoration: none">
 than</SPAN></FONT> one Name.<BR>The technical form of a Name is a
 string of characters. Each Name should be exactly copied once from a
-governmental-issued photo ID.&nbsp;</P>
+governmental-issued photo ID.</P>
 <H3>Multiple Names</H3>
 <P>A Member can have multiple individual names. For example, married
 name, variations of initials of first or middle names, abbreviation
@ -158,8 +153,8 @@ of a first name, different language or country variations and
 transliterations of characters in a name. Each individual Name
 originating from a governmental ID must be assured to the applicable
 level of 50 Assurance Points before the (comparable) name can be used
-as Common Name in a certificate.&nbsp;</P>
-<H3>Comparison of&nbsp;names</H3>
+as Common Name in a certificate.</P>
+<H3>Comparison of names</H3>
 <P><A HREF="http://en.wikipedia.org/wiki/Transliteration" TARGET="_blank">Transliteration</A>
 of characters as defined in the transliteration character table (<A HREF="http://svn.cacert.org/CAcert/Policies/transtab.utf" TARGET="_blank">UTF
 Transtab</A>) for names is permitted, but the result must be 7-bit
@ -171,7 +166,7 @@ transliteration of a name makes the name less discriminative.</P>
 name extensions in the name of an individual to one character and the
 dot indicating the abbreviation, is permitted. If the first given
 name in the ID document is abbreviated, the first given name in the
-web account Name may be abbreviated. &nbsp;Abbreviation of a name
+web account Name may be abbreviated.  Abbreviation of a name
 makes the name less discriminative.</P>
 <P>Titles and name extensions in the name of an individual may be
 omitted.</P>
@ -180,24 +175,31 @@ for</STRIKE></FONT><FONT COLOR="#000000"> pursue</FONT> a highly
 discriminative assured Name. The ambition is to have a Name in the
 account with no abbreviation(s), no transliteration and case
 <FONT COLOR="#000000"><STRIKE>sensitive </STRIKE></FONT><FONT COLOR="#000000">sensitivity</FONT>.</P>
+<H3>Names on the certificate issued by CAcert</H3>
+<P>The Certificate Implementation Policy (<A HREF="http://svn.cacert.org/CAcert/Policies/CertificateImplementationPolicy.html" TARGET="_blank">CIP</A>)
+will define the fields added by CAcert on the issued certificate on
+request of the Member.</P>
 <P>The Common Name and related certificate fields in the issued
 certificate is dependent on the assurance of the Name in the web
 account. Abbreviation and transliteration handling in the CN is
-defined in the Certificate Implementation Policy (<A HREF="http://svn.cacert.org/CAcert/Policies/CertificateImplementationPolicy.html" TARGET="_blank">CIP</A>)
-and is similar to the name comparison as defined in this policy.
-However the Common Name may become less discriminative <FONT COLOR="#000000"><STRIKE>as</STRIKE></FONT><FONT COLOR="#000000">
+defined in the Certificate Implementation Policy and is similar to
+the name comparison as defined in this policy. However the Common
+Name may become less discriminative <FONT COLOR="#000000"><STRIKE>as</STRIKE></FONT><FONT COLOR="#000000">
 than</FONT> the assured Name as the unique certificate serial number
 will lead to the account of the individual in a unique way, and in
 this way to the Name and email address of the individual or
 organisation. The first given name in the Common Name may be
 abbreviated on request.</P>
+<P>The certificate issued by CAcert can have on request of the Member
+ the SubjAltName field. The name as defined by the Member is not
+checked by CAcert.</P>
 <TABLE BORDER=1 CELLPADDING=2 CELLSPACING=0>
 	<TR>
 		<TH WIDTH=25%>
 			<P><I>name on the ID</I></P>
 		</TH>
 		<TH WIDTH=25%>
-			<P><I>Name in the account</I></P>
+			<P><I>assured Name in the account</I></P>
 		</TH>
 		<TH WIDTH=25%>
 			<P><I>name in the certificate request</I></P>
@ -208,16 +210,16 @@ abbreviated on request.</P>
 	</TR>
 	<TR>
 		<TD>
-			<P>Maria Kate Marvel-Java sr</P>
+			<P>Maria Kate M&auml;rvel-Java sr</P>
 		</TD>
 		<TD>
-			<P>Maria K. Marvel-Java</P>
+			<P>Maria K. Maervel-Java</P>
 		</TD>
 		<TD>
-			<P>M. K. Marvel-Java</P>
+			<P>M. K. M&auml;rvel-Java</P>
 		</TD>
 		<TD>
-			<P>Maria K. Marvel-Java</P>
+			<P>Maria K. Maervel-Java</P>
 		</TD>
 	</TR>
 	<TR>
@ -239,7 +241,7 @@ abbreviated on request.</P>
 			<P>Moeria Koete v. Java</P>
 		</TD>
 		<TD>
-			<P>M&ouml;ria K&oelig;t&eacute; von Java</P>
+			<P>M&ouml;ria Kœt&eacute; von Java</P>
 		</TD>
 		<TD>
 			<P>M&ouml;ria K. v. Java</P>
@ -283,7 +285,7 @@ Examples of names in different contexts</FONT></P>
 type (title, first given name, secondary given name(s),
 middlename(s), family name, and/or name extensions) and the Name in
 the web account provides the type of name field attribute, this will
-be assured in the Name account administration. </STRIKE>
+be assured in the Name account administration.</STRIKE>
 </P>
 <H3>Capabilities</H3>
 <P>A Member has the following capabilities derived from an Assurance:
@ -425,7 +427,7 @@ procedure and process, and is responsible for the results.
 Assurer, and reduces any sense of power. It is also an important aid
 to the assurance training for future Assurers. 
 </P>
-<P><EM>Evidence of Assurer status</EM> <BR>On the question of
+<P><EM>Evidence of Assurer status</EM><BR>On the question of
 providing evidence that one is an Assurer, CAcert Policy Statement
 (<A HREF="http://svn.cacert.org/CAcert/policy.htm#p3.2" TARGET="_blank">CPS</A>)
 says:<EM> &quot;The level at which each Member is Assured is public
@ -440,7 +442,7 @@ Note that, even though they are sometimes referred to as <EM>Web-of-Trust</EM>
 (Assurance) Points, or <EM>Trust</EM> Points, the meaning of the word
 'Trust' is not well defined. 
 </P>
-<P><EM>Assurance Points Allocation.</EM> <BR>An Assurer can allocate
+<P><EM>Assurance Points Allocation.</EM><BR>An Assurer can allocate
 a number of Assurance Points to the Member according to the Assurer's
 experience (Experience Point system, see below). The allocation of
 the maximum means that the Assurer is 100% confident in the
@ -462,7 +464,7 @@ information presented:
 <P>Any lesser confidence should result in less Assurance Points for a
 Name. If the Assurer has no confidence in the information presented,
 then <EM>zero </EM>Assurance Points may be allocated by the
-Assurer.&nbsp;For example, this may happen if the identity documents
+Assurer. For example, this may happen if the identity documents
 are totally unfamiliar to the Assurer. The number of Assurance Points
 from <EM>zero</EM> to <EM>maximum </EM>is guided by the Assurance
 Handbook and the judgement of the Assurer. 
@ -487,7 +489,7 @@ times.
 Points per Name. This means that to reach 50 Assurance Points
 (certificate with a Name), a Member must have been assured at least
 once. To reach 100 Assurance Points, at least one Name of the Member
-must have been assured at least twice. </STRIKE>
+must have been assured at least twice.</STRIKE>
 </P>
 <H3>Experience Points</H3>
 <P>The maximum number of Assurance Points that may be awarded by an
@ -555,7 +557,7 @@ Assurer is determined by the Experience Points of the Assurer.
 	</TABLE>
 </DL>
 <P ALIGN=LEFT STYLE="margin-bottom: 0cm"><FONT SIZE=2><I>table
-Maximum of Assurance Points&nbsp;</I></FONT></P>
+Maximum of Assurance Points </I></FONT></P>
 <P ALIGN=LEFT STYLE="margin-bottom: 0cm"><BR>
 </P>
 <P>An Assurer is given a maximum of 2 Experience Points for every
@ -680,7 +682,7 @@ areas of risk.
 <P>In addition to the Assurance or Experience Points ratings set here
 in and in other policies, Assurance Officer or policies can designate
 certain applications as high risk. If so, additional measures may be
-added to the Assurance process that specifically address the risks.&nbsp;</P>
+added to the Assurance process that specifically address the risks.</P>
 <P>Additional measures may include additional information. Additional
 information can be required in process of assurance: 
 </P>