diff --git a/AssurancePolicy.html b/AssurancePolicy.html index 8645ff9..2e66b7b 100644 --- a/AssurancePolicy.html +++ b/AssurancePolicy.html @@ -1,555 +1,618 @@ - -
-
-Author: Ian Grigg
-Creation date: 2008-05-30
-Status: WIP 2008-05-30
-Next status: DRAFT June 2008
-
-
-Definitions of terms: -
--
--Each assurance claims a number of Assurance Points, applied to the -assured Member or Member prospect. -By combining the assurances, and the Assurance Points, CAcert -constructs a global Web of Trust ("WoT").
-CAcert explicitly chooses to meet its various goals by -construction of a web-of-trust of all Members. -This is done by face-to-face meeting, identifying and sharing claims in -a network. -Maintaining a sufficient strength for the web-of-trust is a high-level -objective of the Assurance process.
- -
-Documentation on Assurance is split between this Assurance Policy (AP)
-and the Assurance
-Handbook.
-The policy is controlled by Configuration Control Specification (CCS) under Policy on Policy (PoP) policy documents.
-
-Because Assurance is an active area, much of the practice is handed
-over to the Assurance Handbook, which is not a controlled document, and
-can more easily respond to experience and circumstances.
-It is also more readable.
See also Organisation Assurance Policy (OAP) and CAcert Policy Statement (CPS).
- --The purpose of Assurance is to add confidence in the Assurance -Statement made of a Member by the CAcert Community.
- --The following claims can be made about a person who is assured: -
-The confidence level of the Assurance Statement is expressed -by the Assurance Points.
- --The primary goal of the Assurance Statement is to meet the needs of the -Relying Party Statement, which latter is found in -the Certification Practice Statement (CPS) -for the express purpose of certificates.
-When a certificate is issued, some or all of the Assurance -Statement -may be incorporated (e.g., name) or implied (e.g., Membership or -status) into the certificate and be part of the Relying -Party Statement. -In short, this means that other Members of the Community may rely on -the information verified by Assurance and found in the certificate.
-In particular, certificates are sometimes considered to -provide -reliable indications of the Member's Name. -The nature of Assurance, the number of Assurance Points, and other -policies and processes should be understood as limitations on any -reliance.
- --
--The general standard is that the individual name of the Member is as -written on a government-issued Identity (photo) document.
-For more details see the Policy -Drafts Policy On Names, where the discussion is carried on. -This page will be copied into here when the discussion is complete. -
- -The technical form of a Name is a string of characters. It -should be exactly copied from a governemental-issued photo ID. -Transliteration of characters to a character table defined by Assurance -Officer is permitted. -
-Multiple Names --A Member has the following capabilities derived from Assurance: -
-Minimum Assurance Points | -Capability | -Comment | -
0 | -request un-named certificates | -although the Member's details are recorded in the -account, they are not highly assured. | -
50 | -request named certificates | -the name and Assurance Statement is assured to 50 -Assurance Points or more | -
100 | -become an Assurer | -assured to 100 Assurance Points or more, and other -requirements listed below | -
-The CAcert Policy Statement (CPS) and other policies may list other -capabilities that rely on Assurance Points.
- --An Assurer is a Member with the following:
--The Assurer Challenge is administered by the Education Team on behalf -of the Assurance Officer.
- --The Assurer is obliged to:
-Be guided by the Assurance -Handbook in their judgement;
--
--
--The Assurer conducts the process of Assurance with each Member.
-The process consists of: -
--
--Mutual Assurance follows the principle of reciprocity. -This means that the Assurance may be two-way, and that each member -participating in the Assurance procedure should be able to show -evidence of their identity to the other.
-In the event that an Assurer is assured by a Member who is not -certified as an Assurer, the Assurer supervises the Assurance procedure -and process, and is responsible for the results.
-Reciprocity maintains a balance between the (new) Member and -the Assurer, and reduces any sense of power. -It is also an important aid to the assurance training for future -Assurers.
-Evidence of Assurer status
-
-On the question of providing evidence that one is an Assurer, CAcert
-Policy Statement (CPS)
-says: The level at which each Member is Assured is public
-data. The number of Assurance Points for each Member is not published..
-
-The Assurance applies Assurance Points to each Member which measure the -increase of confidence in the Statement (above). + + +
+ +
Author:
+Ian Grigg
Creation date: 2008-05-30
Status: WIP 2008-05-30
Next
+status: DRAFT June 2008
Definitions of terms: +
+Each assurance claims a number of Assurance Points, applied to the +assured Member or Member prospect. By combining the assurances, and +the Assurance Points, CAcert constructs a global Web of Trust +("WoT"). +
+CAcert explicitly chooses to meet its various goals by +construction of a web-of-trust of all Members. This is done by +face-to-face meeting, identifying and sharing claims in a network. +Maintaining a sufficient strength for the web-of-trust is a +high-level objective of the Assurance process. +
+Documentation on Assurance is split between this Assurance Policy
+(AP) and the Assurance
+Handbook. The policy is controlled by Configuration Control
+Specification (CCS)
+under Policy on Policy (PoP)
+policy documents.
Because Assurance is an active area, much of
+the practice is handed over to the Assurance Handbook, which is not a
+controlled document, and can more easily respond to experience and
+circumstances. It is also more readable.
+
See also Organisation Assurance Policy (OAP) +and CAcert Policy Statement (CPS). +
+The purpose of Assurance is to add confidence in the Assurance +Statement made of a Member by the CAcert Community. +
+The following claims can be made about a person who is assured: +
+The person is a bona fide Member. + In other words, the person is a member of the CAcert community, as + defined by the CAcert Community Agreement (CCA). +
+The Member has a (login) + (web)Account with CAcert's on-line registration and service system. +
+The Member can be determined from + any certificate issued by the Account. +
+The Member is bound into CAcert's + Arbitration (as defined by the CCA). +
+Some personal details of the Member (Name(s), primary and + other listed email address(es), secondary distinguished feature (eg + DoB)) are known to CAcert. +
+The confidence level of the Assurance Statement is expressed by +the Assurance Points. +
+The primary goal of the Assurance Statement is to meet the needs +of the Relying Party Statement, which latter is found in the +Certification Practice Statement (CPS) +for the express purpose of certificates. +
+When a certificate is issued, some or all of the Assurance +Statement may be incorporated (e.g., name) or implied (e.g., +Membership or status) into the certificate and be part of the Relying +Party Statement. In short, this means that other Members of the +Community may rely on the information verified by Assurance and found +in the certificate. +
+In particular, certificates are sometimes considered to provide +reliable indications of the Member's Name. The nature of Assurance, +the number of Assurance Points, and other policies and processes +should be understood as limitations on any reliance. +
+Names in the CAcert web account should have names which are +identical to those in the ID documents.
+The technical form of a Name is a string of characters. It should +be exactly copied from a governmental-issued photo ID.
+Transliteration +of characters to a character table defined by Assurance Officer is +permitted, but the result must be 7-bit ASCII for the full Name.
+In general names are handled case insensitively.
+Abbreviation of second given name(s), middle name(s), titles and +name extensions in the Name of the web account to one character and a +dot are permitted. If the first given name in the ID document is +abbreviated it the first given name in the web account Name may be +abbreviated. Abbreviation in the web account Name will imply +abbreviation usage in the Common Name of the issued certificate +however.
+The Common Name and related certificate fields in the issued +certificate is dependent on the assurance of the Name in the web +account. Abbreviation and transliteration handling in the CN is +defined in the Certificate Implementation Policy (CIP).
+If the governmental ID indicates for part of the Name a type +(title, first given name, secondary given name(s), middlename(s), +family name, and/or name extensions) and the Name in the web account +provides the type of name field attribute, this will be assured in +the Name account administration. +
+A Member may have multiple individual Names. For example, married
+name, variations of initials of first or middle names, abbreviation
+of a first name, different language or country variations and
+transliterations of characters in a name. Each individual Name must
+be assured to the applicable level. That is, each Name to 50
+Assurance Points to be used in a certificate.
For an Assurer at
+least one Name must have at least to 100 Assurance Points.
A Member has the following capabilities derived from Assurance: +
+
+ Minimum Assurance Points + |
+
+ Capability + |
+
+ Comment + |
+
+ 0 + |
+
+ request un-named certificates + |
+
+ although the Member's details are recorded in the + account, they are not highly assured. + |
+
+ 50 + |
+
+ request named certificates + |
+
+ the name and Assurance Statement is assured to 50 + Assurance Points or more + |
+
+ 100 + |
+
+ become an Assurer + |
+
+ assured to 100 Assurance Points or more, and other + requirements listed below + |
+
Assurance Capability table
+The CAcert Policy Statement (CPS) and other policies may list +other capabilities that rely on Assurance Points. +
+An Assurer is a Member with the following: +
+is assured to a minimum of 100 + Assurance Points, +
+has passed the Assurer Challenge. +
+The Assurer Challenge is administered by the Education Team on +behalf of the Assurance Officer. +
+The Assurer is obliged to: +
+Follow this Assurance Policy; +
+Follow any additional rules of + detail laid out by the Assurance Officer; +
+Be guided by the Assurance + Handbook in their judgement; +
+Make a good faith effort at + identifying and verifying Members; +
+Maintain the documentation on each + Assurance; +
+Deliver documentation to + Arbitration, or as otherwise directed by the Arbitrator; +
+Keep up-to-date with developments within the CAcert + Community. +
+The Assurer conducts the process of Assurance with each Member. +
+The process consists of: +
+Voluntary agreement by both + Assurer and Member or prospect Member to conduct the Assurance; +
+Personal meeting of Assurer and + Member or prospect Member; +
+Recording of essential details on + CAP form (below); +
+Examination of Identity documents + by Assurer and verification of recorded details (Name(s) and + Secondary Distinguishing Feature, e.g., DoB); +
+Allocation of Assurance Points by + Assurer; +
+Optional: supervision of + reciprocal Assurance made by Assuree (Mutual Assurance); +
+Safe keeping of the CAP forms by Assurer. +
+Mutual Assurance follows the principle of reciprocity. This means +that the Assurance may be two-way, and that each member participating +in the Assurance procedure should be able to show evidence of their +identity to the other. +
+In the event that an Assurer is assured by a Member who is not +certified as an Assurer, the Assurer supervises the Assurance +procedure and process, and is responsible for the results. +
+Reciprocity maintains a balance between the (new) Member and the +Assurer, and reduces any sense of power. It is also an important aid +to the assurance training for future Assurers. +
+Evidence of Assurer status
On the question of
+providing evidence that one is an Assurer, CAcert Policy Statement
+(CPS)
+says: The level at which each Member is Assured is public data.
+The number of Assurance Points for each Member is not published..
+
The Assurance applies Assurance Points to each Member which +measure the increase of confidence in the Statement (above). Assurance Points should not be interpreted for any other purpose. -Note that, even though they are sometimes referred to as Web-of-Trust -(Assurance) Points, or Trust Points, the meaning -of the word 'trust' is not well defined.
-Assurance Points Allocation.
-
-An Assurer can allocate a number of Assurance Points to the Member
-according to the Assurer's experience (Experience Point system, see
-below).
-The allocation of the maximum means that the Assurer is 100% confident
-in the information presented:
-
Any lesser confidence should result in less Assurance Points -for a Name. If the Assurer has no confidence in the information -presented, then zero Assurance Points may be -allocated by the Assurer. For example, this may happen if the -identity documents are totally unfamiliar to the Assurer. -The number of Assurance Points from zero to maximum - is guided by the Assurance Handbook and the judgement of -the Assurer.
-Multiple Names should be allocated separately in a single -Assurance. -That is, the Assurer may allocate the maximum to one Name, half that -amount to another Name, and zero to a third Name.
-A (new) Member who is not an Assurer may award an Assurer in a +Note that, even though they are sometimes referred to as Web-of-Trust +(Assurance) Points, or Trust Points, the meaning of the word +'trust' is not well defined. +
+Assurance Points Allocation.
An Assurer can allocate
+a number of Assurance Points to the Member according to the Assurer's
+experience (Experience Point system, see below). The allocation of
+the maximum means that the Assurer is 100% confident in the
+information presented:
+
Detail on form, system, documents, + person in accordance; +
+Sufficient quality identity + documents have been checked; +
+Assurer's familiarity with + identity documents; +
+The Assurance Statement is confirmed. +
+Any lesser confidence should result in less Assurance Points for a +Name. If the Assurer has no confidence in the information presented, +then zero Assurance Points may be allocated by the +Assurer. For example, this may happen if the identity documents +are totally unfamiliar to the Assurer. The number of Assurance Points +from zero to maximum is guided by the Assurance +Handbook and the judgement of the Assurer. +
+Multiple Names should be allocated separately in a single +Assurance. That is, the Assurer may allocate the maximum to one Name, +half that amount to another Name, and zero to a third Name. +
+A (new) Member who is not an Assurer may award an Assurer in a reciprocal process a maximum of 2 Assurance Points, according to his -judgement. -The Assurer should strive to have the Member allocate according to the -Member's judgement, and stay on the cautious side; a (new) Member new -to the assurance process should allocate zero -Assurance Points until they get some confidence in what is happening.
-No Assurance process can give more than 50 Assurance Points -per Name. -This means that to reach 50 Assurance Points (certificate with a Name), -a Member must have been assured at least once. -To reach 100 Assurance Points, at least one Name of the Member must -have been assured at least twice.
- --The maximum number of Assurance Points that may be awarded by an -Assurer is determined by the Experience Points of the Assurer. -
-Assurer's Experience Points | -Allocatable Assurance Points | -
0 | -10 | -
10 | -15 | -
20 | -20 | -
30 | -25 | -
40 | -30 | -
>=50 | -35 | -
-An Assurer is given a maximum of 2 Experience Points for every -completed Assurance. -On reaching Assurer status, the Experience Points start at zero. -
-Less Experience Points (1) may be given for mass Assurance -events, where each Assurance is quicker. -
-Additional Experience Points may be granted temporarily or -permanently -to an Assurer by CAcert Inc's Board, on recommendation from the -Assurance Officer.
-Experience Points are not to be confused with Assurance -Points.
-Comment: this part still needs to be agreed. -
- --The CAcert Assurance Programme (CAP) form requests the following -details of each Member or prospect Member: -
--The CAP forms are to be kept at least for 7 years by the Assurer.
- --The Commitee (Board) of CAcert Inc. appoints an Assurance Officer with -the following responsibilities: -
--
--The Assurance Officer manages various exceptions and additional -processes. -Each must be covered by an approved Subsidiary Policy (refer to Policy -on Policy => COD1). -Subsidiary Policies specify any additional tests of knowledge required -and variations to process and documentation, within the general -standard stated here.
-Examples of expected subsidiary policies are these: -
--
--Each Subsidiary Policy must augment and improve the general standards -in this Assurance Policy. -It is the responsibility of each Subsidiary Policy to describe how it -maintains and improves the specific and overall goals. -It must describe exceptions and potential areas of risk.
- --In addition to the Assurance or Experience Points ratings set here in -and in other policies, Assurance Officer or policies can designate -certain applications as high risk. -If so, additional measures may be added to the Assurance process that -specifically address the risks. -These may include: -
--Additional Information is to be kept by Assurer, attached to CAP form. -Assurance Points allocation by this assurance is unchanged. +judgement. The Assurer should strive to have the Member allocate +according to the Member's judgement, and stay on the cautious side; a +(new) Member new to the assurance process should allocate zero +Assurance Points until they get some confidence in what is happening. +
+No Assurance process can give more than 50 Assurance Points per +Name. This means that to reach 50 Assurance Points (certificate with +a Name), a Member must have been assured at least once. To reach 100 +Assurance Points, at least one Name of the Member must have been +assured at least twice. +
+The maximum number of Assurance Points that may be awarded by an +Assurer is determined by the Experience Points of the Assurer. +
+
+ Assurer's Experience Points + |
+
+ Allocatable Assurance Points + |
+
+ 0 + |
+
+ 10 + |
+
+ 10 + |
+
+ 15 + |
+
+ 20 + |
+
+ 20 + |
+
+ 30 + |
+
+ 25 + |
+
+ 40 + |
+
+ 30 + |
+
+ >=50 + |
+
+ 35 + |
+
Assurance Points table
+An Assurer is given a maximum of 2 Experience Points for every +completed Assurance. On reaching Assurer status, the Experience +Points start at zero. +
+Less Experience Points (1) may be given for mass Assurance events, +where each Assurance is quicker. +
+Additional Experience Points may be granted temporarily or +permanently to an Assurer by CAcert Inc's Board, on recommendation +from the Assurance Officer. +
+Experience Points are not to be confused with Assurance Points. +
+Comment: this part still needs to be agreed. +
+The CAcert Assurance Programme (CAP) form requests the following +details of each Member or prospect Member: +
+Name(s), as recorded in the + on-line account; +
+Primary email address, as recorded + in the on-line account; +
+Secondary Distinguishing Feature, + as recorded in the on-line account (normally, date of birth); +
+Statement of agreement with the + CAcert Community Agreement (CCA); +
+Permission to the Assurer to + conduct the Assurance (required for privacy reasons); +
+Date and signature of the Assuree. +
+The CAP form requests the following details of the Assurer: +
+At least one Name as recorded in + the on-line account of the Assurer; +
+Assurance Points for each Name in + the identity document(s); +
+Statement of Assurance; +
+Optional: If the Assurance is + reciprocal, then the Assurer's email address and Secondary + Distinguishing Feature are required as well. +
+Date, location of Assurance and signature of Assurer. +
+The CAP forms are to be kept at least for 7 years by the Assurer. +
+The Committee (Board) of CAcert Inc. appoints an Assurance Officer +with the following responsibilities: +
+Reporting to the Board and + advising on all matters to do with Assurance; +
+Training and testing of Assurers, + in association with the Education Team; +
+Updating this Assurance Policy, + under the process established by Policy on Policy (PoP); +
+Management of all Subsidiary + Policies (see below) for Assurances, under Policy on Policy ( PoP); +
+Managing and creating rules of + detail or procedure where inappropriate for policies; +
+Incorporating rulings from + Arbitration into policies, procedures or guidelines; +
+Assisting the Arbitrator in any + requests; +
+Managing the Assurer Handbook; +
+Maintaining a sufficient strength in the Assurance process + (web-of-trust) to meet the agreed needs of the Community. +
+The Assurance Officer manages various exceptions and additional +processes. Each must be covered by an approved Subsidiary Policy +(refer to Policy on Policy => COD1). Subsidiary Policies specify +any additional tests of knowledge required and variations to process +and documentation, within the general standard stated here. +
+Examples of expected subsidiary policies are these: +
+Remote Assurer Check; +
+Super Assurer Policy; +
+Junior Assurer Policy; +
+Code Signing Policy; +
+Organisation Assurance Policy and sub-policies per + country or region. +
+Each Subsidiary Policy must augment and improve the general +standards in this Assurance Policy. It is the responsibility of each +Subsidiary Policy to describe how it maintains and improves the +specific and overall goals. It must describe exceptions and potential +areas of risk. +
+In addition to the Assurance or Experience Points ratings set here +in and in other policies, Assurance Officer or policies can designate +certain applications as high risk. If so, additional measures may be +added to the Assurance process that specifically address the risks. +These may include: +
+Additional Information is to be kept by Assurer, attached to CAP +form. Assurance Points allocation by this assurance is unchanged. User's CAcert (web)account should be annotated to record type of -additional information: -
--Applications that might attract additonal measures include code-signing -certificates and administration roles.
- --CAcert is a "privacy" organisation, and takes the privacy of its -Members seriously. -The process maintains the security and privacy of both parties.
-Information is collected primarily to make claims within the
-certificates requested by users and to contact the Members.
-
-It is used secondarily for training, testing, administration and other
-internal purposes.
The Member's information can be accessed under these -circumstances:
-Arbitration: +
+Member to participate in + Arbitration. This confirms their acceptance of the forum as well as + trains in the process and import. +
+Member to file Arbitration to + present case. This allows Arbitrator as final authority. +
+Additional training; +
+Member to be Assurer (>= 100 + Assurance Points and passed Assurer Challenge); +
+Member agrees to additional + specific agreement(s); +
+Additional checking/auditing of systems data by CAcert + support administrators; +
+Applications that might attract additional measures include +code-signing certificates and administration roles. +
+CAcert is a "privacy" organisation, and takes the +privacy of its Members seriously. The process maintains the security +and privacy of both parties. +
+Information is collected primarily to make claims within the
+certificates requested by users and to contact the Members.
It is
+used secondarily for training, testing, administration and other
+internal purposes.
+
The Member's information can be accessed under these +circumstances: +
+Under Arbitrator ruling, in a duly + filed dispute (Dispute + Resolution Policy => COD7) +
+An Assurer in the process of an + Assurance, as permitted on the CAP form. +
+CAcert support administration and CAcert systems + administration when operating under the authority of Arbitrator or + under CAcert policy. +
+