URL improvements and naming consistancy.
git-svn-id: http://svn.cacert.org/CAcert/Policies@869 14b1bab8-4ef6-0310-b690-991c95c89dfdpull/1/head
parent
02443f1f3b
commit
6ea53b7249
@ -1,490 +1,555 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
||||
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<title>
|
||||
Assurance Policy
|
||||
</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>
|
||||
Assurance Policy for CAcert Community Members
|
||||
</h1>
|
||||
<p>
|
||||
<a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
|
||||
Editor: iang ? <br />
|
||||
Creation date: 2008-05-30<br />
|
||||
Status: WIP 2008-06-19<br />
|
||||
Next status: DRAFT June 2008<br />
|
||||
<!-- $Id: AssurancePolicy.html 772 2008-06-02 13:46:20Z teus $ -->
|
||||
</p>
|
||||
|
||||
|
||||
<h2 >0. Preamble</h2>
|
||||
|
||||
<p >
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Assurance Policy</title>
|
||||
|
||||
</head>
|
||||
<body>
|
||||
<h1> Assurance Policy for CAcert Community Members<br>
|
||||
</h1>
|
||||
<p>
|
||||
<a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Policy Status" style="border-style: none;" height="31" width="88"></a><br>
|
||||
Author: Ian Grigg<br>
|
||||
Creation date: 2008-05-30<br>
|
||||
Status: WIP 2008-05-30<br>
|
||||
Next status: DRAFT June 2008<br>
|
||||
<br>
|
||||
</p>
|
||||
<h2>0. Preamble</h2>
|
||||
<p>
|
||||
Definitions of terms:
|
||||
</p>
|
||||
<dl>
|
||||
<dt><em>Assurance</em></dt>
|
||||
<dd>Assurance is the process by which a Member of CAcert Community (Assurer) identifies an individual (Assuree).
|
||||
<dd>Assurance is the process by which a Member of CAcert
|
||||
Community (Assurer) identifies an individual (Assuree).
|
||||
<br>
|
||||
With sufficient assurances, a Member may (a) issue certificates with their Names included, (b) participate in assuring others, and (c) other related activities.
|
||||
The strength of these activities is based on the strength of the assurance.
|
||||
</dd>
|
||||
With sufficient assurances, a Member may (a) issue certificates with
|
||||
their Names included, (b) participate in assuring others, and (c) other
|
||||
related activities.
|
||||
The strength of these activities is based on the strength of the
|
||||
assurance. </dd>
|
||||
<dt><em>Member</em></dt>
|
||||
<dd>An individual who has agreed to the CAcert Community agreement and has created successfully a CAcert (web)account on http://www.cacert.org.
|
||||
<dt><em>Name</em></dt>
|
||||
<dd>A Name is the full name (first name(s), family name(s), name extensions,abreviation of name(s), etc.) of an individual.
|
||||
<dd>An individual who has agreed to the
|
||||
CAcert Community Agreement (CCA) and has created successfully a CAcert
|
||||
(web)account on http://www.cacert.org.
|
||||
</dd>
|
||||
<dt><em>Name</em></dt>
|
||||
<dd>A Name is the full name (first
|
||||
name(s), family name(s), name extensions,abreviation of name(s), etc.)
|
||||
of an individual. The Name is technically spoken a string exactly taken
|
||||
from a governemental issued photo ID. Transliteration of characters to
|
||||
a character table defined by CAcert is permitted. </dd>
|
||||
<dt><em>Secondary Distinguishing Feature</em> (DoB)</dt>
|
||||
<dd>A Name for an individual is discrimated from similar full names by a secondary distinguished feature, as recorded on the on-line CAcert (web) account.
|
||||
<dd>A Name for
|
||||
an individual is discrimated from similar full names by a secondary
|
||||
distinguished feature, as recorded on the on-line CAcert (web) account.
|
||||
Currently this is the date of birth (DoB) of the individual.
|
||||
</dd>
|
||||
</dl>
|
||||
<p >
|
||||
|
||||
<h3 >The CAcert Web of Trust</h3>
|
||||
|
||||
<p >
|
||||
Each assurance claims a number of Assurance Points, applied to the assured Member or Member prospect.
|
||||
By combining the assurances, and the Assurance Points, CAcert constructs a global <em>Web of Trust</em> ("WoT").
|
||||
<p >
|
||||
CAcert explicitly chooses to meet its various goals by construction of a web-of-trust of all Members.
|
||||
This is done by face-to-face meeting, identifying and sharing claims in a network.
|
||||
Maintaining a sufficient strength for the web-of-trust is a high-level objective of the Assurance process.
|
||||
<p >
|
||||
|
||||
|
||||
<h3 >Related Documentation</h3>
|
||||
|
||||
<p >
|
||||
Documentation on Assurance is split between this Assurance Policy (AP) and the <a href="/wiki/AssuranceHandbook2">Assurance Handbook</a>.
|
||||
The policy is controlled by <a href="/wiki/PolicyDrafts/ConfigurationControlSpecification">Configuration Control Specification (CCS)</a> under <a class="http" href="http://www.cacert.org/policy/PolicyOnPolicy.php">Policy of Policy (PoP)</a> policy documents.
|
||||
<p>
|
||||
</p>
|
||||
<h3>The CAcert Web of Trust</h3>
|
||||
<p>
|
||||
Each assurance claims a number of Assurance Points, applied to the
|
||||
assured Member or Member prospect.
|
||||
By combining the assurances, and the Assurance Points, CAcert
|
||||
constructs a global <em>Web of Trust</em> ("WoT"). </p>
|
||||
<p>CAcert explicitly chooses to meet its various goals by
|
||||
construction of a web-of-trust of all Members.
|
||||
This is done by face-to-face meeting, identifying and sharing claims in
|
||||
a network.
|
||||
Maintaining a sufficient strength for the web-of-trust is a high-level
|
||||
objective of the Assurance process. </p>
|
||||
<p></p>
|
||||
<h3>Related Documentation</h3>
|
||||
<p>
|
||||
Documentation on Assurance is split between this Assurance Policy (AP)
|
||||
and the <a target="_blank" href="http://wiki.cacert.org/wiki/AssuranceHandbook2">Assurance
|
||||
Handbook</a>.
|
||||
The policy is controlled by Configuration Control Specification (<a target="_blank" href="http://wiki.cacert.org/wiki/PolicyDrafts/ConfigurationControlSpecification">CCS</a>) under Policy on Policy (<a target="_blank" class="http" href="http://www.cacert.org/policy/PolicyOnPolicy.php">PoP</a>) policy documents.
|
||||
<br>
|
||||
Because Assurance is an active area, much of the practice is handed over to the Assurance Handbook, which is not a controlled document, and can more easily respond to experience and circumstances.
|
||||
It is also more readable.
|
||||
<p >
|
||||
See also <a class="http" href="http://www.cacert.org/policy/OrganisationAssurancePolicy.php">Organisation Assurance Policy (OAP)</a> and <a class="http" href="http://svn.cacert.org/CAcert/policy.htm">CAcert Policy Statement (CPS)</a>.
|
||||
<p >
|
||||
|
||||
|
||||
<h2 >1. Purpose</h2>
|
||||
|
||||
<p >
|
||||
The purpose of Assurance is to add confidence in the Assurance Statement made of a Member by the CAcert Community.
|
||||
<p >
|
||||
|
||||
<h3 >The Assurance Statement</h3>
|
||||
|
||||
<p >
|
||||
Because Assurance is an active area, much of the practice is handed
|
||||
over to the Assurance Handbook, which is not a controlled document, and
|
||||
can more easily respond to experience and circumstances.
|
||||
It is also more readable. </p>
|
||||
<p>See also Organisation Assurance Policy (<a target="_blank" class="http" href="http://www.cacert.org/policy/OrganisationAssurancePolicy.php">OAP</a>) and CAcert Policy Statement (<a target="_blank" class="http" href="http://svn.cacert.org/CAcert/policy.htm">CPS</a>). </p>
|
||||
<p></p>
|
||||
<h2>1. Purpose</h2>
|
||||
<p>
|
||||
The purpose of Assurance is to add confidence in the Assurance
|
||||
Statement made of a Member by the CAcert Community. </p>
|
||||
<p></p>
|
||||
<h3>The Assurance Statement</h3>
|
||||
<p>
|
||||
The following claims can be made about a person who is assured:
|
||||
</p>
|
||||
<ol type="1">
|
||||
<li> The person is a bona fide Member.
|
||||
In other words, the person is a member of the CAcert community, as defined by the CAcert Community Agreement (CCA).
|
||||
</li>
|
||||
<li> The Member has a (login) (web)Account with CAcert's on-line registration and service system.
|
||||
</li>
|
||||
<li> The Member can be determined from any certificate issued by the Account.
|
||||
</li>
|
||||
<li> The Member is bound into CAcert's Arbitration (as defined by the CCA).
|
||||
</li>
|
||||
<li> Some personal details of the Member (Name(s), primary and other listed email address(es), Secondary Distinguishing Feature (e.g., DoB)) are known to CAcert.
|
||||
</li></ol>
|
||||
<p >
|
||||
The confidence level of the Assurance Statement is expressed by the Assurance Points.
|
||||
<p >
|
||||
|
||||
|
||||
<h3 >Relying Party Statement</h3>
|
||||
|
||||
<p >
|
||||
The primary goal of the Assurance Statement is to meet the needs of the <em>Relying Party Statement</em>, which latter is found in the Certification Practice Statement (<a class="http" href="http://svn.cacert.org/CAcert/policy.htm">CPS</a>) for the express purpose of certificates.
|
||||
<p >
|
||||
When a certificate is issued, some or all of the Assurance Statement may be incorporated (e.g., name) or implied (e.g., Membership or status) into the certificate and be part of the <em>Relying Party Statement</em>.
|
||||
In short, this means that other Members of the Community may rely on the information verified by Assurance and found in the certificate.
|
||||
<p >
|
||||
In particular, certificates are sometimes considered to provide reliable indications of the Member's Name.
|
||||
The nature of Assurance, the number of Assurance Points, and other policies and processes should be understood as limitations on any reliance.
|
||||
<p >
|
||||
|
||||
<h2 >2. The Member</h2>
|
||||
|
||||
<p >
|
||||
|
||||
<h3 >Name(s)</h3>
|
||||
|
||||
|
||||
<p >
|
||||
The general standard is that the individual name of the Member is as written on a government-issued Identity (photo) document.
|
||||
<p >
|
||||
<em>For more details see the <a href="/wiki/PolicyDrafts/PolicyOnNames">PolicyDrafts/PolicyOnNames</a>, where the discussion is carried on.
|
||||
This page will be copied into here when the discussion is complete.</em>
|
||||
<p >
|
||||
|
||||
In other words, the person is a member of the CAcert community, as
|
||||
defined by the CAcert Community Agreement (CCA).
|
||||
</li>
|
||||
<li> The Member has a (login) (web)Account with CAcert's
|
||||
on-line registration and service system. </li>
|
||||
<li> The Member can be determined from any certificate issued
|
||||
by the Account. </li>
|
||||
<li> The Member is bound into CAcert's Arbitration (as defined
|
||||
by the CCA).</li>
|
||||
<li> Some personal details of the Member (Name(s), primary and
|
||||
other
|
||||
listed email address(es), secundary distinguished feature (eg DoB)) are
|
||||
known to CAcert. </li>
|
||||
</ol>
|
||||
<p>The confidence level of the Assurance Statement is expressed
|
||||
by the Assurance Points. </p>
|
||||
<p></p>
|
||||
<h3>Relying Party Statement</h3>
|
||||
<p>
|
||||
The primary goal of the Assurance Statement is to meet the needs of the
|
||||
<em>Relying Party Statement</em>, which latter is found in
|
||||
the Certification Practice Statement (<a target="_blank" class="http" href="http://svn.cacert.org/CAcert/policy.htm">CPS</a>)
|
||||
for the express purpose of certificates. </p>
|
||||
<p>When a certificate is issued, some or all of the Assurance
|
||||
Statement
|
||||
may be incorporated (e.g., name) or implied (e.g., Membership or
|
||||
status) into the certificate and be part of the <em>Relying
|
||||
Party Statement</em>.
|
||||
In short, this means that other Members of the Community may rely on
|
||||
the information verified by Assurance and found in the certificate. </p>
|
||||
<p>In particular, certificates are sometimes considered to
|
||||
provide
|
||||
reliable indications of the Member's Name.
|
||||
The nature of Assurance, the number of Assurance Points, and other
|
||||
policies and processes should be understood as limitations on any
|
||||
reliance. </p>
|
||||
<p></p>
|
||||
<h2>2. The Member</h2>
|
||||
<p>
|
||||
The technical form of a Name is a string of characters. It should be exactly copied from a governemental-issued photo ID. Transliteration of characters to a character table defined by Assurance Officer is permitted.
|
||||
</p>
|
||||
|
||||
<h3>Name(s)</h3>
|
||||
<p>
|
||||
The general standard is that the individual name of the Member is as
|
||||
written on a government-issued Identity (photo) document. </p>
|
||||
<p><em>For more details see the <a target="_blank" href="http://wiki.cacert.org/wiki/PolicyDrafts/PolicyOnNames">Policy
|
||||
Drafts Policy On Names</a>, where the discussion is carried on.
|
||||
This page will be copied into here when the discussion is complete.</em>
|
||||
</p>
|
||||
<p></p>
|
||||
<p> The technical form of a Name is a string of characters. It
|
||||
should be exactly copied from a governemental-issued photo ID.
|
||||
Transliteration of characters to a character table defined by Assurance
|
||||
Officer is permitted.
|
||||
</p>
|
||||
<strong>Multiple Names</strong>
|
||||
<br>
|
||||
A Member may have multiple individual Names.
|
||||
For example, married name, variations of initials of first or middle names, abbreviation of a first name, different language or country variations and transliterations of characters in a name.
|
||||
For example, married name, variations of initials of first or middle
|
||||
names, abbreviation of a first name, different language or country
|
||||
variations and transliterations of characters in a name.
|
||||
Each individual Name must be assured to the applicable level.
|
||||
That is, each Name to 50 Assurance Points to be used in a certificate.
|
||||
<br>
|
||||
For an Assurer at least one Name must have at least to 100 Assurance Points.
|
||||
<p >
|
||||
|
||||
<h3 >Capabilities</h3>
|
||||
|
||||
<p >
|
||||
For an Assurer at least one Name must have at least to 100 Assurance
|
||||
Points.
|
||||
<p></p>
|
||||
<h3>Capabilities</h3>
|
||||
<p>
|
||||
A Member has the following capabilities derived from Assurance:
|
||||
<div><table border=1 cellspacing=0 cellpadding=5><tbody>
|
||||
<caption align=bottom>Assurance Capability table</caption>
|
||||
<tr align=left>
|
||||
<td width=10%><em>Minimum Assurance Points</em></td>
|
||||
<td width=25%><em>Capability</em></td>
|
||||
<td width=65%><em>Comment</em></td>
|
||||
</p>
|
||||
<div>
|
||||
<table border="1" cellpadding="5" cellspacing="0">
|
||||
<tbody>
|
||||
</tbody><caption align="bottom">Assurance
|
||||
Capability table</caption>
|
||||
<tbody>
|
||||
<tr align="left">
|
||||
<td width="10%"><em>Minimum Assurance Points</em></td>
|
||||
<td width="25%"><em>Capability</em></td>
|
||||
<td width="65%"><em>Comment</em></td>
|
||||
</tr>
|
||||
<tr align=left valign=top>
|
||||
<td align=center>0</td>
|
||||
<td>request un-named certificates</td>
|
||||
<td>although the Member's details are recorded in the account, they are not highly assured.</td>
|
||||
<tr align="left" valign="top">
|
||||
<td align="center">0</td>
|
||||
<td>request un-named certificates</td>
|
||||
<td>although the Member's details are recorded in the
|
||||
account, they are not highly assured.</td>
|
||||
</tr>
|
||||
<tr align=left valign=top>
|
||||
<td align=center>50</td>
|
||||
<td>request named certificates</td>
|
||||
<td>the name and Assurance Statement is assured to 50 Assurance Points or more</td>
|
||||
<tr align="left" valign="top">
|
||||
<td align="center">50</td>
|
||||
<td>request named certificates</td>
|
||||
<td>the name and Assurance Statement is assured to 50
|
||||
Assurance Points or more</td>
|
||||
</tr>
|
||||
<tr align=left valign=top>
|
||||
<td align=center>100</td>
|
||||
<td>become an Assurer</td>
|
||||
<td>assured to 100 Assurance Points or more, and other requirements listed below</td>
|
||||
<tr align="left" valign="top">
|
||||
<td align="center">100</td>
|
||||
<td>become an Assurer</td>
|
||||
<td>assured to 100 Assurance Points or more, and other
|
||||
requirements listed below</td>
|
||||
</tr>
|
||||
</tbody></table></div>
|
||||
|
||||
<p >
|
||||
The CAcert Policy Statement (CPS) and other policies may list other capabilities that rely on Assurance Points.
|
||||
<p >
|
||||
|
||||
<h2 >3. The Assurer</h2>
|
||||
|
||||
<p >
|
||||
An Assurer is a Member with the following: <ul>
|
||||
<li>is assured to a minimum of 100 Assurance Points,
|
||||
</li>
|
||||
<li>has passed the Assurer Challenge.
|
||||
</li></ul>
|
||||
<p >
|
||||
The Assurer Challenge is administered by the Education Team on behalf of the Assurance Officer.
|
||||
<p >
|
||||
|
||||
<h3 >The Obligations of the Assurer</h3>
|
||||
|
||||
<p >
|
||||
The Assurer is obliged to: <ul>
|
||||
<li>Follow this Assurance Policy;
|
||||
</li>
|
||||
<li>Follow any additional rules of detail laid out by the Assurance Officer;
|
||||
</li>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
<p>
|
||||
The CAcert Policy Statement (CPS) and other policies may list other
|
||||
capabilities that rely on Assurance Points. </p>
|
||||
<p></p>
|
||||
<h2>3. The Assurer</h2>
|
||||
<p>
|
||||
An Assurer is a Member with the following: </p>
|
||||
<ul>
|
||||
<li>is assured to a minimum of 100 Assurance Points, </li>
|
||||
<li>has passed the Assurer Challenge. </li>
|
||||
</ul>
|
||||
<p>
|
||||
The Assurer Challenge is administered by the Education Team on behalf
|
||||
of the Assurance Officer. </p>
|
||||
<p></p>
|
||||
<h3>The Obligations of the Assurer</h3>
|
||||
<p>
|
||||
The Assurer is obliged to: </p>
|
||||
<ul>
|
||||
<li>Follow this Assurance Policy; </li>
|
||||
<li>Follow any additional rules of detail laid out by the
|
||||
Assurance Officer; </li>
|
||||
<li>
|
||||
<p >
|
||||
Be guided by the <a href="/wiki/AssuranceHandbook2">Assurance Handbook</a> in their judgement;
|
||||
</li>
|
||||
<li>Make a good faith effort at identifying and verifying Members;
|
||||
</li>
|
||||
<li>Maintain the documentation on each Assurance;
|
||||
</li>
|
||||
<li>Deliver documentation to Arbitration, or as otherwise directed by the Arbitrator;
|
||||
</li>
|
||||
<li>Keep up-to-date with developments within the CAcert Community.
|
||||
</li></ul>
|
||||
<p >
|
||||
|
||||
<h2 >4. The Assurance</h2>
|
||||
|
||||
<p >
|
||||
|
||||
<h3 >The Assurance Process</h3>
|
||||
|
||||
<p >
|
||||
The Assurer conducts the process of Assurance with each Member.
|
||||
<p >
|
||||
The process consists of:
|
||||
<p>Be guided by the <a target="_blank" href="http://wiki.cacert.org/wiki/AssuranceHandbook2">Assurance
|
||||
Handbook</a> in their judgement; </p>
|
||||
</li>
|
||||
<li>Make a good faith effort at identifying and verifying
|
||||
Members; </li>
|
||||
<li>Maintain the documentation on each Assurance; </li>
|
||||
<li>Deliver documentation to Arbitration, or as otherwise
|
||||
directed by the Arbitrator;
|
||||
</li>
|
||||
<li>Keep up-to-date with developments within the CAcert
|
||||
Community. </li>
|
||||
</ul>
|
||||
<p>
|
||||
</p>
|
||||
<h2>4. The Assurance</h2>
|
||||
<p>
|
||||
</p>
|
||||
<h3>The Assurance Process</h3>
|
||||
<p>
|
||||
The Assurer conducts the process of Assurance with each Member. </p>
|
||||
<p>The process consists of:
|
||||
</p>
|
||||
<ol type="1">
|
||||
<li>Voluntary agreement by both Assurer and Member or prospect Member to conduct the Assurance;
|
||||
</li>
|
||||
<li>Voluntary agreement by both Assurer and Member or prospect
|
||||
Member to conduct the Assurance; </li>
|
||||
<li>Personal meeting of Assurer and Member or prospect Member;
|
||||
</li>
|
||||
<li>Recording of essential details on CAP form (below);
|
||||
</li>
|
||||
<li>Examination of Identity documents by Assurer and verification of recorded details (Name(s) and Secondary Distinguishing Feature, e.g., DoB);
|
||||
</li>
|
||||
<li>Allocation of Assurance Points by Assurer;
|
||||
<li>Recording of essential details on CAP form (below); </li>
|
||||
<li>Examination of Identity documents by Assurer and
|
||||
verification of recorded details (Name(s) and Secondary Distinguishing
|
||||
Feature, e.g., DoB);</li>
|
||||
<li>Allocation of Assurance Points by Assurer; </li>
|
||||
<li>Optional: supervision of reciprocal Assurance made by
|
||||
Assuree (Mutual Assurance);
|
||||
</li>
|
||||
<li>Optional: supervision of reciprocal Assurance made by Assuree (Mutual Assurance);
|
||||
</li>
|
||||
<li>Safe keeping of the CAP forms by Assurer.
|
||||
</li></ol>
|
||||
<p >
|
||||
|
||||
<h3 >Mutual Assurance</h3>
|
||||
|
||||
<p >
|
||||
<li>Safe keeping of the CAP forms by Assurer. </li>
|
||||
</ol>
|
||||
<p>
|
||||
</p>
|
||||
<h3>Mutual Assurance</h3>
|
||||
<p>
|
||||
Mutual Assurance follows the principle of reciprocity.
|
||||
This means that the Assurance may be two-way, and that each member participating in the Assurance procedure should be able to show evidence of their identity to the other.
|
||||
<p >
|
||||
In the event that an Assurer is assured by a Member who is not certified as an Assurer, the Assurer supervises the Assurance procedure and process, and is responsible for the results.
|
||||
<p >
|
||||
Reciprocity maintains a balance between the (new) Member and the Assurer, and reduces any sense of power.
|
||||
It is also an important aid to the assurance training for future Assurers.
|
||||
<p >
|
||||
<em>Evidence of Assurer status</em>
|
||||
This means that the Assurance may be two-way, and that each member
|
||||
participating in the Assurance procedure should be able to show
|
||||
evidence of their identity to the other. </p>
|
||||
<p>In the event that an Assurer is assured by a Member who is not
|
||||
certified as an Assurer, the Assurer supervises the Assurance procedure
|
||||
and process, and is responsible for the results. </p>
|
||||
<p>Reciprocity maintains a balance between the (new) Member and
|
||||
the Assurer, and reduces any sense of power.
|
||||
It is also an important aid to the assurance training for future
|
||||
Assurers. </p>
|
||||
<p><em>Evidence of Assurer status</em>
|
||||
<br>
|
||||
On the question of providing evidence that one is an Assurer, <a class="http" href="http://svn.cacert.org/CAcert/policy.htm#p3.2">CAcert Policy Statement (CPS) says</a>: <em>The level at which each Member is Assured is public data. The number of Assurance Points for each Member is not published.</em>.
|
||||
<p >
|
||||
|
||||
|
||||
<h3 >Assurance Points</h3>
|
||||
|
||||
<p >
|
||||
The Assurance applies Assurance Points to each Member which measure the increase of confidence in the Statement (above).
|
||||
On the question of providing evidence that one is an Assurer, CAcert
|
||||
Policy Statement (<a target="_blank" class="http" href="http://svn.cacert.org/CAcert/policy.htm#p3.2">CPS</a>)
|
||||
says:<em> The level at which each Member is Assured is public
|
||||
data. The number of Assurance Points for each Member is not published.</em>.
|
||||
</p>
|
||||
<p></p>
|
||||
<h3>Assurance Points</h3>
|
||||
<p>
|
||||
The Assurance applies Assurance Points to each Member which measure the
|
||||
increase of confidence in the Statement (above).
|
||||
Assurance Points should not be interpreted for any other purpose.
|
||||
Note that, even though they are sometimes referred to as <em>Web-of-Trust</em> (Assurance) Points, or <em>Trust</em> Points, the meaning of the word 'trust' is not well defined.
|
||||
<p >
|
||||
<em>Assurance Points Allocation.</em>
|
||||
<br>An Assurer can allocate a number of Assurance Points to the Member according to the Assurer's experience (Experience Point system, see below).
|
||||
The allocation of the maximum means that the Assurer is 100% confident in the information presented:
|
||||
Note that, even though they are sometimes referred to as <em>Web-of-Trust</em>
|
||||
(Assurance) Points, or <em>Trust</em> Points, the meaning
|
||||
of the word 'trust' is not well defined. </p>
|
||||
<p><em>Assurance Points Allocation.</em>
|
||||
<br>
|
||||
An Assurer can allocate a number of Assurance Points to the Member
|
||||
according to the Assurer's experience (Experience Point system, see
|
||||
below).
|
||||
The allocation of the maximum means that the Assurer is 100% confident
|
||||
in the information presented:
|
||||
</p>
|
||||
<ul>
|
||||
<li>Detail on form, system, documents, person in accordance;
|
||||
</li>
|
||||
<li>Sufficient quality identity documents have been checked;
|
||||
</li>
|
||||
<li>Detail on form, system, documents, person in accordance; </li>
|
||||
<li>Sufficient quality identity documents have been checked; </li>
|
||||
<li>Assurer's familiarity with identity documents;
|
||||
</li>
|
||||
<li>The Assurance Statement is confirmed.
|
||||
</li></ul>
|
||||
<p >
|
||||
Any lesser confidence should result in less Assurance Points for a Name. If the Assurer has no confidence in the information presented, then <em>zero </em> Assurance Points may be allocated by the Assurer.
|
||||
For example, this may happen if the identity documents are totally unfamiliar to the Assurer.
|
||||
The number of Assurance Points from <em>zero</em> to <em>maximum </em> is guided by the Assurance Handbook and the judgement of the Assurer.
|
||||
<p >
|
||||
Multiple Names should be allocated separately in a single Assurance.
|
||||
That is, the Assurer may allocate the maximum to one Name, half that amount to another Name, and zero to a third Name.
|
||||
<p >
|
||||
A (new) Member who is not an Assurer may award an Assurer in a reciprocal process a maximum of 2 Assurance Points, according to his judgement.
|
||||
The Assurer should strive to have the Member allocate according to the Member's judgement, and stay on the cautious side; a (new) Member new to the assurance process should allocate <em>zero</em> Assurance Points until they get some confidence in what is happening.
|
||||
<p >
|
||||
No Assurance process can give more than 50 Assurance Points per Name.
|
||||
This means that to reach 50 Assurance Points (certificate with a Name), a Member must have been assured at least once.
|
||||
To reach 100 Assurance Points, at least one Name of the Member must have been assured at least twice.
|
||||
<p >
|
||||
|
||||
<h3 >Experience Points</h3>
|
||||
|
||||
<p >
|
||||
The maximum number of Assurance Points that may be awarded by an Assurer is determined by the Experience Points of the Assurer.
|
||||
<div><table border=1 cellspacing=0 width=15%>
|
||||
<caption align=bottom>Assurance Points table</caption>
|
||||
<tr>
|
||||
<td><em>Assurer's Experience Points</em></td> <td><em>Allocatable Assurance Points</em></td>
|
||||
<li>The Assurance Statement is confirmed. </li>
|
||||
</ul>
|
||||
<p>Any lesser confidence should result in less Assurance Points
|
||||
for a Name. If the Assurer has no confidence in the information
|
||||
presented, then <em>zero </em> Assurance Points may be
|
||||
allocated by the Assurer. For example, this may happen if the
|
||||
identity documents are totally unfamiliar to the Assurer.
|
||||
The number of Assurance Points from <em>zero</em> to <em>maximum
|
||||
</em> is guided by the Assurance Handbook and the judgement of
|
||||
the Assurer. </p>
|
||||
<p>Multiple Names should be allocated separately in a single
|
||||
Assurance.
|
||||
That is, the Assurer may allocate the maximum to one Name, half that
|
||||
amount to another Name, and zero to a third Name. </p>
|
||||
<p>A (new) Member who is not an Assurer may award an Assurer in a
|
||||
reciprocal process a maximum of 2 Assurance Points, according to his
|
||||
judgement.
|
||||
The Assurer should strive to have the Member allocate according to the
|
||||
Member's judgement, and stay on the cautious side; a (new) Member new
|
||||
to the assurance process should allocate <em>zero</em>
|
||||
Assurance Points until they get some confidence in what is happening. </p>
|
||||
<p>No Assurance process can give more than 50 Assurance Points
|
||||
per Name.
|
||||
This means that to reach 50 Assurance Points (certificate with a Name),
|
||||
a Member must have been assured at least once.
|
||||
To reach 100 Assurance Points, at least one Name of the Member must
|
||||
have been assured at least twice. </p>
|
||||
<p></p>
|
||||
<h3>Experience Points</h3>
|
||||
<p>
|
||||
The maximum number of Assurance Points that may be awarded by an
|
||||
Assurer is determined by the Experience Points of the Assurer.
|
||||
</p>
|
||||
<div>
|
||||
<table border="1" cellspacing="0" width="15%">
|
||||
<caption align="bottom">Assurance Points table</caption>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><em>Assurer's Experience Points</em></td>
|
||||
<td><em>Allocatable Assurance Points</em></td>
|
||||
</tr>
|
||||
<tr align=center>
|
||||
<td>0</td> <td>10</td>
|
||||
<tr align="center">
|
||||
<td>0</td>
|
||||
<td>10</td>
|
||||
</tr>
|
||||
<tr align=center>
|
||||
<td>10</td> <td>15</td>
|
||||
<tr align="center">
|
||||
<td>10</td>
|
||||
<td>15</td>
|
||||
</tr>
|
||||
<tr align=center>
|
||||
<td>20</td> <td>20</td>
|
||||
<tr align="center">
|
||||
<td>20</td>
|
||||
<td>20</td>
|
||||
</tr>
|
||||
<tr align=center>
|
||||
<td>30</td> <td> 25</td>
|
||||
<tr align="center">
|
||||
<td>30</td>
|
||||
<td> 25</td>
|
||||
</tr>
|
||||
<tr align=center>
|
||||
<td>40</td> <td>30</td>
|
||||
<tr align="center">
|
||||
<td>40</td>
|
||||
<td>30</td>
|
||||
</tr>
|
||||
<tr align=center>
|
||||
<td>>=50</td> <td>35</td>
|
||||
<tr align="center">
|
||||
<td>>=50</td>
|
||||
<td>35</td>
|
||||
</tr>
|
||||
</table></div>
|
||||
<p >
|
||||
An Assurer is given a maximum of 2 Experience Points for every completed Assurance.
|
||||
On reaching Assurer status, the Experience Points start at zero.
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
<p>
|
||||
Less Experience Points (1) may be given for mass Assurance events, where each Assurance is quicker.
|
||||
An Assurer is given a maximum of 2 Experience Points for every
|
||||
completed Assurance.
|
||||
On reaching Assurer status, the Experience Points start at zero.
|
||||
</p>
|
||||
<p>Less Experience Points (1) may be given for mass Assurance
|
||||
events, where each Assurance is quicker.
|
||||
</p>
|
||||
<p>Additional Experience Points may be granted temporarily or
|
||||
permanently
|
||||
to an Assurer by CAcert Inc's Board, on recommendation from the
|
||||
Assurance Officer. </p>
|
||||
<p>Experience Points are not to be confused with Assurance
|
||||
Points. </p>
|
||||
<p><em>Comment: this part still needs to be agreed.</em>
|
||||
</p>
|
||||
<p></p>
|
||||
<h3>CAcert Assurance Programme (CAP) form</h3>
|
||||
<p>
|
||||
Additional Experience Points may be granted temporarily or permanently to an Assurer by CAcert Inc's Board, on recommendation from the Assurance Officer.
|
||||
<p >
|
||||
Experience Points are not to be confused with Assurance Points.
|
||||
<p >
|
||||
<em>Comment: this part still needs to be agreed.</em>
|
||||
<p >
|
||||
|
||||
<h3 >CAcert Assurance Programme (CAP) form</h3>
|
||||
|
||||
<p >
|
||||
The CAcert Assurance Programme (CAP) form requests the following details of each Member or prospect Member:
|
||||
The CAcert Assurance Programme (CAP) form requests the following
|
||||
details of each Member or prospect Member:
|
||||
</p>
|
||||
<ul>
|
||||
<li>Name(s), as recorded in the on-line account;
|
||||
</li>
|
||||
<li>Primary email address, as recorded in the on-line account;
|
||||
</li>
|
||||
<li>Secondary Distinguishing Feature, as recorded in the on-line account (normally, date of birth);
|
||||
</li>
|
||||
<li>Statement of agreement with the CAcert Community Agreement (CCA);
|
||||
</li>
|
||||
<li>Permission to the Assurer to conduct the Assurance (required for privacy reasons);
|
||||
<li>Primary email address, as recorded in the on-line account; </li>
|
||||
<li>Secondary Distinguishing Feature, as recorded in the
|
||||
on-line account (normally, date of birth);
|
||||
</li>
|
||||
<li>Statement of agreement with the CAcert Community Agreement
|
||||
(CCA); </li>
|
||||
<li>Permission to the Assurer to conduct the Assurance
|
||||
(required for privacy reasons); </li>
|
||||
<li>Date and signature of the Assuree.
|
||||
</li></ul>
|
||||
</li>
|
||||
</ul>
|
||||
The CAP form requests the following details of the Assurer:
|
||||
<ul>
|
||||
<li>At least one Name as recorded in the on-line account of the Assurer;
|
||||
<li>At least one Name as recorded in the on-line account of the
|
||||
Assurer;
|
||||
</li>
|
||||
<li>Assurance Points for each Name in the identity document(s);
|
||||
</li>
|
||||
<li>Statement of Assurance;
|
||||
</li>
|
||||
<li>
|
||||
Optional: If the Assurance is reciprocal, then the Assurer's email address and Secondary Distinguishing Feature are required as well.
|
||||
<li>Statement of Assurance;</li>
|
||||
<li>Optional: If the Assurance is reciprocal, then the
|
||||
Assurer's email address and Secondary Distinguishing Feature are
|
||||
required as well.
|
||||
</li>
|
||||
<li>Date, location of Assurance and signature of Assurer.
|
||||
</li></ul>
|
||||
<p >
|
||||
The CAP forms are to be kept at least for 7 years by the Assurer.
|
||||
<p >
|
||||
|
||||
|
||||
<h2 >5. The Assurance Officer</h2>
|
||||
|
||||
<p >
|
||||
The Commitee (Board) of CAcert Inc. appoints an Assurance Officer with the following responsibilities:
|
||||
<ul>
|
||||
<li>Reporting to the Board and advising on all matters to do with Assurance;
|
||||
</li>
|
||||
<li>Training and testing of Assurers, in association with the Education Team;
|
||||
</li>
|
||||
</ul>
|
||||
<p>
|
||||
The CAP forms are to be kept at least for 7 years by the Assurer. </p>
|
||||
<p></p>
|
||||
<h2>5. The Assurance Officer</h2>
|
||||
<p>
|
||||
The Commitee (Board) of CAcert Inc. appoints an Assurance Officer with
|
||||
the following responsibilities:
|
||||
</p>
|
||||
<ul>
|
||||
<li>Reporting to the Board and advising on all matters to do
|
||||
with Assurance; </li>
|
||||
<li>Training and testing of Assurers, in association with the
|
||||
Education Team; </li>
|
||||
<li>
|
||||
Updating this Assurance Policy, under the process established by <a class="https" href="https://www.cacert.org/policy/PolicyOnPolicy.php">Policy on Policy</a>;
|
||||
Updating this Assurance Policy, under the process established by Policy on Policy (<a target="_blank" class="https" href="https://www.cacert.org/policy/PolicyOnPolicy.php">PoP</a>);
|
||||
</li>
|
||||
<li>
|
||||
Management of all Subsidiary Policies (see below) for Assurances, under <a class="https" href="https://www.cacert.org/policy/PolicyOnPolicy.php">Policy on Policy</a>;
|
||||
Management of all Subsidiary Policies (see below) for Assurances, under Policy on Policy (
|
||||
<a target="_blank" class="https" href="https://www.cacert.org/policy/PolicyOnPolicy.php">PoP</a>);
|
||||
</li>
|
||||
<li>Managing and creating rules of detail or procedure where inappropriate for policies;
|
||||
<li>Managing and creating rules of detail or procedure where
|
||||
inappropriate for policies;
|
||||
</li>
|
||||
<li>Incorporating rulings from Arbitration into policies, procedures or guidelines;
|
||||
<li>Incorporating rulings from Arbitration into policies,
|
||||
procedures or guidelines;
|
||||
</li>
|
||||
<li>Assisting the Arbitrator in any requests;
|
||||
</li>
|
||||
<li>Managing the Assurer Handbook;
|
||||
</li>
|
||||
<li>Maintaining a sufficient strength in the Assurance process (web-of-trust) to meet the agreed needs of the Community.
|
||||
</li></ul>
|
||||
<p >
|
||||
|
||||
<h2 >6. Subsidiary Policies</h2>
|
||||
|
||||
<p >
|
||||
The Assurance Officer manages various exceptions and additional processes.
|
||||
Each must be covered by an approved Subsidiary Policy (refer to Policy on Policy => COD1).
|
||||
Subsidiary Policies specify any additional tests of knowledge required and variations to process and documentation, within the general standard stated here.
|
||||
<p >
|
||||
Examples of expected subsidiary policies are these:
|
||||
<li>Managing the Assurer Handbook; </li>
|
||||
<li>Maintaining a sufficient strength in the Assurance process
|
||||
(web-of-trust) to meet the agreed needs of the Community. </li>
|
||||
</ul>
|
||||
<p>
|
||||
</p>
|
||||
<h2>6. Subsidiary Policies</h2>
|
||||
<p>
|
||||
The Assurance Officer manages various exceptions and additional
|
||||
processes.
|
||||
Each must be covered by an approved Subsidiary Policy (refer to Policy
|
||||
on Policy => COD1).
|
||||
Subsidiary Policies specify any additional tests of knowledge required
|
||||
and variations to process and documentation, within the general
|
||||
standard stated here. </p>
|
||||
<p>Examples of expected subsidiary policies are these:
|
||||
</p>
|
||||
<ul>
|
||||
<li>
|
||||
<em>Remote Assurer Check;</em>
|
||||
</li>
|
||||
<em>Remote Assurer Check;</em> </li>
|
||||
<li>
|
||||
<em>Super Assurer Policy;</em>
|
||||
</li>
|
||||
<em>Super Assurer Policy;</em> </li>
|
||||
<li>
|
||||
<em> Junior Assurer Policy;</em>
|
||||
</li>
|
||||
<em> Junior Assurer Policy;</em> </li>
|
||||
<li>
|
||||
<em> Code Signing Policy;</em>
|
||||
<em> Code Signing Policy;</em> </li>
|
||||
<li> <em>Organisation Assurance Policy and sub-policies
|
||||
per country or region.</em>
|
||||
</li>
|
||||
<li>
|
||||
<em>Organisation Assurance Policy and sub-policies per country or region.</em>
|
||||
</li></ul>
|
||||
<p >
|
||||
|
||||
|
||||
<h3 >Standard</h3>
|
||||
|
||||
<p >
|
||||
Each Subsidiary Policy must augment and improve the general standards in this Assurance Policy.
|
||||
It is the responsibility of each Subsidiary Policy to describe how it maintains and improves the specific and overall goals.
|
||||
It must describe exceptions and potential areas of risk.
|
||||
<p >
|
||||
|
||||
<h3 >High Risk Applications</h3>
|
||||
|
||||
<p >
|
||||
In addition to the Assurance or Experience Points ratings set here in and in other policies, Assurance Officer or policies can designate certain applications as high risk.
|
||||
If so, additional measures may be added to the Assurance process that specifically address the risks.
|
||||
</ul>
|
||||
<p>
|
||||
</p>
|
||||
<h3>Standard</h3>
|
||||
<p>
|
||||
Each Subsidiary Policy must augment and improve the general standards
|
||||
in this Assurance Policy.
|
||||
It is the responsibility of each Subsidiary Policy to describe how it
|
||||
maintains and improves the specific and overall goals.
|
||||
It must describe exceptions and potential areas of risk. </p>
|
||||
<p></p>
|
||||
<h3>High Risk Applications</h3>
|
||||
<p>
|
||||
In addition to the Assurance or Experience Points ratings set here in
|
||||
and in other policies, Assurance Officer or policies can designate
|
||||
certain applications as high risk.
|
||||
If so, additional measures may be added to the Assurance process that
|
||||
specifically address the risks.
|
||||
These may include:
|
||||
</p>
|
||||
<dl>
|
||||
<dt>Additional information</dt>
|
||||
<dd>Additional information can be required in process of assurance:
|
||||
<ul>
|
||||
<li>Unique numbers of identity documents;
|
||||
</li>
|
||||
<li>Photocopy of identity documents;
|
||||
</li>
|
||||
<li>Photo of User;
|
||||
</li>
|
||||
<li>Address of User.
|
||||
</li></ul>
|
||||
</dd></dl>
|
||||
<p >
|
||||
<dd>Additional information can be required in process of
|
||||
assurance:
|
||||
<ul>
|
||||
<li>Unique numbers of identity documents; </li>
|
||||
<li>Photocopy of identity documents; </li>
|
||||
<li>Photo of User; </li>
|
||||
<li>Address of User. </li>
|
||||
</ul>
|
||||
</dd>
|
||||
</dl>
|
||||
<p>
|
||||
Additional Information is to be kept by Assurer, attached to CAP form.
|
||||
Assurance Points allocation by this assurance is unchanged.
|
||||
User's CAcert (web)account should be annotated to record type of additional information:
|
||||
User's CAcert (web)account should be annotated to record type of
|
||||
additional information:
|
||||
</p>
|
||||
<ul>
|
||||
<li>Arbitration:
|
||||
<ul>
|
||||
<li>Member to participate in Arbitration.
|
||||
This confirms their acceptance of the forum as well as trains in the process and import.
|
||||
</li>
|
||||
<li>Member to file Arbitration to present case.
|
||||
This allows Arbitrator as final authority.
|
||||
</li></ul>
|
||||
<ul>
|
||||
<li>Member to participate in Arbitration. This confirms
|
||||
their acceptance of the forum as well as trains in the process and
|
||||
import. </li>
|
||||
<li>Member to file Arbitration to present case. This allows
|
||||
Arbitrator as final authority. </li>
|
||||
</ul>
|
||||
</li>
|
||||
<li class="gap">Additional training;
|
||||
</li>
|
||||
<li class="gap">Member to be Assurer (>= 100 Assurance Points and passed Assurer Challenge);
|
||||
</li>
|
||||
<li class="gap">Member agrees to additional specific agreement(s);
|
||||
</li>
|
||||
<li class="gap">Additional checking/auditing of systems data by CAcert support administrators;
|
||||
</li></ul>
|
||||
<p >
|
||||
Applications that might attract additonal measures include code-signing certificates and administration roles.
|
||||
<p >
|
||||
|
||||
<h2 >Privacy</h2>
|
||||
|
||||
<p >
|
||||
CAcert is a "privacy" organisation, and takes the privacy of its Members seriously.
|
||||
The process maintains the security and privacy of both parties.
|
||||
<p >
|
||||
Information is collected primarily to make claims within the certificates requested by users and to contact the Members.
|
||||
<li class="gap">Member to be Assurer (>= 100
|
||||
Assurance Points and passed Assurer Challenge); </li>
|
||||
<li class="gap">Member agrees to additional specific
|
||||
agreement(s); </li>
|
||||
<li class="gap">Additional checking/auditing of systems
|
||||
data by CAcert support administrators; </li>
|
||||
</ul>
|
||||
<p>
|
||||
Applications that might attract additonal measures include code-signing
|
||||
certificates and administration roles. </p>
|
||||
<p></p>
|
||||
<h2>Privacy</h2>
|
||||
<p>
|
||||
CAcert is a "privacy" organisation, and takes the privacy of its
|
||||
Members seriously.
|
||||
The process maintains the security and privacy of both parties. </p>
|
||||
<p>Information is collected primarily to make claims within the
|
||||
certificates requested by users and to contact the Members.
|
||||
<br>
|
||||
It is used secondarily for training, testing, administration and other internal purposes.
|
||||
<p >
|
||||
The Member's information can be accessed under these circumstances: <ul>
|
||||
It is used secondarily for training, testing, administration and other
|
||||
internal purposes. </p>
|
||||
<p>The Member's information can be accessed under these
|
||||
circumstances: </p>
|
||||
<ul>
|
||||
<li>
|
||||
Under Arbitrator ruling, in a duly filed dispute (<a class="http" href="http://www.cacert.org/policy/DisputeResolutionPolicy.html">Dispute Resolution Policy</a> => COD7)
|
||||
</li>
|
||||
<li>An Assurer in the process of an Assurance, as permitted on the CAP form.
|
||||
</li>
|
||||
<li>CAcert support administration and CAcert systems administration when operating under the authority of Arbitrator or under CAcert policy.
|
||||
</li></ul>
|
||||
<p >
|
||||
<a href="http://validator.w3.org/check?uri=referer"><img src="../Images/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
Under Arbitrator ruling, in a duly filed dispute (<a target="_blank" class="http" href="http://www.cacert.org/policy/DisputeResolutionPolicy.html">Dispute
|
||||
Resolution Policy</a> => COD7) </li>
|
||||
<li>An Assurer in the process of an Assurance, as permitted on
|
||||
the CAP form. </li>
|
||||
<li>CAcert support administration and CAcert systems
|
||||
administration
|
||||
when operating under the authority of Arbitrator or under CAcert
|
||||
policy. </li>
|
||||
</ul>
|
||||
<p> <a href="http://validator.w3.org/check?uri=referer"><img src="../Images/valid-xhtml11-blue" alt="Valid XHTML 1.1" style="border-style: none;" height="31" width="88"></a>
|
||||
</p>
|
||||
</body></html>
|
Loading…
Reference in New Issue