You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
618 lines
23 KiB
HTML
618 lines
23 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
|
|
<TITLE>Assurance Policy</TITLE>
|
|
<META NAME="GENERATOR" CONTENT="OpenOffice.org 2.3 (Unix)">
|
|
<META NAME="CREATED" CONTENT="0;0">
|
|
<META NAME="CHANGEDBY" CONTENT="Teus Hagen">
|
|
<META NAME="CHANGED" CONTENT="20080630;12143900">
|
|
</HEAD>
|
|
<BODY LANG="en-GB" DIR="LTR">
|
|
<H1>Assurance Policy for CAcert Community Members</H1>
|
|
<P><A HREF="PolicyOnPolicy.html"><IMG SRC="Images/cacert-wip.png" NAME="graphics1" ALT="CAcert Policy Status" ALIGN=BOTTOM WIDTH=90 HEIGHT=33 BORDER=0></A><BR>Author:
|
|
Ian Grigg<BR>Creation date: 2008-05-30<BR>Status: WIP 2008-05-30<BR>Next
|
|
status: DRAFT June 2008</P>
|
|
<H2>0. Preamble</H2>
|
|
<P>Definitions of terms:
|
|
</P>
|
|
<DL>
|
|
<DT><EM>Assurance</EM>
|
|
</DT><DD>
|
|
Assurance is the process by which a Member of CAcert Community
|
|
(Assurer) identifies an individual (<SPAN LANG="en-US">Assuree</SPAN>).
|
|
<BR>With sufficient assurances, a Member may (a) issue certificates
|
|
with their Names included, (b) participate in assuring others, and
|
|
(c) other related activities. The strength of these activities is
|
|
based on the strength of the assurance.
|
|
</DD><DT>
|
|
<EM>Member</EM>
|
|
</DT><DD>
|
|
An individual who has agreed to the CAcert Community Agreement (CCA)
|
|
and has created successfully a CAcert (web)account on
|
|
http://www.cacert.org.
|
|
</DD><DT>
|
|
<EM>Name</EM>
|
|
</DT><DD>
|
|
A Name is the full name (first name(s), family name(s), name
|
|
extensions, abbreviation of name(s), etc.) of an individual. The
|
|
Name is technically spoken a string exactly taken from a
|
|
governmental issued photo ID. Transliteration of characters to a
|
|
character table defined by CAcert is permitted.
|
|
</DD><DT>
|
|
<EM>Secondary Distinguishing Feature</EM> (DoB)
|
|
</DT><DD STYLE="margin-bottom: 0.5cm">
|
|
A Name for an individual is discriminated from similar full names by
|
|
a secondary distinguished feature, as recorded on the on-line CAcert
|
|
(web) account. Currently this is the date of birth (DoB) of the
|
|
individual.
|
|
</DD></DL>
|
|
<H3>
|
|
The CAcert Web of Trust</H3>
|
|
<P>Each assurance claims a number of Assurance Points, applied to the
|
|
assured Member or Member prospect. By combining the assurances, and
|
|
the Assurance Points, CAcert constructs a global <EM>Web of Trust</EM>
|
|
("WoT").
|
|
</P>
|
|
<P>CAcert explicitly chooses to meet its various goals by
|
|
construction of a web-of-trust of all Members. This is done by
|
|
face-to-face meeting, identifying and sharing claims in a network.
|
|
Maintaining a sufficient strength for the web-of-trust is a
|
|
high-level objective of the Assurance process.
|
|
</P>
|
|
<H3>Related Documentation</H3>
|
|
<P>Documentation on Assurance is split between this Assurance Policy
|
|
(AP) and the <A HREF="http://wiki.cacert.org/wiki/AssuranceHandbook2" TARGET="_blank">Assurance
|
|
Handbook</A>. The policy is controlled by Configuration Control
|
|
Specification (<A HREF="http://wiki.cacert.org/wiki/PolicyDrafts/ConfigurationControlSpecification" TARGET="_blank">CCS</A>)
|
|
under Policy on Policy (<A HREF="http://www.cacert.org/policy/PolicyOnPolicy.php" TARGET="_blank">PoP</A>)
|
|
policy documents. <BR>Because Assurance is an active area, much of
|
|
the practice is handed over to the Assurance Handbook, which is not a
|
|
controlled document, and can more easily respond to experience and
|
|
circumstances. It is also more readable.
|
|
</P>
|
|
<P>See also Organisation Assurance Policy (<A HREF="http://www.cacert.org/policy/OrganisationAssurancePolicy.php" TARGET="_blank">OAP</A>)
|
|
and CAcert Policy Statement (<A HREF="http://svn.cacert.org/CAcert/policy.htm" TARGET="_blank">CPS</A>).
|
|
</P>
|
|
<H2>1. Purpose</H2>
|
|
<P>The purpose of Assurance is to add confidence in the Assurance
|
|
Statement made of a Member by the CAcert Community.
|
|
</P>
|
|
<H3>The Assurance Statement</H3>
|
|
<P>The following claims can be made about a person who is assured:
|
|
</P>
|
|
<OL>
|
|
<LI><P STYLE="margin-bottom: 0cm">The person is a bona fide Member.
|
|
In other words, the person is a member of the CAcert community, as
|
|
defined by the CAcert Community Agreement (CCA).
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">The Member has a (login)
|
|
(web)Account with CAcert's on-line registration and service system.
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">The Member can be determined from
|
|
any certificate issued by the Account.
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">The Member is bound into CAcert's
|
|
Arbitration (as defined by the CCA).
|
|
</P>
|
|
<LI><P>Some personal details of the Member (Name(s), primary and
|
|
other listed email address(es), secondary distinguished feature (eg
|
|
DoB)) are known to CAcert.
|
|
</P>
|
|
</OL>
|
|
<P>The confidence level of the Assurance Statement is expressed by
|
|
the Assurance Points.
|
|
</P>
|
|
<H3>Relying Party Statement</H3>
|
|
<P>The primary goal of the Assurance Statement is to meet the needs
|
|
of the <EM>Relying Party Statement</EM>, which latter is found in the
|
|
Certification Practice Statement (<A HREF="http://svn.cacert.org/CAcert/policy.htm" TARGET="_blank">CPS</A>)
|
|
for the express purpose of certificates.
|
|
</P>
|
|
<P>When a certificate is issued, some or all of the Assurance
|
|
Statement may be incorporated (e.g., name) or implied (e.g.,
|
|
Membership or status) into the certificate and be part of the <EM>Relying
|
|
Party Statement</EM>. In short, this means that other Members of the
|
|
Community may rely on the information verified by Assurance and found
|
|
in the certificate.
|
|
</P>
|
|
<P>In particular, certificates are sometimes considered to provide
|
|
reliable indications of the Member's Name. The nature of Assurance,
|
|
the number of Assurance Points, and other policies and processes
|
|
should be understood as limitations on any reliance.
|
|
</P>
|
|
<H2>2. The Member</H2>
|
|
<H3>Name(s)</H3>
|
|
<P>Names in the CAcert web account should have names which are
|
|
identical to those in the ID documents. </P>
|
|
<P>The technical form of a Name is a string of characters. It should
|
|
be exactly copied from a governmental-issued photo ID. </P>
|
|
<P><A HREF="http://en.wikipedia.org/wiki/Transliteration" TARGET="_blank">Transliteration</A>
|
|
of characters to a character table defined by Assurance Officer is
|
|
permitted, but the result must be 7-bit ASCII for the full Name.</P>
|
|
<P>In general names are handled case insensitively.</P>
|
|
<P>Abbreviation of second given name(s), middle name(s), titles and
|
|
name extensions in the Name of the web account to one character and a
|
|
dot are permitted. If the first given name in the ID document is
|
|
abbreviated it the first given name in the web account Name may be
|
|
abbreviated. Abbreviation in the web account Name will imply
|
|
abbreviation usage in the Common Name of the issued certificate
|
|
however.</P>
|
|
<P>The Common Name and related certificate fields in the issued
|
|
certificate is dependent on the assurance of the Name in the web
|
|
account. Abbreviation and transliteration handling in the CN is
|
|
defined in the Certificate Implementation Policy (<A HREF="http://svn.cacert.org/CAcert/Policies/CertificateImplementationPolicy.html" TARGET="_blank">CIP</A>).</P>
|
|
<P>If the governmental ID indicates for part of the Name a type
|
|
(title, first given name, secondary given name(s), middlename(s),
|
|
family name, and/or name extensions) and the Name in the web account
|
|
provides the type of name field attribute, this will be assured in
|
|
the Name account administration.
|
|
</P>
|
|
<P>A Member may have multiple individual Names. For example, married
|
|
name, variations of initials of first or middle names, abbreviation
|
|
of a first name, different language or country variations and
|
|
transliterations of characters in a name. Each individual Name must
|
|
be assured to the applicable level. That is, each Name to 50
|
|
Assurance Points to be used in a certificate. <BR>For an Assurer at
|
|
least one Name must have at least to 100 Assurance Points.</P>
|
|
<H3>Capabilities</H3>
|
|
<P>A Member has the following capabilities derived from Assurance:
|
|
</P>
|
|
<TABLE BORDER=1 CELLPADDING=5 CELLSPACING=0>
|
|
<TR>
|
|
<TD WIDTH=10%>
|
|
<P ALIGN=LEFT><EM>Minimum Assurance Points</EM></P>
|
|
</TD>
|
|
<TD WIDTH=25%>
|
|
<P ALIGN=LEFT><EM>Capability</EM></P>
|
|
</TD>
|
|
<TD WIDTH=65%>
|
|
<P ALIGN=LEFT><EM>Comment</EM></P>
|
|
</TD>
|
|
</TR>
|
|
<TR VALIGN=TOP>
|
|
<TD>
|
|
<P ALIGN=CENTER>0</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=LEFT>request un-named certificates</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=LEFT>although the Member's details are recorded in the
|
|
account, they are not highly assured.</P>
|
|
</TD>
|
|
</TR>
|
|
<TR VALIGN=TOP>
|
|
<TD>
|
|
<P ALIGN=CENTER>50</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=LEFT>request named certificates</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=LEFT>the name and Assurance Statement is assured to 50
|
|
Assurance Points or more</P>
|
|
</TD>
|
|
</TR>
|
|
<TR VALIGN=TOP>
|
|
<TD>
|
|
<P ALIGN=CENTER>100</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=LEFT>become an Assurer</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=LEFT>assured to 100 Assurance Points or more, and other
|
|
requirements listed below</P>
|
|
</TD>
|
|
</TR>
|
|
</TABLE>
|
|
<P ALIGN=CENTER STYLE="margin-bottom: 0cm">Assurance Capability table</P>
|
|
<P>The CAcert Policy Statement (CPS) and other policies may list
|
|
other capabilities that rely on Assurance Points.
|
|
</P>
|
|
<H2>3. The Assurer</H2>
|
|
<P>An Assurer is a Member with the following:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">is assured to a minimum of 100
|
|
Assurance Points,
|
|
</P>
|
|
<LI><P>has passed the Assurer Challenge.
|
|
</P>
|
|
</UL>
|
|
<P>The Assurer Challenge is administered by the Education Team on
|
|
behalf of the Assurance Officer.
|
|
</P>
|
|
<H3>The Obligations of the Assurer</H3>
|
|
<P>The Assurer is obliged to:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Follow this Assurance Policy;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Follow any additional rules of
|
|
detail laid out by the Assurance Officer;
|
|
</P>
|
|
<LI><P>Be guided by the <A HREF="http://wiki.cacert.org/wiki/AssuranceHandbook2" TARGET="_blank">Assurance
|
|
Handbook</A> in their judgement;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Make a good faith effort at
|
|
identifying and verifying Members;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Maintain the documentation on each
|
|
Assurance;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Deliver documentation to
|
|
Arbitration, or as otherwise directed by the Arbitrator;
|
|
</P>
|
|
<LI><P>Keep up-to-date with developments within the CAcert
|
|
Community.
|
|
</P>
|
|
</UL>
|
|
<H2>4. The Assurance</H2>
|
|
<H3>The Assurance Process</H3>
|
|
<P>The Assurer conducts the process of Assurance with each Member.
|
|
</P>
|
|
<P>The process consists of:
|
|
</P>
|
|
<OL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Voluntary agreement by both
|
|
Assurer and Member or prospect Member to conduct the Assurance;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Personal meeting of Assurer and
|
|
Member or prospect Member;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Recording of essential details on
|
|
CAP form (below);
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Examination of Identity documents
|
|
by Assurer and verification of recorded details (Name(s) and
|
|
Secondary Distinguishing Feature, e.g., DoB);
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Allocation of Assurance Points by
|
|
Assurer;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Optional: supervision of
|
|
reciprocal Assurance made by Assuree (Mutual Assurance);
|
|
</P>
|
|
<LI><P>Safe keeping of the CAP forms by Assurer.
|
|
</P>
|
|
</OL>
|
|
<H3>Mutual Assurance</H3>
|
|
<P>Mutual Assurance follows the principle of reciprocity. This means
|
|
that the Assurance may be two-way, and that each member participating
|
|
in the Assurance procedure should be able to show evidence of their
|
|
identity to the other.
|
|
</P>
|
|
<P>In the event that an Assurer is assured by a Member who is not
|
|
certified as an Assurer, the Assurer supervises the Assurance
|
|
procedure and process, and is responsible for the results.
|
|
</P>
|
|
<P>Reciprocity maintains a balance between the (new) Member and the
|
|
Assurer, and reduces any sense of power. It is also an important aid
|
|
to the assurance training for future Assurers.
|
|
</P>
|
|
<P><EM>Evidence of Assurer status</EM> <BR>On the question of
|
|
providing evidence that one is an Assurer, CAcert Policy Statement
|
|
(<A HREF="http://svn.cacert.org/CAcert/policy.htm#p3.2" TARGET="_blank">CPS</A>)
|
|
says:<EM> The level at which each Member is Assured is public data.
|
|
The number of Assurance Points for each Member is not published.</EM>.
|
|
</P>
|
|
<H3>Assurance Points</H3>
|
|
<P>The Assurance applies Assurance Points to each Member which
|
|
measure the increase of confidence in the Statement (above).
|
|
Assurance Points should not be interpreted for any other purpose.
|
|
Note that, even though they are sometimes referred to as <EM>Web-of-Trust</EM>
|
|
(Assurance) Points, or <EM>Trust</EM> Points, the meaning of the word
|
|
'trust' is not well defined.
|
|
</P>
|
|
<P><EM>Assurance Points Allocation.</EM> <BR>An Assurer can allocate
|
|
a number of Assurance Points to the Member according to the Assurer's
|
|
experience (Experience Point system, see below). The allocation of
|
|
the maximum means that the Assurer is 100% confident in the
|
|
information presented:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Detail on form, system, documents,
|
|
person in accordance;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Sufficient quality identity
|
|
documents have been checked;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Assurer's familiarity with
|
|
identity documents;
|
|
</P>
|
|
<LI><P>The Assurance Statement is confirmed.
|
|
</P>
|
|
</UL>
|
|
<P>Any lesser confidence should result in less Assurance Points for a
|
|
Name. If the Assurer has no confidence in the information presented,
|
|
then <EM>zero </EM>Assurance Points may be allocated by the
|
|
Assurer. For example, this may happen if the identity documents
|
|
are totally unfamiliar to the Assurer. The number of Assurance Points
|
|
from <EM>zero</EM> to <EM>maximum </EM>is guided by the Assurance
|
|
Handbook and the judgement of the Assurer.
|
|
</P>
|
|
<P>Multiple Names should be allocated separately in a single
|
|
Assurance. That is, the Assurer may allocate the maximum to one Name,
|
|
half that amount to another Name, and zero to a third Name.
|
|
</P>
|
|
<P>A (new) Member who is not an Assurer may award an Assurer in a
|
|
reciprocal process a maximum of 2 Assurance Points, according to his
|
|
judgement. The Assurer should strive to have the Member allocate
|
|
according to the Member's judgement, and stay on the cautious side; a
|
|
(new) Member new to the assurance process should allocate <EM>zero</EM>
|
|
Assurance Points until they get some confidence in what is happening.
|
|
</P>
|
|
<P>No Assurance process can give more than 50 Assurance Points per
|
|
Name. This means that to reach 50 Assurance Points (certificate with
|
|
a Name), a Member must have been assured at least once. To reach 100
|
|
Assurance Points, at least one Name of the Member must have been
|
|
assured at least twice.
|
|
</P>
|
|
<H3>Experience Points</H3>
|
|
<P>The maximum number of Assurance Points that may be awarded by an
|
|
Assurer is determined by the Experience Points of the Assurer.
|
|
</P>
|
|
<TABLE WIDTH=15% BORDER=1 CELLPADDING=1 CELLSPACING=0>
|
|
<TR>
|
|
<TD>
|
|
<P><EM>Assurer's Experience Points</EM></P>
|
|
</TD>
|
|
<TD>
|
|
<P><EM>Allocatable Assurance Points</EM></P>
|
|
</TD>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P ALIGN=CENTER>0</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=CENTER>10</P>
|
|
</TD>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P ALIGN=CENTER>10</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=CENTER>15</P>
|
|
</TD>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P ALIGN=CENTER>20</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=CENTER>20</P>
|
|
</TD>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P ALIGN=CENTER>30</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=CENTER>25</P>
|
|
</TD>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P ALIGN=CENTER>40</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=CENTER>30</P>
|
|
</TD>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P ALIGN=CENTER>>=50</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=CENTER>35</P>
|
|
</TD>
|
|
</TR>
|
|
</TABLE>
|
|
<P ALIGN=CENTER STYLE="margin-bottom: 0cm">Assurance Points table</P>
|
|
<P>An Assurer is given a maximum of 2 Experience Points for every
|
|
completed Assurance. On reaching Assurer status, the Experience
|
|
Points start at zero.
|
|
</P>
|
|
<P>Less Experience Points (1) may be given for mass Assurance events,
|
|
where each Assurance is quicker.
|
|
</P>
|
|
<P>Additional Experience Points may be granted temporarily or
|
|
permanently to an Assurer by CAcert Inc's Board, on recommendation
|
|
from the Assurance Officer.
|
|
</P>
|
|
<P>Experience Points are not to be confused with Assurance Points.
|
|
</P>
|
|
<P><EM>Comment: this part still needs to be agreed.</EM>
|
|
</P>
|
|
<H3>CAcert Assurance Programme (CAP) form</H3>
|
|
<P>The CAcert Assurance Programme (CAP) form requests the following
|
|
details of each Member or prospect Member:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Name(s), as recorded in the
|
|
on-line account;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Primary email address, as recorded
|
|
in the on-line account;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Secondary Distinguishing Feature,
|
|
as recorded in the on-line account (normally, date of birth);
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Statement of agreement with the
|
|
CAcert Community Agreement (CCA);
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Permission to the Assurer to
|
|
conduct the Assurance (required for privacy reasons);
|
|
</P>
|
|
<LI><P>Date and signature of the Assuree.
|
|
</P>
|
|
</UL>
|
|
<P>The CAP form requests the following details of the Assurer:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">At least one Name as recorded in
|
|
the on-line account of the Assurer;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Assurance Points for each Name in
|
|
the identity document(s);
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Statement of Assurance;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Optional: If the Assurance is
|
|
reciprocal, then the Assurer's email address and Secondary
|
|
Distinguishing Feature are required as well.
|
|
</P>
|
|
<LI><P>Date, location of Assurance and signature of Assurer.
|
|
</P>
|
|
</UL>
|
|
<P>The CAP forms are to be kept at least for 7 years by the Assurer.
|
|
</P>
|
|
<H2>5. The Assurance Officer</H2>
|
|
<P>The Committee (Board) of CAcert Inc. appoints an Assurance Officer
|
|
with the following responsibilities:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Reporting to the Board and
|
|
advising on all matters to do with Assurance;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Training and testing of Assurers,
|
|
in association with the Education Team;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Updating this Assurance Policy,
|
|
under the process established by Policy on Policy (<A HREF="https://www.cacert.org/policy/PolicyOnPolicy.php" TARGET="_blank">PoP</A>);
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Management of all Subsidiary
|
|
Policies (see below) for Assurances, under Policy on Policy ( <A HREF="https://www.cacert.org/policy/PolicyOnPolicy.php" TARGET="_blank">PoP</A>);
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Managing and creating rules of
|
|
detail or procedure where inappropriate for policies;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Incorporating rulings from
|
|
Arbitration into policies, procedures or guidelines;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Assisting the Arbitrator in any
|
|
requests;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Managing the Assurer Handbook;
|
|
</P>
|
|
<LI><P>Maintaining a sufficient strength in the Assurance process
|
|
(web-of-trust) to meet the agreed needs of the Community.
|
|
</P>
|
|
</UL>
|
|
<H2>6. Subsidiary Policies</H2>
|
|
<P>The Assurance Officer manages various exceptions and additional
|
|
processes. Each must be covered by an approved Subsidiary Policy
|
|
(refer to Policy on Policy => COD1). Subsidiary Policies specify
|
|
any additional tests of knowledge required and variations to process
|
|
and documentation, within the general standard stated here.
|
|
</P>
|
|
<P>Examples of expected subsidiary policies are these:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm"><EM>Remote Assurer Check;</EM>
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm"><EM>Super Assurer Policy;</EM>
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm"><EM>Junior Assurer Policy;</EM>
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm"><EM>Code Signing Policy;</EM>
|
|
</P>
|
|
<LI><P><EM>Organisation Assurance Policy and sub-policies per
|
|
country or region.</EM>
|
|
</P>
|
|
</UL>
|
|
<H3>Standard</H3>
|
|
<P>Each Subsidiary Policy must augment and improve the general
|
|
standards in this Assurance Policy. It is the responsibility of each
|
|
Subsidiary Policy to describe how it maintains and improves the
|
|
specific and overall goals. It must describe exceptions and potential
|
|
areas of risk.
|
|
</P>
|
|
<H3>High Risk Applications</H3>
|
|
<P>In addition to the Assurance or Experience Points ratings set here
|
|
in and in other policies, Assurance Officer or policies can designate
|
|
certain applications as high risk. If so, additional measures may be
|
|
added to the Assurance process that specifically address the risks.
|
|
These may include:
|
|
</P>
|
|
<DL>
|
|
<DT>Additional information
|
|
</DT><DD>
|
|
Additional information can be required in process of assurance:
|
|
</DD></DL>
|
|
<UL>
|
|
<LI><DD>
|
|
Unique numbers of identity documents;
|
|
</DD><LI><DD>
|
|
Photocopy of identity documents;
|
|
</DD><LI><DD>
|
|
Photo of User;
|
|
</DD><LI><DD STYLE="margin-bottom: 0.5cm">
|
|
Address of User.
|
|
</DD></UL>
|
|
<P>Additional Information is to be kept by Assurer, attached to CAP
|
|
form. Assurance Points allocation by this assurance is unchanged.
|
|
User's CAcert (web)account should be annotated to record type of
|
|
additional information:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Arbitration:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Member to participate in
|
|
Arbitration. This confirms their acceptance of the forum as well as
|
|
trains in the process and import.
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Member to file Arbitration to
|
|
present case. This allows Arbitrator as final authority.
|
|
</P>
|
|
</UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Additional training;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Member to be Assurer (>= 100
|
|
Assurance Points and passed Assurer Challenge);
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Member agrees to additional
|
|
specific agreement(s);
|
|
</P>
|
|
<LI><P>Additional checking/auditing of systems data by CAcert
|
|
support administrators;
|
|
</P>
|
|
</UL>
|
|
<P>Applications that might attract additional measures include
|
|
code-signing certificates and administration roles.
|
|
</P>
|
|
<H2>Privacy</H2>
|
|
<P>CAcert is a "privacy" organisation, and takes the
|
|
privacy of its Members seriously. The process maintains the security
|
|
and privacy of both parties.
|
|
</P>
|
|
<P>Information is collected primarily to make claims within the
|
|
certificates requested by users and to contact the Members. <BR>It is
|
|
used secondarily for training, testing, administration and other
|
|
internal purposes.
|
|
</P>
|
|
<P>The Member's information can be accessed under these
|
|
circumstances:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Under Arbitrator ruling, in a duly
|
|
filed dispute (<A HREF="http://www.cacert.org/policy/DisputeResolutionPolicy.html" TARGET="_blank">Dispute
|
|
Resolution Policy</A> => COD7)
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">An Assurer in the process of an
|
|
Assurance, as permitted on the CAP form.
|
|
</P>
|
|
<LI><P>CAcert support administration and CAcert systems
|
|
administration when operating under the authority of Arbitrator or
|
|
under CAcert policy.
|
|
</P>
|
|
</UL>
|
|
<P><A HREF="http://validator.w3.org/check?uri=referer"><IMG SRC="../Images/valid-xhtml11-blue" NAME="graphics2" ALT="Valid XHTML 1.1" ALIGN=BOTTOM WIDTH=90 HEIGHT=33 BORDER=0></A>
|
|
</P>
|
|
</BODY>
|
|
</HTML> |