Changes done by Robert.

git-svn-id: http://svn.cacert.org/CAcert/Policies@637 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
Teus Hagen 2008-03-12 12:16:49 +00:00
parent 5b764254cb
commit a6235229bd

View file

@ -9,13 +9,11 @@
<br><br> <br><br>
Author: Robert Cruikshank Author: Robert Cruikshank
<br> <br>
Creation date: WIP 2008-02-23 V0.1 Creation date: WIP 2008-02-23 V0.2
<br> <br>
Status: <font color="red">WIP DRAFT</font> 2008-02-23 based on WIP version 0.2 Status: <font color="red">WIP DRAFT</font> 2008-03-012
<br> <br>
Changes: policy email list discussion 12 March 2008 (teus) on: domain name check, CCA. Date next status: changes expected in April 2008.
<br>
Date next status: changes expected in June 2008.
<br> <br>
<!-- $Id$ --> <!-- $Id$ -->
@ -29,7 +27,7 @@ This is a subsidiary policy to the OAP.
<ol type="a"> <ol type="a">
<li>This sub-policy is applicable for the assurance of Australian organisations only.</li> <li>This sub-policy is applicable for the assurance of Australian organisations only.</li>
<li>This sub-policy is an implementation of the OAP.</li> <li>This sub-policy is an implementation of the OAP.</li>
<li>Where the Assurance Officer (AO) is referred to below, this includes his local delegate.</li> <li>Where the Assurance Officer (AO) is referred to below, this includes their local delegate.</li>
</ol> </ol>
<h2>2. Organisation Assurers</h2> <h2>2. Organisation Assurers</h2>
@ -39,7 +37,7 @@ In addition to the requirements defined in the OAP, an OA must meet the followin
<ol type="a"> <ol type="a">
<li>Knowledge of common legal forms of organisations in Australia.</li> <li>Knowledge of common legal forms of organisations in Australia.</li>
<li>Must pass an additional test on local knowledge, even if he is already an OA.</li> <li>Must pass an additional test on local knowledge, even if he/she is already an OA.</li>
<li>Should help the AO to define local requirements.</li> <li>Should help the AO to define local requirements.</li>
</ol> </ol>
@ -54,13 +52,35 @@ Acceptable organisations under this sub-policy must be:
</ol> </ol>
<h2>3.2 Documents</h2> <h2>3.2 Documents</h2>
The organisation has to provide documents to prove the essential standard of Organisation Assurance as defined in the policy: The organisation has to provide documentary and/or physical evidence for two purposes. The first is to prove that the organisation exists as a registered entity and the second is to prove that the applicant has appropriate authority over the domain name. This policy assumes that there is a link between the entity name and the domain name evident in a 'whois' search. This link should established an association between the registered entity and the applicant. (i.e. the organisation name, the domain name/s and the applicant's name can all be linked together through these mechanisms):
<ol type="a"> <ol type="a">
<li>The primary mechanism to prove existence is to get an official extract from the official register, either via an online interface or via physical means (organisation is asked to carry the costs)</li>
<li>The primary mechanism to prove existence of the organisation is to provide the ABN or other government registration number of the business that can be used to search the appropriate online register. This can take the form of a photocopy of the certificate issued by the business registrar accompanied by a letter on business letterhead. If an online search cannot be performed for the specific registrar your business is registered with, then an official extract will be required.</li>
<li>The primary mechanism to prove authority over the domain name/s in question is for the applicant to provide an official extract from the Australian business registrar containing the name and signature of the applicant as a current company officer, either via an online interface or via physical means (organisation is asked to carry the costs).</li>
<ol>
<li>An example of this is:
<br>The applicant performs an <abbr title="Australian Securities and Investments Commission">ASIC</abbr> or <abbr title="Dune and Bradstreet">D&B</abbr> document search for a lodged document that contains the name and signature of the applicant and proves the rights of the applicant over the company name.</li>
<ol type="i">
<li>Such a document could be a "Company Check" or "Business Check" (see <ahref="http://www.dnb.com.au/express/about/about_dnbexpress_reports.asp">http://www.dnb.com.au/express/about/about_dnbexpress_reports.asp</a>).</li>
<li>This document should be made available to the OA by hyperlink to the <abbr title="Australian Securities and Investments Commission">ASIC</abbr> or <abbr title="Dune and Bradstreet">D&B</abbr> web site ensuring its authenticity or be an official extract (organisation is asked to carry the costs).</li>
</ol>
</li>
<li>Where not available, an official document will be required from the company, subject to such checks as defined by the AO.</li> <li>Where not available, an official document will be required from the company, subject to such checks as defined by the AO.</li>
<li>If copies of official extracts from the official register are provided, they must be officially certified</li>
<li>Extracts from the official register should not be older than 4 weeks.</li> <li>An acceptable alternative may be to place a randomly generated canonical name or text entry in the DNS zone file of the domain name in question. The randomly generated text is to be created by the OA and given to the the applicant with the COAP form. This process is to be approved by the AO for each organisation.</li>
</ol>
<li>If copies of official extracts from the official register are provided, they must be officially certified.</li>
<li>The AO maintains a list of which specific documents and tests can be acceptable for certain types of organisations.</li> <li>The AO maintains a list of which specific documents and tests can be acceptable for certain types of organisations.</li>
<li>The OA can ask for additional documents if needed to validate required information for the assurance process.</li> <li>The OA can ask for additional documents if needed to validate required information for the assurance process.</li>
</ol> </ol>
@ -69,34 +89,28 @@ The organisation has to provide documents to prove the essential standard of Org
In addition to the checks defined in the policy, the COAP form for Australian organisations requires: In addition to the checks defined in the policy, the COAP form for Australian organisations requires:
<ol type="a"> <ol type="a">
<li>The OA to keep all documentation for 7 years.</li> <li>Signatures from organisation officials meeting the following requirements</li>
<li>Signatures from organisation officials must meet the following requirements</li>
<ol type="i"> <ol type="i">
<li>as legally specified for the type of organisation</li> <li>as legally specified for the type of organisation</li>
<li>as specified in the official documents (i.e. the excerpt from the register)</li> <li>as specified in the official documents (i.e. the excerpt from the register)</li>
<li>as delegated within the organisation (proof of delegation needed)</li> <li>as delegated within the organisation (proof of delegation needed)</li>
<li>The organisation must agree to the terms of the <strong>CAcert Community Agreement</strong> by signing the COAP and will therefore be subject to Arbitration.</li>
</ol> </ol>
</ol> </ol>
<h2>3.4 Acceptable Documentation</h2> <h2>3.4 Acceptable Search Process</h2>
An Australian Organisational Assurance must be preceded with the following searches, documents and agreements: An Australian Organisational Assurance must be preceded with the following searches, documents and agreements:
<ol type="a"> <ol type="a">
<li>To prove the organisation in question exists an <abbr title="Australian Securities and Investments Commission">ASIC</abbr> search is to be performed using the given organisation number. This can be performed at this site <a <li>To prove the organisation in question exists an <abbr title="Australian Securities and Investments Commission">ASIC</abbr> search is to be performed using the given organisation number. This can be performed at this site <a
href="http://www.search.asic.gov.au/gns001.html">http://www.search.asic.gov.au/gns001.html</a>. A printout of this search should be made and retained.</li> href="http://www.search.asic.gov.au/gns001.html">http://www.search.asic.gov.au/gns001.html</a>. A printout of this search should be made and retained.</li>
<li>This search can be extended with a <abbr title="Dune and Bradstreet">D&B</abbr> search which should also give the contact phone number for this company. This search can be performed at this site <ahref="http://www.dnb.com.au/express/default.asp">http://www.dnb.com.au/express/default.asp</a>. A copy of this search should be printed and retained. The phone number can be compared with any phone numbers provided by the applicant if any.</li> <li>This search can be extended with a <abbr title="Dune and Bradstreet">D&B</abbr> search which should also give the contact phone number for this company. This search can be performed at this site <ahref="http://www.dnb.com.au/express/default.asp">http://www.dnb.com.au/express/default.asp</a>. A copy of this search should be printed and retained. The phone number can be compared with any phone numbers provided by the applicant if any.</li>
<li>To help establish a link between the domain name and the company name a whois search is to be conducted and the registered business name compared to the ASIC search result.</li> <li>To help establish a link between the domain name and the company name a whois search is to be conducted and the registered business name compared to the ASIC search result.</li>
<li>Signing rights are to be determined by one of two possible processes.</li>
<ol>
<li>By requesting that the applicant perform an <abbr title="Australian Securities and Investments Commission">ASIC</abbr> or <abbr title="Dune and Bradstreet">D&B</abbr> document search for a lodged document that contains the signature of the applicant and proves the rights of the applicant over the company name.
<ol type="i">
<li>Such a document could be a "Company Check" or "Business Check" (see <a href="http://www.dnb.com.au/express/about/about_dnbexpress_reports.asp">http://www.dnb.com.au/express/about/about_dnbexpress_reports.asp</a>).</li>
<li>This document should be retrieved by hyperlink to the <abbr title="Australian Securities and Investments Commission">ASIC</abbr> or <abbr title="Dune and Bradstreet">D&B</abbr> web site ensuring its authenticity. This search can attract a nominal fee.</li></ol></li>
<li>(This to go to general domain check system admin policy as it is an implementation thing? If not then it should be in OA Policy.): By placing a randomly generated CNAME or Text entry in the DNS zone file of the domain name in question. The randomly generated text is to be created by the OA and given to the the applicant with the COAP form.</li>
</ol>
<li>The organisation name and number should be consistent throughout:<br> <li>The organisation name and number should be consistent throughout:<br>
<ol type="i"> <ol type="i">
@ -104,8 +118,6 @@ href="http://www.search.asic.gov.au/gns001.html">http://www.search.asic.gov.au/g
<li>on the COAP form.</li> <li>on the COAP form.</li>
<li>and in the CAcert database.</li> <li>and in the CAcert database.</li>
</ol></li> </ol></li>
<li>(This to go to OA Pol and to be deleted here?). The organisation must agree to the terms of the <strong>CAcert Community Agreement</strong> by signing the COAP and will therefor be subject to Arbitration.</li>
</ol> </ol>
</body> </body>
</html> </html>