|
|
@ -8,19 +8,34 @@
|
|
|
|
</title>
|
|
|
|
</title>
|
|
|
|
</head>
|
|
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<body>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
|
|
|
|
<center>
|
|
|
|
|
|
|
|
<big>
|
|
|
|
|
|
|
|
<br><b>WARNING:</b><br>
|
|
|
|
|
|
|
|
The proper policy document is located<br>
|
|
|
|
|
|
|
|
<a href="http://www.cacert.org/policy/OrganisationAssurancePolicy.php">
|
|
|
|
|
|
|
|
on the CAcert website </a>.<br>
|
|
|
|
|
|
|
|
</big></b>
|
|
|
|
|
|
|
|
This document is a working draft to include<br>
|
|
|
|
|
|
|
|
future revisions only, and is currently<br>
|
|
|
|
|
|
|
|
only relevant for the [policy] group.<br>
|
|
|
|
|
|
|
|
</center>
|
|
|
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h1>
|
|
|
|
<h1>
|
|
|
|
Organisation Assurance Policy
|
|
|
|
Organisation Assurance Policy
|
|
|
|
</h1>
|
|
|
|
</h1>
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
<a href="../PolicyOnPolicy.html"><img src="../cacert-draft.png" alt="CAcert Draft" height="31" width="88" style="border-style: none;" /> </a><br />
|
|
|
|
<a href="../PolicyOnPolicy.html"><img src="../cacert-draft.png" alt="CAcert Draft" height="31" width="88" style="border-style: none;" /> </a><br />
|
|
|
|
|
|
|
|
Document: OAP COD11<br />
|
|
|
|
Author: Jens Paul<br />
|
|
|
|
Author: Jens Paul<br />
|
|
|
|
Creation date: 2007-09-18<br />
|
|
|
|
Creation date: 2007-09-18<br />
|
|
|
|
Status: DRAFT 2007-09-18<br />
|
|
|
|
Status: POLICY 2007-09-18 <a href="http://wiki.cacert.org/wiki/TopMinutes-20070917">m20070918.x </a><br />
|
|
|
|
Changed: 2008-04-01 Teus Hagen policy list vote<br />
|
|
|
|
Changed: 2008-04-01 Teus Hagen policy list vote; add advisors and board<br />
|
|
|
|
Next status: POLICY 2008<br />
|
|
|
|
Next status: POLICY 2008-4-08<br />
|
|
|
|
<!-- $Id$ -->
|
|
|
|
<!-- $Id$ -->
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
<h2> 0. Preliminaries </h2>
|
|
|
|
<h2> <a name="0">0. </a> Preliminaries </h2>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
This policy describes how Organisation Assurers ("OAs")
|
|
|
|
This policy describes how Organisation Assurers ("OAs")
|
|
|
@ -34,7 +49,7 @@ This policy is not a Controlled document, for purposes of
|
|
|
|
Configuration Control Specification ("CCS").
|
|
|
|
Configuration Control Specification ("CCS").
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h2> 1. Purpose </h2>
|
|
|
|
<h2> <a name="1"> 1. </a> Purpose </h2>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
Organisations with assured status can issue certificates
|
|
|
|
Organisations with assured status can issue certificates
|
|
|
@ -58,9 +73,9 @@ and as described in the CPS.
|
|
|
|
</li></ul>
|
|
|
|
</li></ul>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h2> 2. Roles and Structure </h2>
|
|
|
|
<h2> <a name="2"> 2. </a> Roles and Structure </h2>
|
|
|
|
|
|
|
|
|
|
|
|
<h3> 2.1 Assurance Officer </h2>
|
|
|
|
<h3> <a name="2.1"> 2.1 </a> Assurance Officer </h2>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
The Assurance Officer ("AO")
|
|
|
|
The Assurance Officer ("AO")
|
|
|
@ -78,7 +93,7 @@ The OA is appointed by the Board.
|
|
|
|
Where the OA is failing the Board decides.
|
|
|
|
Where the OA is failing the Board decides.
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h3> 2.2 Organisation Assurers </h3>
|
|
|
|
<h3> <a name="2.2"> 2.2 </a> Organisation Assurers </h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
@ -132,7 +147,7 @@ Where the OA is failing the Board decides.
|
|
|
|
|
|
|
|
|
|
|
|
</ol>
|
|
|
|
</ol>
|
|
|
|
|
|
|
|
|
|
|
|
<h3> 2.3 Assurance Advisors </h3>
|
|
|
|
<h3> <a name="2.3"> 2.3 </a> Assurance Advisors </h3>
|
|
|
|
<p>In countries/states/provinces where no OA Assurers are
|
|
|
|
<p>In countries/states/provinces where no OA Assurers are
|
|
|
|
operating for an OA Application (COAP) the OA
|
|
|
|
operating for an OA Application (COAP) the OA
|
|
|
|
can be advised by an experienced local CAcert
|
|
|
|
can be advised by an experienced local CAcert
|
|
|
@ -146,7 +161,7 @@ Where the OA is failing the Board decides.
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h3> 2.4 Organisation Administrator </h3>
|
|
|
|
<h3> <a name="2.4"> 2.4 </a> Organisation Administrator </h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
The Administrator within each Organisation ("O-Admin")
|
|
|
|
The Administrator within each Organisation ("O-Admin")
|
|
|
@ -176,9 +191,9 @@ and the issuing of certificates.
|
|
|
|
</ol>
|
|
|
|
</ol>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h2> 3. Policies </h2>
|
|
|
|
<h2> <a name="3"> 3. </a> Policies </h2>
|
|
|
|
|
|
|
|
|
|
|
|
<h3> 3.1 Policy </h3>
|
|
|
|
<h3> <a name="3.1"> 3.1 </a> Policy </h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
There is one policy being this present document,
|
|
|
|
There is one policy being this present document,
|
|
|
@ -192,7 +207,7 @@ and several subsidiary policies.
|
|
|
|
<li> Organisations are assured under an appropriate subsidiary policy. </li>
|
|
|
|
<li> Organisations are assured under an appropriate subsidiary policy. </li>
|
|
|
|
</ol>
|
|
|
|
</ol>
|
|
|
|
|
|
|
|
|
|
|
|
<h3> 3.2 Subsidiary Policies </h3>
|
|
|
|
<h3> <a name="3.2"> 3.2 </a> Subsidiary Policies </h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
The nature of the Subsidiary Policies ("SubPols"):
|
|
|
|
The nature of the Subsidiary Policies ("SubPols"):
|
|
|
@ -222,7 +237,7 @@ The nature of the Subsidiary Policies ("SubPols"):
|
|
|
|
policy approval process.
|
|
|
|
policy approval process.
|
|
|
|
</li></ol>
|
|
|
|
</li></ol>
|
|
|
|
|
|
|
|
|
|
|
|
<h3> 3.3 Freedom to Assemble </h3>
|
|
|
|
<h3> <a name="3.3"> 3.3 </a> Freedom to Assemble </h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
Subsidiary Policies are open, accessible and free to enter.
|
|
|
|
Subsidiary Policies are open, accessible and free to enter.
|
|
|
@ -255,9 +270,9 @@ Subsidiary Policies are open, accessible and free to enter.
|
|
|
|
</li></ol>
|
|
|
|
</li></ol>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h2> 4. Process </h2>
|
|
|
|
<h2> <a name="4"> 4. </a> Process </h2>
|
|
|
|
|
|
|
|
|
|
|
|
<h3> 4.1 Standard of Organisation Assurance </h2>
|
|
|
|
<h3> <a name="4.1"> 4.1 </a> Standard of Organisation Assurance </h3>
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
The essential standard of Organisation Assurance is:
|
|
|
|
The essential standard of Organisation Assurance is:
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
@ -277,7 +292,9 @@ The essential standard of Organisation Assurance is:
|
|
|
|
requestor can sign on behalf of the organisation.
|
|
|
|
requestor can sign on behalf of the organisation.
|
|
|
|
</li><li>
|
|
|
|
</li><li>
|
|
|
|
the organisation has agreed to the terms of the
|
|
|
|
the organisation has agreed to the terms of the
|
|
|
|
Registered User Agreement,
|
|
|
|
<b>
|
|
|
|
|
|
|
|
CAcert Community Agreement
|
|
|
|
|
|
|
|
</b>,
|
|
|
|
and is therefore subject to Arbitration.
|
|
|
|
and is therefore subject to Arbitration.
|
|
|
|
</li></ol>
|
|
|
|
</li></ol>
|
|
|
|
|
|
|
|
|
|
|
@ -286,7 +303,7 @@ The essential standard of Organisation Assurance is:
|
|
|
|
are stated in the SubPol.
|
|
|
|
are stated in the SubPol.
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h3> 4.2 COAP </h2>
|
|
|
|
<h3> <a name="4.2"> 4.2 </a> COAP </h2>
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
The COAP form documents the checks and the resultant
|
|
|
|
The COAP form documents the checks and the resultant
|
|
|
|
assurance results to meet the standard.
|
|
|
|
assurance results to meet the standard.
|
|
|
@ -307,7 +324,10 @@ Additional information to be provided on form:
|
|
|
|
</li><li>
|
|
|
|
</li><li>
|
|
|
|
domain name(s)
|
|
|
|
domain name(s)
|
|
|
|
</li><li>
|
|
|
|
</li><li>
|
|
|
|
Agreement with registered user agreement.
|
|
|
|
Agreement with
|
|
|
|
|
|
|
|
<b>
|
|
|
|
|
|
|
|
CAcert Community Agreement
|
|
|
|
|
|
|
|
</b>.
|
|
|
|
Statement and initials box for organsation
|
|
|
|
Statement and initials box for organsation
|
|
|
|
and also for OA.
|
|
|
|
and also for OA.
|
|
|
|
</li><li>
|
|
|
|
</li><li>
|
|
|
@ -323,7 +343,7 @@ and indication provided that the English is the
|
|
|
|
ruling language (due to Arbitration requirements).
|
|
|
|
ruling language (due to Arbitration requirements).
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h3> 4.3 Jurisdiction </h3>
|
|
|
|
<h3> <a name="4.3"> 4.3 </a> Jurisdiction </h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
Organisation Assurances are carried out by
|
|
|
|
Organisation Assurances are carried out by
|
|
|
@ -333,7 +353,9 @@ Actions carried out by OAs are under this regime.
|
|
|
|
|
|
|
|
|
|
|
|
<ol type="a"><li>
|
|
|
|
<ol type="a"><li>
|
|
|
|
The organisation has agreed to the terms of the
|
|
|
|
The organisation has agreed to the terms of the
|
|
|
|
Registered User Agreement,
|
|
|
|
<b>
|
|
|
|
|
|
|
|
CAcert Community Agreement
|
|
|
|
|
|
|
|
</b>,
|
|
|
|
</li><li>
|
|
|
|
</li><li>
|
|
|
|
The organisation, the Organisation Assurers, CAcert and
|
|
|
|
The organisation, the Organisation Assurers, CAcert and
|
|
|
|
other related parties are bound into CAcert's jurisdiction
|
|
|
|
other related parties are bound into CAcert's jurisdiction
|
|
|
@ -341,12 +363,15 @@ Actions carried out by OAs are under this regime.
|
|
|
|
</li><li>
|
|
|
|
</li><li>
|
|
|
|
The OA is responsible for ensuring that the
|
|
|
|
The OA is responsible for ensuring that the
|
|
|
|
organisation reads, understands, intends and
|
|
|
|
organisation reads, understands, intends and
|
|
|
|
agrees to the registered user agreement.
|
|
|
|
agrees to the
|
|
|
|
|
|
|
|
<b>
|
|
|
|
|
|
|
|
CAcert Community Agreement
|
|
|
|
|
|
|
|
</b>.
|
|
|
|
This OA responsibility should be recorded on COAP
|
|
|
|
This OA responsibility should be recorded on COAP
|
|
|
|
(statement and initials box).
|
|
|
|
(statement and initials box).
|
|
|
|
</li></ol>
|
|
|
|
</li></ol>
|
|
|
|
|
|
|
|
|
|
|
|
<h2> 5. Exceptions </h2>
|
|
|
|
<h2> <a name="5"> 5. </a> Exceptions </h2>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ol type="a"><li>
|
|
|
|
<ol type="a"><li>
|
|
|
|