From 9fbb6d5ba789b66d05cd9a328c11baea394ec2a5 Mon Sep 17 00:00:00 2001
From: Ian Grigg <iang@cacert.org>
Date: Wed, 1 Sep 2010 09:56:50 +0000
Subject: [PATCH] committed the blue into black, from Ulrich.

git-svn-id: http://svn.cacert.org/CAcert/Policies@2017 14b1bab8-4ef6-0310-b690-991c95c89dfd
---
 TTPAssistedAssurancePolicy.html | 291 ++++++++++++++------------------
 1 file changed, 126 insertions(+), 165 deletions(-)

diff --git a/TTPAssistedAssurancePolicy.html b/TTPAssistedAssurancePolicy.html
index e179e86..0ef4c3b 100644
--- a/TTPAssistedAssurancePolicy.html
+++ b/TTPAssistedAssurancePolicy.html
@@ -38,11 +38,11 @@
    <a href="PolicyOnPolicy.html"><img align="right" src="images/cacert-wip.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a>
    Editor: Iang<br />
    Creation Date : <a href="//svn.cacert.org/CAcert/Assurance/Minutes/20091215HamburgMiniTOP.html">20091215</a><br />
-   Status: WIP 20100705<br />
-   Licence: <a href="//wiki.cacert.org/Policy#Licence" title="this document is Copyright CAcert, licensed openly under CC-by-sa with all disputes resolved under DRP.  More at wiki.cacert.org/Policy" > CC-by-sa/DRP </a><br />
+   Status: WIP 2010901<br />
+   Licence: <a href="//wiki.cacert.org/Policy#Licence" title="this document is Copyright CAcert, licensed openly under CC-by-sa with all disputes resolved under DRP.  More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br />
   </p>
 
-  <h2> <a name="0"> 0. </a> Preliminaries </h2>
+  <h2 id="s0"> 0. Preliminaries </h2>
   <p>
    This sub-policy extends the
    <a href="//www.cacert.org/policy/AssurancePolicy.php">
@@ -50,25 +50,21 @@
    by specifying how Assurers can be assisted by
    outsourcing the identity documents verification
    component of assurance to trusted third parties (TTPs).
-<span class="change">
    Definitions can be found in AP or in
    <a href="//wiki.cacert.org/AssuranceHandbook">Assurance Handbook</a>
    ("AH").
-</span>
   </p>
 
-  <h2> <a name="1"> 1. </a> Scope </h2>
+  <h2 id="s1"> 1. Scope </h2>
   <p>
    This sub-policy is restricted to members located
    in areas not well-served with Assurers.
-<span class="change">
    It serves a goal of promoting both Assurers and Members is those areas.
-</span>
   </p>
 
-  <h2> <a name="1"> 2. </a> Roles </h2>
+  <h2 id="s2"> 2. Roles </h2>
 
-  <h3> <a name="1"> 2.1 </a> Trusted Third Party </h3>
+  <h3 id="s2.1"> 2.1 Trusted Third Party </h3>
   <p>
    A Trusted Third Party ("TTP") is a person who is traditionally respected
    for making reliable statements to others, especially over identification
@@ -76,24 +72,12 @@
    Notaries (European), bank managers, accountants
    and lawyers.
   </p>
-  <p class="strike">
-   The Board maintains a list of approved classes of TTP
-   and forms of documents.
-   The list is expected to vary according to the
-   different juridical traditions of different regions.
-  </p>
 
-  <h3> <a name="2.2"> 2.2 </a> The Assurer <span class="change">(aka TTP-admin)</a> </h3>
+  <h3 id="s2.2"> 2.2 The Assurer (aka TTP-admin) </h3>
     <p class="q">uli: (Synonyms: TTP-Assurer, TTP-Admin)</p>
   <p>
    To employ a TTP in an assurance,
-   the Assurer must
-<span class="change">
-   be a Senior Assurer.
-</span>
-<span class="strike">
-   have 50 experience points, and pass other checks as imposed by the Board from time to time.
-</span>
+   the Assurer must be a Senior Assurer.
    The Assurer must be familiar with the local
    language and customs.
   </p>
@@ -104,20 +88,19 @@
    </ul>
 
 
-  <h3> <a name="2.3"> 2.3 </a> Member </h3>
+  <h3 id="s2.3"> 2.3 Member </h3>
 
   <p>
    A Member ("assuree") who is located in a place not well-served
    by Assurers may use the TTP-assisted Assurance.
   </p>
 
-  <h2> <a name="3"> 3. </a> The Assurance </h2>
+  <h2 id="s3"> 3. The Assurance </h2>
 
-<p class="q">Iang:  I suggest this be section 3:</p>
-  <p class="change">
+  <p>
   Assurance assisted by TTP must meet these requirements:
   </p>
-  <ol class="change" type="a"><li>
+  <ol type="a"><li>
       The Assurer must positively confirm the identity and
       suitability of the TTP.
     </li><li>
@@ -128,21 +111,129 @@
       The Assurer makes a reliable statement to confirm the
       Assurance Statement.
     </li><li>
-<i>
       Assurance must be marked as TTP-Assisted
       (e.g., by use of TTPAdmin flag).
-</i>
   </li></ol>
 
-<p class="q"> And all the rest in pink box be pushed into the HANDBOOK.  This way, the policy sets requirements and standards, and AO is responsible for meeting them as a PRACTICE. </p>
+
+<p class="q"> See Appendix A for example text for Handbook text.</p>
+
+  <h2 id="s4"> 4. Assurance Officer ("AO") </h2>
+  <p>
+   The Board routinely delegates its responsibilities to the
+   Assurance Officer (and this section assumes that, but does
+   not require it).
+  </p>
+
+  <p>
+   A report is requested annually from the Assurance Officer
+   on performance of this policy for the association's
+   annual report.
+  </p>
+  <h3 id="s4.1"> 4.1 Practice </h3>
+  <p>
+   Assurance Officer should prepare
+   a detailed documentation under
+     <a href="//wiki.cacert.org/AssuranceHandbook">AH</a>
+     that meets the needs of this policy, including:
+  </p>
+  <ul><li>
+     Form for TTPs
+    </li><li>
+     Guide for TTPs.
+    </li><li>
+     Form for TTP-assisted assurance (used by Assurer)
+    </li><li>
+     Guide and protocol
+     <span class="q"> (Appendix A below)</span>
+     for Assurers.
+    </li><li>
+     Mechanisms for contacting Assurers available for
+     TTP-assisted Assurances.
+    </li><li>
+     Definition of
+     <a href="https://wiki.cacert.org/AssuranceHandbook2#What_is_a_Senior_Assurer.3F">
+     Senior Assurer</a>.
+  </li></ul>
+
+  <h3 id="s4.2"> 4.2 Deserts </h3>
+  <p>
+    The Assurance Officer maintains a list of regions
+    that are designated as '<i>deserts,</i>' being areas that are so short
+    of Assurers as to render face-to-face Assurance impractical.
+    In each region, approved types of TTP are listed (e.g., Notary).
+    The list is expected to vary according to the
+    different juridical traditions of different regions.
+    Changes to the regional lists are prepared by
+    either an Organisation Assurer for that region
+    (as described by OAP)
+    or by two Assurers familiar with the traditions
+    in that region.
+    Changes are then submitted to the Board for approval.
+  </p>
+  <p>
+    Use of a type of TTP not on the list must be approved by
+    AO and notified to Board.
+    It is an explicit goal to reduce the usage of
+    TTP-assisted Assurances in favour of face-to-face Assurance.
+  <p>
+
+  <p>
+    In coordination with internal and external auditors,
+    the Assurance Officer shall design and implement a
+    suitable programme to meet the needs of audit.
+    Where approved by auditors or Board, the Assurance
+    Officer may document and implement minor variations to this policy.
+  </p>
+
+  <h2 id="s5"> 5. Topup Assurance Points </h2>
+
+  <p>
+    AO is to operate a topup Assurance programme
+    to help seed desert areas with Assurers.
+  </p>
+
+  <p>
+    A topup Assurance is conducted by a third Senior Assurer
+    according to the following requirements:
+  </p>
+
+  <ol><li>
+      Assurer must be a Senior Assurer.
+    </li><li>
+      Assurer Challenge must be completed as passed by Member.
+    </li><li>
+      The topup must be requested by Member for purpose of enabling the Member to reach Assurer level.
+    </li><li>
+      The two TTP-Assisted Assurances already conducted are to be reviewed.
+    </li><li>
+      Topup may award up to 35 points.
+    </li><li>
+        Assurance must be marked as Topup
+        (e.g., by use of new feature with TTPAdmin flag).
+  </ol></li>
+
+  <p>
+    Each topup is to be reported to AO.
+    Topup is only available in designated deserts.
+  </p>
+
+<hr>
+
+  <h2 id="A"> Appendix A - Handbook text, not for policy </h2>
 
 <blockquote><table border="1" bgcolor="lightpink"><tr><td>
+  <center><p class="q">
+     This pink part into the HANDBOOK when it goes to DRAFT, not part of policy!<br />
+     This way, the policy sets requirements and standards,<br />
+     and AO is responsible for meeting them as a PRACTICE.
+  </p></center>
 
   <p>
    These steps are taken.
   </p>
 
-  <h3> <a name="3.1"> 3.1 </a> Preliminaries  </h3>
+  <h3> 3.1 Preliminaries  </h3>
   <ol> <li>
     <p>
     The Member creates her account
@@ -163,9 +254,7 @@
    </li><li>
     The Assurer confirms that standard Assurances do not meet
     the needs of the Member.
-<span class="change">
     This is only likely in areas not well-served with Assurers.
-</span>
     </p>
    </li><li>
     <p>
@@ -180,7 +269,7 @@
      and gives the Member a Token.
    </li></ol>
 
-  <h3> <a name="3.2"> 3.2 </a> Face-to-face meeting with the TTP  </h3>
+  <h3 id="s3.2"> 3.2 Face-to-face meeting with the TTP  </h3>
    <ol><li>
    <p>
     The TTP and the Member meet face-to-face.
@@ -231,7 +320,7 @@
      </span>
   </li></ol>
 
- <h3> <a name="3.3"> 3.3 </a> Completion of the Assurance  </h3>
+ <h3 id="s3.3"> 3.3 Completion of the Assurance  </h3>
    <ol><li>
     <p>
      The Assurer must confirm the assurance using the paperwork,
@@ -283,133 +372,5 @@
 
 </td></tr></table></blockquote>
 
-  <h2> <a name="4"> 4. </a> Assurance Officer ("AO") </h2>
-  <p>
-   The Board routinely delegates its responsibilities to the
-   Assurance Officer (and this section assumes that, but does
-   not require it).
-  </p>
-
-  <p>
-   A report is requested annually from the Assurance Officer
-   on performance of this policy for the association's
-   annual report.
-  </p>
-  <h3 id="s4.1"> 4.1 Practice </h3>
-  <p>
-   Assurance Officer should prepare
-<span class="change">
-   a detailed documentation under
-     <a href="//wiki.cacert.org/AssuranceHandbook">AH</a>
-     that meets the needs of this policy, including:
-</span>
-<span class="strike">
-   documentation
-   to support the TTP-assisted Assurance, including:
-</span>
-  </p>
-  <ul><li>
-     Form for TTPs
-    </li><li>
-     Guide for TTPs.
-    </li><li>
-     Form for TTP-assisted assurance (used by Assurer)
-    </li><li>
-     Guide <span class="change"> and protocol </span>
-     <span class="q"> (pink box above)</span>
-     for Assurers.
-    </li><li>
-     Mechanisms for contacting Assurers available for
-     TTP-assisted Assurances.
-    </li><li class="change">
-     Definition of
-     <a href="https://wiki.cacert.org/AssuranceHandbook2#What_is_a_Senior_Assurer.3F">
-     Senior Assurer</a>.
-  </li></ul>
-
-  <h3 id="s4.2"> 4.2 Deserts </h3>
-  <p>
-<span class="change">
-    The Assurance Officer maintains a list of regions
-    that are designated as '<i>deserts,</i>' being areas that are so short
-    of Assurers as to render face-to-face Assurance impractical.
-    In each region, approved types of TTP are listed (e.g., Notary).
-   The list is expected to vary according to the
-   different juridical traditions of different regions.
-</span>
-    Changes to the regional lists are prepared by
-    either an Organisation Assurer for that region
-    (as described by OAP)
-    or by two Assurers familiar with the traditions
-    in that region.
-    Changes are then submitted to the Board for approval.
-  </p>
-  <p>
-   Use of a type of TTP not on the list must be approved by
-<span class="change">
-   AO and notified to
-</span>
-   Board.
-<span class="change">
-   It is an explicit goal to reduce the usage of
-   TTP-assisted Assurances in favour of face-to-face Assurance.
-</span>
-  <p>
-
-  <p>
-    In coordination with internal and external auditors,
-    the Assurance Officer shall design and implement a
-    suitable programme to meet the needs of audit.
-    Where approved by auditors or Board, the Assurance
-    Officer may document and implement minor variations to this policy.
-  </p>
-
-  <h2 class="change"> <a name="5"> 5. </a> Topup Assurance Points </h2>
-
-    <ul class="q"><li>uli: did we discuss the points gained thru a TTP assurance?</li>
-    <li>From the calculation with the 35 pts, a TTP assuree never can reach the 100 pts level ...
-    2x 35 = 70 pts max. So he probably can never become an Assurer. One goal with the
-    TTP program is, to bring people upto 100 pts, so they can start to be a
-    regular Assurer. This goal cannot be reached neither by the Nucleus program
-    in conjunction to the TTP program. Is this as expected ?</li>
-    <li>Alternate plan: issue 50 pts (temporarly) with 2 TTP assurances. As enough people
-    are in an area, they can start Assure each other. With enough points received,
-    the temporarly 50 pts can be decreased to the default 35 pts level
-    (see also the Nucleus program). But issuing temporarly 50 pts, needs probably
-    also a software update to the system.</li>
-    <li>Iang:  see below for one idea we discussed.</li>
-  </ul>
-
-
-<p class="change">
-AO is to operate a topup Assurance programme
-to help seed desert areas with Assurers.
-</p>
-
-<p class="change">
-A topup Assurance is conducted by a third Senior Assurer
-according to the following requirements:
-</p>
-
-<ol class="change"><li>
-    Assurer must be a Senior Assurer.
-  </li><li>
-    Assurer Challenge must be completed as passed by Member.
-  </li><li>
-    The topup must be requested by Member for purpose of enabling the Member to reach Assurer level.
-  </li><li>
-    The two TTP-Assisted Assurances already conducted are to be reviewed.
-  </li><li>
-    Topup may award up to 35 points.
-  </li><li>
-      Assurance must be marked as Topup
-      (e.g., by use of new feature with TTPAdmin flag).
-</ol></li>
-
-<p class="change">
-Each topup is to be reported to AO.
-Topup is only available in designated deserts.
-</p>
-
  </body>
 </html>