@ -5,73 +5,187 @@
< TITLE > Organisation Assurance Policy < / TITLE >
< META NAME = "CHANGEDBY" CONTENT = "Teus Hagen" >
< META NAME = "CHANGED" CONTENT = "20090210;14412600" >
< style type = "text/css" >
<!--
H1 {
text-align: center;
}
.comment {
color : steelblue;
}
.first-does-not-work {
color : red;
}
.q {
color : green;
font-weight: bold;
text-align: center;
font-style:italic;
}
.change {
color : blue;
font-weight: bold;
}
.change2 {
color : steelblue;
}
.change3 {
color : purple;
}
.strike {
color : orange;
text-decoration:line-through;
}
-->
< / style >
< / HEAD >
< BODY >
< p style = "text-align: center;" >
< big >
< br / > < b > WARNING:< / b > < br / >
The proper policy document is located< br / >
< a href = "//www.cacert.org/policy/OrganisationAssurancePolicy.php" >
on the CAcert website < / a > .< br / >
< / big > This document is a < b > work-in-progress< / b > to include future revisions only,< br / >
and is currently < b > only relevant for the [policy] group< / b > .< br / >
< span class = "change" > Additions in BLUE< / span > < span class = "strike" > strikes in ORANGE< / span > now up for < a href = "//wiki.cacert.org/PolicyDecisions#p20101009" > vote in PG< / a > ,.< br / >
< / p >
< a href = "http://validator.w3.org/check?uri=referer" > < img style = "float: right; border-width: 0" src = "http://www.w3.org/Icons/valid-xhtml11" alt = "Valid XHTML 1.1" height = "31" width = "88" / > < / a >
< ul >
< li > Ulrich Schroeter < span class = "change" > 20110804< / span > : marked all changes after < a href = "//wiki.cacert.org/PolicyDecisions#p20080401.1" > p20080401.1< / a > < / li >
< li > Ulrich Schroeter < span class = "change" > 20110804< / span > : minimalistic link corrections incl. replaced all wiki.cacert.org/wiki/ by wiki.cacert.org/ links< / li >
< li > Ulrich Schroeter < span class = "change" > 20110804< / span > : updated policy header with new style, add Licence info < a href = "//wiki.cacert.org/PolicyDecisions#p20100722" > p20100722 License our Policies under CC-BY-SA-3.0-AU< / a > < / li >
< li > INOPIAE < span class = "change" > 20110731< / span > : Attempt to review the policy starting with the first part Preliminaries. < / li >
< li > Teus Hagen : Next status: proposal will replace former Draft OA Policy of 2008< / li >
< li > Teus Hagen : Status: Changed for Feb 2009 OA WoT concept, sync with (individual) AP.< / li >
< li > Policy Group < span class = "change" > 20080401< / span > : < a href = "//wiki.cacert.org/PolicyDecisions#p20080401.1" > p20080401.1< / a > Vote to DRAFT with changes< / li >
< li > Policy Group < span class = "change" > 20110804< / span > : m20070918.x Vote to POLICY< / li >
< / ul >
< / P >
< hr >
<!-- $Date: 2008 - 01 - 18 22:56:31 $ -->
< div class = "comment" >
< table width = "100%" >
< tr >
< td >
Name: OAP < a style = "color: steelblue" href = "https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html" > COD11< / a > < br / >
Status: POLICY < a style = "color: steelblue" href = "http://wiki.cacert.org/TopMinutes-20070917" > m20070918.x< / a > < br / >
-------- with DRAFT < a style = "color: steelblue" href = "https://wiki.cacert.org/PolicyDecisions#p20080401.1" > p20080401.1< / a > < br / >
Editor: Jens Paul< br / >
Licence: < a style = "color: steelblue" href = "//wiki.cacert.org/Policy#Licence" title = "this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP < / a > < br / >
< / td >
< td align = "right" >
< a href = "//www.cacert.org/policy/PolicyOnPolicy.php" > < img src = "/images/cacert-policy.png" alt = "OAP Status - POLICY" height = "31" width = "88" style = "border-style: none;" / > < / a >
<!-- XXXXXXXXXXXXXX delete this going to DRAFT -->
< br / >
< a href = "//www.cacert.org/policy/PolicyOnPolicy.php" > < img src = "/images/cacert-draft.png" alt = "OAP Status - DRAFT" height = "31" width = "88" style = "border-style: none;" / > < / a >
< br / >
< a href = "//www.cacert.org/policy/PolicyOnPolicy.php" > < img src = "/images/cacert-wip.png" alt = "OAP Status - WIP" height = "31" width = "88" style = "border-style: none;" / > < / a >
< / td >
< / tr >
< / table >
< / div >
< H1 > Organisation Assurance Policy< / H1 >
< H1 > Organisation Assurance Policy (new proposal) < / H1 >
< P > < A HREF = "../PolicyOnPolicy.html" > < IMG SRC = "../cacert-wip.png" NAME = "cacert-wip" ALT = "CAcert WiP" ALIGN = BOTTOM WIDTH = 90 HEIGHT = 33 BORDER = 0 > < / A > < BR >
Document:< BR >
Initial Author: Jens Paul< BR >
Edited by: Teus Hagen< BR >
Original creation date: 2007-09-18< BR >
Status: Changed for Feb 2009 OA WoT concept, sync with (individual) AP.< BR >
Next status: proposal will replace former Draft OA Policy of 2008< / P >
<!-- $Id$ -->
< H2 > < A NAME = "0" > < / A > 0. Preliminaries < / H2 >
< P > This policy describes how Organisation Assurers (" OAs" )
conduct Assurances on Organisations. It fits within the overall
web-of-trust or Assurance process of CAcert.
web-of-trust or Assurance process of CAcert.< br / >
< br / >
< span class = "strike" > This policy is not a Controlled document, for purposes of Configuration Control Specification ("CCS").< / span >
< / P >
< H3 > 0.1. Definition of Terms< / H3 >
< H3 > < span class = "change" > 0.1. Definition of Terms< / span > < / H3 >
< DL >
< DT > < I > (Organisation) Member< / I >
< DT > < I > < span class = "change" > Organisation Member < / span > < span class = "change" > (Organisation)< / span > < / I >
< / DT > < DD >
A Member is an organisation who has agreed to the CAcert Community
Agreement (< A HREF = "http://www.cacert.org/policy/CAcertCommunityAgreement.php" TARGET = "_blank" > CCA< / A > )
< span class = "change" > < span class = "change" > n Organisation< / span >
Agreement (< span class = "change" > < A HREF = " //www.cacert.org/policy/CAcertCommunityAgreement.php" TARGET = "_blank" > CCA< / A > < / span > )
and has created successfully a CAcert login account on the CAcert
web site.
web site.< / span >
< / DD > < DT >
< I > (Organisation) Assurance< / I >
< I > < span class = "change" > Organisation Assurance < span class = "change" > (OrgA)< / span > < / span > < / I >
< / DT > < DD >
Assurance is the process by which a Member of CAcert Community
(Organisation Assurer) identifies an organisation (Assuree).
< span class = "change" > A< span class = "change" > n Organisation< / span >
(Organisation Assurer) identifies an organisation (Assuree).< / span >
< / DD > < DT >
< I > Prospective (Organisation) Member< / I >
< / DT > < DD >
< I > < span class = "change" > < / span > < / I >
< / DT > < DD > < span class = "change" >
An organisation who participates in the process of an Organisation
Assurance, but has not yet created a CAcert login account.
Assurance, but has not yet created a CAcert login account.< / span >
< / DD > < DT >
< I > (Organisation) Name< / I >
< I > < span class = "change" > Organisation Name< / span > < / I >
< / DT > < DD > < span class = "change" >
An Organisation Name is the full name of the organisation.< / span >
< / DD > < DT >
< span class = "change" > < I > Organisation Assurer (OA)< / I > < / span >
< / DT > < DD >
An Organisation Name is the full name of the organisation.
< span class = "change" > A Member of CAcert Community who identifies an organisation.< / span >
< / DD > < DT >
< span class = "change" > < I > Organisation Administrator (OrgAdmin)< / I > < / span >
< / DT > < DD > < span class = "change" >
An Assurer that is appointed by the organisation to administer the
certificates in behalf of the organisation.< / span >
< / DD > < DT >
< span class = "change" > < I > Organisation Assurance Officer (OAO)< / I > < / span >
< / DT > < DD > < span class = "change" >
The Organisation Assurance Officer manages this policy and reports to the
CAcert Inc. Committee ("Board").< / span >
< / DD > < DT >
< span class = "change" > < I > Prospective Organisation Assurer (pOA)< / I > < / span >
< / DT > < DD > < span class = "change" >
An Assurer who is being trained to become an Organisation Assurer and is
supervised by Organisation Assurers.< / span >
< / DD > < / DL >
< H3 > 0.2. The CAcert Web of Trust< / H3 >
< P > An Organisation Assurer allocates a number of Assurance Points to
the (Organisation) Member being Assured. CAcert combines the
Assurance Points into a global < I > Web-of-Trust< / I > (or " WoT" ).
< H3 > < span class = "change" > 0.2. The CAcert Web of Trust< / span > < / H3 >
< P > < span class = "change" > An Organisation Assurer < span class = "strike" > allocates a number of Assurance
Points to the (Organisation) Member being Assured. CAcert combines the
Assurance Points into a global< / span > < span class = "change" > verifies that the
Organisation exists and that the applicant for the assurance is in the power to
sign the COAP form to make sure that the process is included in the< / span > < / span >
< span class = "change" > < I > Web-of-Trust< / I > (or " WoT" ).< / span >
< / P >
< P > CAcert explicitly chooses to meet its various goals by
construction of a Web-of-Trust of all Members.
< P > < span class = "change" >
construction of a Web-of-Trust of all Members.< / span >
< / P >
< H3 > 0.3. Related Documentation< / H3 >
< P > Documentation on Organisation Assurance is split between this Organisation
Assurance Policy (OAP) and the (organisation) < A HREF = "http://wiki.cacert.org/wiki/AssuranceHandbook2" TARGET = "_blank" > Assurance Handbook< / A > .
The policy is controlled by Configuration Control Specification (< A HREF = "http://wiki.cacert.org/wiki/PolicyDrafts/ConfigurationControlSpecification" TARGET = "_blank" > CCS< / A > )
under Policy on Policy (< A HREF = "http://www.cacert.org/policy/PolicyOnPolicy.php" TARGET = "_blank" > PoP< / A > )
< H3 > < span class = "change" > < / span > < / H3 >
< P > < span class = "change" >
Assurance Policy (OAP) and the < span class = "strike" > < / span > < span class = "change" > < A HREF = " //wiki.cacert.org/AssuranceHandbook2" TARGET = "_blank" > < / span > < span class = "change" > Organisation < / span > < / A > .
The policy is controlled by Configuration Control Specification (< span class = "change" > < A HREF = "//svn.cacert.org/CAcert/Policies/ConfigurationControlSpecification.html " TARGET = "_blank" > CCS< / A > < / span > )
under Policy on Policy (< span class = "change" > < A HREF = " //www.cacert.org/policy/PolicyOnPolicy.php" TARGET = "_blank" > PoP< / A > < / span > )
policy document regime. Because Organisation Assurance is an active
area, much of the practice is handed over to the Assurance Handbook,
which is not a controlled policy document, and can more easily
respond to experience and circumstances. It is also more readable.
respond to experience and circumstances. It is also more readable.< / span >
< / P >
< P > See also Assurance Policy (< A HREF = "http://www.cacert.org/policy/AssurancePolicy.php" TARGET = "_blank" > AP< / A > )
and CAcert Policy Statement (< A HREF = "http://svn.cacert.org/CAcert/policy.htm" TARGET = "_blank" > CPS< / A > ).
< P > < span class = "change" > See also Assurance Policy (< span class = "change" > < A HREF = "//www.cacert.org/policy/AssurancePolicy.php" TARGET = "_blank" > AP< / A > < / span > )
and < span class = "strike" > CAcert Policy Statement (< A HREF = "http://svn.cacert.org/CAcert/policy.htm" TARGET = "_blank" > CPS< / A > )< / span >
< span class = "change" > Certification Practice Statement (< A HREF = "//www.cacert.org/policy/CertificationPracticeStatement.php" TARGET = "_blank" > CPS< / a > )< / span > .< / span >
< / P >
< H2 > < A NAME = "1" > < / A > 1. Organisation Assurance Purpose < / H2 >
< P > Organisations with assured status can issue certificates via their
O-Admin directly with their own domains within.
< p > < span class = "q" > Not yet reviewed:< / span > < / p >
< H2 > < A NAME = "1" > < / A > 1. < span class = "change" > < / span > < / H2 >
< P > Organisations with assured status can issue certificates < span class = "change" >
O-Admin< / span >
< / P >
< P > The purpose and statement of the certificate remains the same as
with ordinary users (natural persons) and as described in the CPS.
@ -82,87 +196,87 @@ with ordinary users (natural persons) and as described in the CPS.
< LI > < P > The organisation is within the jurisdiction and can be taken to CAcert Arbitration. < / P >
< / UL >
< H3 > 1.1.The Organisation Assurance Statement< / H3 >
< P > The Assurance Statement makes the following claims about the organisation:
< H3 > < span class = "change" > < / span > < / H3 >
< P > < span class = "change" > < / span >
< / P >
< OL >
< LI > < P > The organisation is a bona fide (organisation) Member. In
< LI > < P > < span class = "change" >
other words, the organisation is a member of the CAcert Community as
defined by the CAcert Community Agreement (< HREF = " http: //www.cacert.org/policy/CAcertCommunityAgreement.php" TARGET = "_blank" > CCA< / A > );
defined by the CAcert Community Agreement (< span class = "change" > < A HREF = " //www.cacert.org/policy/CAcertCommunityAgreement.php" TARGET = "_blank" > CCA< / A > < / span > < / span >
< / P >
< LI > < P > The Member has a (login) account with CAcert's on-line registration and service system; < / P >
< LI > < P > The Member can be determined from any CAcert certificate issued by the Account; < / P >
< LI > < P > The Member is bound into CAcert's Arbitration as defined by the CAcert Community Agreement; < / P >
< LI > < P > Some information on the Organisation Member are known and
< LI > < P > < span class = "change" > < / span > < / P >
< LI > < P > < span class = "change" > < / span > < / P >
< LI > < P > < span class = "change" > < / span > < / P >
< LI > < P > < span class = "change" >
verified by CAcert: the Organisation Name(s), form of organisation,
domain names, Individual Members for contact and liaison purpose,
secondary distinguishing feature (e.g. corporate number).< / >
secondary distinguishing feature (e.g. corporate number).< / span> < / P>
< / OL >
< P > The confidence level of the Assurance Statement is expressed by the (Organisation) Assurance Points.
< P > < span class = "change" > < / span >
< / P >
< P > Organisations can expect the normal privacy provisions provided to
< P > < span class = "change" >
Individuals. However, any business arrangements that are not
strictly provided for in this policy are likely outside normal
privacy. < / >
privacy. < / span> < / P>
< H3 > < A NAME = "1.2" > < / A > 1.2. Relying Party Statement< / H3 >
< P > The primary goal of the Organisation Assurance Statement is for
< H3 > < A NAME = "1.2" > < / A > < span class = "change" > < / span > < / H3 >
< P > < span class = "change" >
the express purpose of certificates to meet the needs of the < I > Relying
Party Statement< / I > , which latter is found in the Certification
Practice Statement (< A HREF = "http://svn.cacert.org/CAcert/policy.htm " TARGET = "_blank" > CPS< / A > ).
Practice Statement (< span class = "change" > < A HREF = "//www.cacert.org/policy/CertificationPracticeStatement.php " TARGET = "_blank" > CPS< / A > < / span > < / span >
< / P >
< P > When a certificate is issued, some of the Organisation Assurance
< P > < span class = "change" >
Statement may be incorporated, e.g. Organisation name. Other parts
may be implied, e.g. Membership, exact account and status. They all
are part of the < I > Relying Party Statement< / I > . In short, this means
that other Members of the Community may rely on the information
verified by Assurance and found in the certificate.< / >
< P > In particular, certificates are sometimes considered to provide
verified by Assurance and found in the certificate.< / span> < / P>
< P > < span class = "change" >
reliable indications of e.g. the Member's Organisation name,
organisation domain names, and organisation email address. The
nature of Assurance, the number of Assurance Points, and other
policies and processes should be understood as limitations on any
reliance.
reliance. < / span >
< / P >
< H2 > 2. The Organisation Member< / H2 >
< H2 > < span class = "change" > < / span > < / H2 >
< H3 > < A NAME = "2.11" > < / A > 2.1. The Organisation Member's name < / H3 >
< P > The name of the organisation as recorded in the Member's CAcert
login account. The general standard of a name is:
< H3 > < A NAME = "2.11" > < / A > < span class = "change" > < / span > < / H3 >
< P > < span class = "change" >
login account. The general standard of a name is:< / span >
< / P >
< UL >
< LI > < P > The name should be recorded as written in a government-issued
< LI > < P > < span class = "change" >
organisation registration extract e.g. extract from governmental
trade office registrar.< / >
< LI > < P > The organisation name should be recorded as completely as
trade office registrar.< / span> < / P>
< LI > < P > < span class = "change" >
possible. That is without abbreviations, and without transliteration
of characters.
of characters. < / span >
< / P >
< LI > < P > The organisation name is recorded as a string of characters,
encoded in < SPAN LANG = "en-US" > unicode< / SPAN > transformation format.< / >
< LI > < P > < span class = "change" >
encoded in < SPAN LANG = "en-US" > unicode< / SPAN > transformation format.< / span> < / P>
< / UL >
< H3 > < A NAME = "2.21" > < / A > 2.2. Multiple trade names and variations< / H3 >
< P > In order to handle the contradictions in the above general
< H3 > < A NAME = "2.21" > < / A > < span class = "change" > < / span > < / H3 >
< P > < span class = "change" >
standard, a Member may record multiple names or multiple variations
of a name in her CAcert online Account. Examples of variations
include trade names, variations of trade names, abbreviations of a
name, different language or country variations, and transliterations
of characters in a name. All names should be defined within the
organisation registration extract.< / >
organisation registration extract.< / span> < / P>
< H3 > < A NAME = "2.31" > < / A > 2.3. Status and Capabilities< / H3 >
< P > An organisation Name which has reached the level of 50
< H3 > < A NAME = "2.31" > < / A > < span class = "change" > < / span > < / H3 >
< P > < span class = "change" >
(Organisation) Assurance Points is defined as an Assured organisation
Name. An Assured Name can be used as Organisation Name in a
certificate issued by CAcert. A Member with at least one Assured Name
has reached the Assured Member status. Additional capabilities are
described in Table 1.
described in Table 1. < / span >
< / P >
< BLOCKQUOTE STYLE = "text-align: left" > < FONT SIZE = 2 > < > Table 1:
Assurance Capability< / I > < / > < / BLOCKQUOTE >
< BLOCKQUOTE STYLE = "text-align: left" > < FONT SIZE = 2 > < span class = "change" > < I> Table 1:
Assurance Capability< / I > < / span> < / FONT> < / BLOCKQUOTE >
< DL >
< DD >
< TABLE WIDTH = 470 BORDER = 1 CELLPADDING = 5 CELLSPACING = 0 >
@ -172,92 +286,92 @@ Assurance Capability</I></FONT></BLOCKQUOTE>
< COL WIDTH = 196 >
< TR >
< TD WIDTH = 65 >
< P ALIGN = LEFT > < > Minimum Assurance Points< / I > < / P >
< P ALIGN = LEFT > < span class = "change" > < I> Minimum Assurance Points< / I > < / span > < / P >
< / TD >
< TD WIDTH = 83 >
< P ALIGN = LEFT > < > Capability< / I > < / P >
< P ALIGN = LEFT > < span class = "change" > < I> Capability< / I > < / span > < / P >
< / TD >
< TD WIDTH = 85 >
< P ALIGN = LEFT > < > Status< / I > < / P >
< P ALIGN = LEFT > < span class = "change" > < I> Status< / I > < / span > < / P >
< / TD >
< TD WIDTH = 196 >
< P ALIGN = LEFT > < > Comment< / I > < / P >
< P ALIGN = LEFT > < span class = "change" > < I> Comment< / I > < / span > < / P >
< / TD >
< / TR >
< TR VALIGN = TOP >
< TD WIDTH = 65 >
< P ALIGN = CENTER > 0< / P >
< P ALIGN = CENTER > < span class = "change" > < / span > < / P >
< / TD >
< TD WIDTH = 83 >
< P ALIGN = LEFT > Request Organisation Assurance< / P >
< P ALIGN = LEFT > < span class = "change" > < / span > < / P >
< / TD >
< TD WIDTH = 85 >
< P ALIGN = LEFT > Prospective Organisation Member< / P >
< P ALIGN = LEFT > < span class = "change" > < / span > < / P >
< / TD >
< TD WIDTH = 196 >
< P ALIGN = LEFT > Organisation taking part of an Organisation
< P ALIGN = LEFT > < span class = "change" >
Assurance, who does not have created a CAcert login account
(yet). The allocation of Assurance Points is awaiting login
account creation.< / >
account creation.< / span> < / P>
< / TD >
< / TR >
< TR VALIGN = TOP >
< TD WIDTH = 65 >
< P ALIGN = CENTER > 0< / P >
< P ALIGN = CENTER > < span class = "change" > < / span > < / P >
< / TD >
< TD WIDTH = 83 >
< P ALIGN = LEFT > Request unnamed certificates< / P >
< P ALIGN = LEFT > < span class = "change" > < / span > < / P >
< / TD >
< TD WIDTH = 85 >
< P ALIGN = LEFT > (Organisation) Member< / P >
< P ALIGN = LEFT > < span class = "change" > < / span > < / P >
< / TD >
< TD WIDTH = 196 >
< P ALIGN = LEFT > Although the Organisation Member's details are
recorded in the account, they are not highly assured.< / >
< P ALIGN = LEFT > < span class = "change" >
recorded in the account, they are not highly assured.< / span> < / P>
< / TD >
< / TR >
< TR VALIGN = TOP >
< TD WIDTH = 65 >
< P ALIGN = CENTER > 50< / P >
< P ALIGN = CENTER > < span class = "change" > < / span > < / P >
< / TD >
< TD WIDTH = 83 >
< P ALIGN = LEFT > Request certificates with the name of the
organisation< / >
< P ALIGN = LEFT > < span class = "change" >
organisation< / span> < / P>
< / TD >
< TD WIDTH = 85 >
< P ALIGN = LEFT > Assured Organisation Member< / P >
< P ALIGN = LEFT > < span class = "change" > < / span > < / P >
< / TD >
< TD WIDTH = 196 >
< P ALIGN = LEFT > Statements of Assurance: the organisation name is
assured to 50 Assurance Points or more< / >
< P ALIGN = LEFT > < span class = "change" >
assured to 50 Assurance Points or more< / span> < / P>
< / TD >
< / TR >
< / TABLE >
< / DL >
< P > A Member may check the status of another Member, especially for an
< P > < span class = "change" >
assurance process. Status may be implied from information in a
certificate. The number of Assurance Points for each Member is not
published.
published. < / span >
< / P >
< UL >
< P > The CAcert Policy Statement (< A HREF = "http://svn.cacert.org/CAcert/policy.htm" TARGET = "_blank" > CPS< / A > )
< P > < span class = "change" > < span class = "strike" > < A HREF = "http://svn.cacert.org/CAcert/policy.htm" TARGET = "_blank" > CPS< / A > )< / span > < span class = "q" > < br > Document no longer exist< br > What was referenced here?< br > PoP? or CPS?< br > < / span >
and other policies may list other capabilities that rely on
Assurance Points.
Assurance Points. < / span >
< / P >
< P > When an organisation is assured, it becomes in effect an Assurer
< P > < span class = "change" >
for its local names. These names are used in certificates
issued under the listed domains. When issued, the organisation
takes primary responsibility as Member. < BR > < BR > Each name has to be
checked against the internal systems of the organisation. The
internal systems have to match some standard, as covered in SubPols
/ OA Manual. < BR > < BR > If they internal systems do not support this
application, then the regular Assurance process can be used instead.< / >
application, then the regular Assurance process can be used instead.< / span> < / P>
< / UL >
< H2 > 3. Roles and Structure < / H2 >
< H3 > 3.1 Organisation Assurance Officer < / H3 >
< P > The (Organisation) Assurance Officer (" AO" ) manages this
< H3 > 3.1 < span class = "change" > < / span > < / H3 >
< P > The < span class = "change" > < / span > " AO" ) manages this
policy and reports to the CAcert Inc. Committee (" Board" ).
< / P >
< P > The AO manages all OAs and is responsible for process, the CAcert
@ -311,9 +425,9 @@ Board decides.
< LI > < P > Tests to be created, approved,
run, verified by CAcert only (not outsourced).
< / P >
< LI > < P > Testing includes both online /
< LI > < P > < span class = "strike" > Tests are conducted manually, not online/automatic. < / span > < span class = "change" >
automated and manual tests with the manual tests confirming the on
line tests.
line tests.< / span >
< / P >
< LI > < P > Documentation to be retained.
< / P >
@ -353,7 +467,7 @@ is the one who handles the assurance requests and the issuing of
certificates.
< / P >
< OL TYPE = a >
< LI > < P > O-Admin must be an individual
< LI > < P > O-Admin must be < span class = "change" > < / span >
Assurer
< / P >
< OL TYPE = i >
@ -364,13 +478,13 @@ certificates.
< / P >
< / OL >
< LI > < P > Organisation is required to
appoint the O-Admin(s), and appoint ones as required.
appoint the O-Admin< span class = "change" > < / span >
< / P >
< OL TYPE = i >
< LI > < P > On COAP Request Form.
< / P >
< LI > < P > On the organisation Member
account.< / >
< LI > < P > < span class = "change" >
account.< / span> < / P>
< / OL >
< LI > < P > O-Admin must work with an assigned
OA.
@ -378,7 +492,7 @@ certificates.
< OL TYPE = i >
< LI > < P > Have contact details.
< / P >
< LI > < P > Is named on the organisation Member account.< / P >
< LI > < P > < span class = "change" > < / span > < / P >
< / OL >
< / OL >
@ -454,8 +568,8 @@ subsidiary policies.
< H2 > 5. Process < / H2 >
< H3 > 5.1 Standard of Organisation Assurance < / H3 >
< P > The essential standard of Organisation Assurance (see also 1.1
Organisation Assurance Statement) is:
< P > The essential standard of Organisation Assurance < span class = "change" >
Organisation Assurance Statement)< / span >
< / P >
< OL TYPE = a >
< LI > < P > the organisation exists
@ -482,40 +596,40 @@ Organisation Assurance Statement) is:
terms of the < B > CAcert Community Agreement < / B > , and is therefore
subject to Arbitration.
< / P >
< LI > < P > Organisation Domain names must have been checked accordingly
the CPS.< / >
< LI > < P > < span class = "change" >
the CPS.< / span> < / P>
< / OL >
< P > Acceptable documents to meet above standard are stated in the SubPol.
< / P >
< H3 > 5.2 (Organisation) Assurance Points< / H3 >
< P > The Organisation Assurance applies Assurance Points to each
< H3 > < span class = "change" > < / span > < / H3 >
< P > < span class = "change" >
organisation Member which measure the increase of confidence in the
Statement (above). Assurance Points should not be interpreted for any
other purpose. Note that, even though they are sometimes referred to
as < I > Web-of-Trust< / I > (Assurance) Points, or < I > Trust< / I > Points,
the meaning of the word 'Trust' is not well defined.
the meaning of the word 'Trust' is not well defined.< / span >
< / P >
< P > < > Assurance Points Allocation< / I > < BR > An Assurer can allocate a
< P > < span class = "change" > < I> Assurance Points Allocation< / I > < BR > An Assurer can allocate a
number of Assurance Points to the organisation Member. The allocation
of the maximum means that the Assurer is 100% confident in the
information presented:
information presented:< / span >
< / P >
< UL >
< LI > < P > Detail on form, system, documents,
organisation and O-Admin(s) in accordance;
< LI > < P > < span class = "change" >
organisation and O-Admin(s) in accordance;< / span >
< / P >
< LI > < P > Sufficient quality organisation
< LI > < P > < span class = "change" >
registration extract documents and organisation by-laws related to
signature control of the organisation director have been checked;
signature control of the organisation director have been checked;< / span >
< / P >
< LI > < P > Assurer's familiarity with extract
and by-laws documents;
< LI > < P > < span class = "change" > Assurer's familiarity with extract
and by-laws documents; < / span >
< / P >
< LI > < P > The Organisation Assurance Statement is confirmed.
< LI > < P > < span class = "change" > < / span >
< / P >
< / UL >
< P > Any lesser confidence should result in less Assurance Points for
< P > < span class = "change" >
an organisation name. If the Organisation Assurer has no confidence
in the information presented, then < I > zero< / I > Assurance Points may
be allocated by the Organisation Assurer. For example, this may
@ -525,29 +639,29 @@ second (individual) Assurer as such gaining confidence and/or assist
in allocating a second Organisation Assurance. The number of
Assurance Points from < I > zero< / I > to < I > maximum< / I > is guided by the
Assurance Handbook and the judgment of the Assurer. If there is
negative confidence the Assurer should consider filing a dispute.
negative confidence the Assurer should consider filing a dispute.< / span >
< / P >
< P > Multiple (trade) organisation names should be allocated Assurance
Points independently within a single Assurance.
< P > < span class = "change" >
Points independently within a single Assurance.< / span >
< / P >
< P > In general, for an organisation Member to reach 50 Assurance
< P > < span class = "change" >
Points, the Member must have participated in at least two assurances,
and at least one organisation name will have been assured to that
level.
level. < / span >
< / P >
< P > The maximum number of Assurance Points which can be allocated for
< P > < span class = "change" >
an Assurance under this policy and under any act under any Subsidiary
Policy (below) is 50 Assurance Points.
Policy (below) is 50 Assurance Points.< / span >
< / P >
< H3 > 5.2 CAcert Organisation Assurance Programme (COAP)
< H3 > 5.2 < span class = "change" > < / span > < span class = "change" > < / span >
< / H3 >
< P > The COAP form documents the checks and the resultant assurance
results to meet the standard. Additional information to be provided
on form:
< / P >
< OL TYPE = a >
< LI > < P > CAcert account of O-Admin(S)
(email address of O-Admin individual Assurer Membership account)
< LI > < P > CAcert account of O-Admin< span class = "change" > < / span >
(email address< span class = "strike" > ?< / span > < span class = "change" > < / span >
< / P >
< LI > < P > Location:
< / P >
Marcus Mängel
13 years ago