8bfd83f99f
Moved the "policy" out of the terms definition. Dropped the (Name) in point 3 because the point is that the Member can be traced with the *certificate* which also includes nameless certs. This means that any certificate can be relied upon (although what reliance on anonymous certs means is a question for a future arbitrator). Fixed spelling mistake with 'secondary'. git-svn-id: http://svn.cacert.org/CAcert/Policies@862 14b1bab8-4ef6-0310-b690-991c95c89dfd
490 lines
19 KiB
HTML
490 lines
19 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
|
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<title>
|
|
Assurance Policy
|
|
</title>
|
|
</head>
|
|
<body>
|
|
<h1>
|
|
Assurance Policy for CAcert Community Members
|
|
</h1>
|
|
<p>
|
|
<a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
|
|
Editor: iang ? <br />
|
|
Creation date: 2008-05-30<br />
|
|
Status: WIP 2008-06-19<br />
|
|
Next status: DRAFT June 2008<br />
|
|
<!-- $Id: AssurancePolicy.html 772 2008-06-02 13:46:20Z teus $ -->
|
|
</p>
|
|
|
|
|
|
<h2 >0. Preamble</h2>
|
|
|
|
<p >
|
|
Definitions of terms:
|
|
<dl>
|
|
<dt><em>Assurance</em></dt>
|
|
<dd>Assurance is the process by which a Member of CAcert Community (Assurer) identifies an individual (Assuree).
|
|
<br>
|
|
With sufficient assurances, a Member may (a) issue certificates with their Names included, (b) participate in assuring others, and (c) other related activities.
|
|
The strength of these activities is based on the strength of the assurance.
|
|
</dd>
|
|
<dt><em>Member</em></dt>
|
|
<dd>An individual who has agreed to the CAcert Community agreement and has created successfully a CAcert (web)account on http://www.cacert.org.
|
|
<dt><em>Name</em></dt>
|
|
<dd>A Name is the full name (first name(s), family name(s), name extensions,abreviation of name(s), etc.) of an individual.
|
|
</dd>
|
|
<dt><em>Secondary Distinguishing Feature</em> (DoB)</dt>
|
|
<dd>A Name for an individual is discrimated from similar full names by a secondary distinguished feature, as recorded on the on-line CAcert (web) account.
|
|
Currently this is the date of birth (DoB) of the individual.
|
|
</dd>
|
|
</dl>
|
|
<p >
|
|
|
|
<h3 >The CAcert Web of Trust</h3>
|
|
|
|
<p >
|
|
Each assurance claims a number of Assurance Points, applied to the assured Member or Member prospect.
|
|
By combining the assurances, and the Assurance Points, CAcert constructs a global <em>Web of Trust</em> ("WoT").
|
|
<p >
|
|
CAcert explicitly chooses to meet its various goals by construction of a web-of-trust of all Members.
|
|
This is done by face-to-face meeting, identifying and sharing claims in a network.
|
|
Maintaining a sufficient strength for the web-of-trust is a high-level objective of the Assurance process.
|
|
<p >
|
|
|
|
|
|
<h3 >Related Documentation</h3>
|
|
|
|
<p >
|
|
Documentation on Assurance is split between this Assurance Policy (AP) and the <a href="/wiki/AssuranceHandbook2">Assurance Handbook</a>.
|
|
The policy is controlled by <a href="/wiki/PolicyDrafts/ConfigurationControlSpecification">Configuration Control Specification (CCS)</a> under <a class="http" href="http://www.cacert.org/policy/PolicyOnPolicy.php">Policy of Policy (PoP)</a> policy documents.
|
|
<br>
|
|
Because Assurance is an active area, much of the practice is handed over to the Assurance Handbook, which is not a controlled document, and can more easily respond to experience and circumstances.
|
|
It is also more readable.
|
|
<p >
|
|
See also <a class="http" href="http://www.cacert.org/policy/OrganisationAssurancePolicy.php">Organisation Assurance Policy (OAP)</a> and <a class="http" href="http://svn.cacert.org/CAcert/policy.htm">CAcert Policy Statement (CPS)</a>.
|
|
<p >
|
|
|
|
|
|
<h2 >1. Purpose</h2>
|
|
|
|
<p >
|
|
The purpose of Assurance is to add confidence in the Assurance Statement made of a Member by the CAcert Community.
|
|
<p >
|
|
|
|
<h3 >The Assurance Statement</h3>
|
|
|
|
<p >
|
|
The following claims can be made about a person who is assured:
|
|
<ol type="1">
|
|
<li> The person is a bona fide Member.
|
|
In other words, the person is a member of the CAcert community, as defined by the CAcert Community Agreement (CCA).
|
|
</li>
|
|
<li> The Member has a (login) (web)Account with CAcert's on-line registration and service system.
|
|
</li>
|
|
<li> The Member can be determined from any certificate issued by the Account.
|
|
</li>
|
|
<li> The Member is bound into CAcert's Arbitration (as defined by the CCA).
|
|
</li>
|
|
<li> Some personal details of the Member (Name(s), primary and other listed email address(es), Secondary Distinguishing Feature (e.g., DoB)) are known to CAcert.
|
|
</li></ol>
|
|
<p >
|
|
The confidence level of the Assurance Statement is expressed by the Assurance Points.
|
|
<p >
|
|
|
|
|
|
<h3 >Relying Party Statement</h3>
|
|
|
|
<p >
|
|
The primary goal of the Assurance Statement is to meet the needs of the <em>Relying Party Statement</em>, which latter is found in the Certification Practice Statement (<a class="http" href="http://svn.cacert.org/CAcert/policy.htm">CPS</a>) for the express purpose of certificates.
|
|
<p >
|
|
When a certificate is issued, some or all of the Assurance Statement may be incorporated (e.g., name) or implied (e.g., Membership or status) into the certificate and be part of the <em>Relying Party Statement</em>.
|
|
In short, this means that other Members of the Community may rely on the information verified by Assurance and found in the certificate.
|
|
<p >
|
|
In particular, certificates are sometimes considered to provide reliable indications of the Member's Name.
|
|
The nature of Assurance, the number of Assurance Points, and other policies and processes should be understood as limitations on any reliance.
|
|
<p >
|
|
|
|
<h2 >2. The Member</h2>
|
|
|
|
<p >
|
|
|
|
<h3 >Name(s)</h3>
|
|
|
|
|
|
<p >
|
|
The general standard is that the individual name of the Member is as written on a government-issued Identity (photo) document.
|
|
<p >
|
|
<em>For more details see the <a href="/wiki/PolicyDrafts/PolicyOnNames">PolicyDrafts/PolicyOnNames</a>, where the discussion is carried on.
|
|
This page will be copied into here when the discussion is complete.</em>
|
|
<p >
|
|
|
|
<p>
|
|
The technical form of a Name is a string of characters. It should be exactly copied from a governemental-issued photo ID. Transliteration of characters to a character table defined by Assurance Officer is permitted.
|
|
</p>
|
|
|
|
<strong>Multiple Names</strong>
|
|
<br>
|
|
A Member may have multiple individual Names.
|
|
For example, married name, variations of initials of first or middle names, abbreviation of a first name, different language or country variations and transliterations of characters in a name.
|
|
Each individual Name must be assured to the applicable level.
|
|
That is, each Name to 50 Assurance Points to be used in a certificate.
|
|
<br>
|
|
For an Assurer at least one Name must have at least to 100 Assurance Points.
|
|
<p >
|
|
|
|
<h3 >Capabilities</h3>
|
|
|
|
<p >
|
|
A Member has the following capabilities derived from Assurance:
|
|
<div><table border=1 cellspacing=0 cellpadding=5><tbody>
|
|
<caption align=bottom>Assurance Capability table</caption>
|
|
<tr align=left>
|
|
<td width=10%><em>Minimum Assurance Points</em></td>
|
|
<td width=25%><em>Capability</em></td>
|
|
<td width=65%><em>Comment</em></td>
|
|
</tr>
|
|
<tr align=left valign=top>
|
|
<td align=center>0</td>
|
|
<td>request un-named certificates</td>
|
|
<td>although the Member's details are recorded in the account, they are not highly assured.</td>
|
|
</tr>
|
|
<tr align=left valign=top>
|
|
<td align=center>50</td>
|
|
<td>request named certificates</td>
|
|
<td>the name and Assurance Statement is assured to 50 Assurance Points or more</td>
|
|
</tr>
|
|
<tr align=left valign=top>
|
|
<td align=center>100</td>
|
|
<td>become an Assurer</td>
|
|
<td>assured to 100 Assurance Points or more, and other requirements listed below</td>
|
|
</tr>
|
|
</tbody></table></div>
|
|
|
|
<p >
|
|
The CAcert Policy Statement (CPS) and other policies may list other capabilities that rely on Assurance Points.
|
|
<p >
|
|
|
|
<h2 >3. The Assurer</h2>
|
|
|
|
<p >
|
|
An Assurer is a Member with the following: <ul>
|
|
<li>is assured to a minimum of 100 Assurance Points,
|
|
</li>
|
|
<li>has passed the Assurer Challenge.
|
|
</li></ul>
|
|
<p >
|
|
The Assurer Challenge is administered by the Education Team on behalf of the Assurance Officer.
|
|
<p >
|
|
|
|
<h3 >The Obligations of the Assurer</h3>
|
|
|
|
<p >
|
|
The Assurer is obliged to: <ul>
|
|
<li>Follow this Assurance Policy;
|
|
</li>
|
|
<li>Follow any additional rules of detail laid out by the Assurance Officer;
|
|
</li>
|
|
<li>
|
|
<p >
|
|
Be guided by the <a href="/wiki/AssuranceHandbook2">Assurance Handbook</a> in their judgement;
|
|
</li>
|
|
<li>Make a good faith effort at identifying and verifying Members;
|
|
</li>
|
|
<li>Maintain the documentation on each Assurance;
|
|
</li>
|
|
<li>Deliver documentation to Arbitration, or as otherwise directed by the Arbitrator;
|
|
</li>
|
|
<li>Keep up-to-date with developments within the CAcert Community.
|
|
</li></ul>
|
|
<p >
|
|
|
|
<h2 >4. The Assurance</h2>
|
|
|
|
<p >
|
|
|
|
<h3 >The Assurance Process</h3>
|
|
|
|
<p >
|
|
The Assurer conducts the process of Assurance with each Member.
|
|
<p >
|
|
The process consists of:
|
|
<ol type="1">
|
|
<li>Voluntary agreement by both Assurer and Member or prospect Member to conduct the Assurance;
|
|
</li>
|
|
<li>Personal meeting of Assurer and Member or prospect Member;
|
|
</li>
|
|
<li>Recording of essential details on CAP form (below);
|
|
</li>
|
|
<li>Examination of Identity documents by Assurer and verification of recorded details (Name(s) and Secondary Distinguishing Feature, e.g., DoB);
|
|
</li>
|
|
<li>Allocation of Assurance Points by Assurer;
|
|
</li>
|
|
<li>Optional: supervision of reciprocal Assurance made by Assuree (Mutual Assurance);
|
|
</li>
|
|
<li>Safe keeping of the CAP forms by Assurer.
|
|
</li></ol>
|
|
<p >
|
|
|
|
<h3 >Mutual Assurance</h3>
|
|
|
|
<p >
|
|
Mutual Assurance follows the principle of reciprocity.
|
|
This means that the Assurance may be two-way, and that each member participating in the Assurance procedure should be able to show evidence of their identity to the other.
|
|
<p >
|
|
In the event that an Assurer is assured by a Member who is not certified as an Assurer, the Assurer supervises the Assurance procedure and process, and is responsible for the results.
|
|
<p >
|
|
Reciprocity maintains a balance between the (new) Member and the Assurer, and reduces any sense of power.
|
|
It is also an important aid to the assurance training for future Assurers.
|
|
<p >
|
|
<em>Evidence of Assurer status</em>
|
|
<br>
|
|
On the question of providing evidence that one is an Assurer, <a class="http" href="http://svn.cacert.org/CAcert/policy.htm#p3.2">CAcert Policy Statement (CPS) says</a>: <em>The level at which each Member is Assured is public data. The number of Assurance Points for each Member is not published.</em>.
|
|
<p >
|
|
|
|
|
|
<h3 >Assurance Points</h3>
|
|
|
|
<p >
|
|
The Assurance applies Assurance Points to each Member which measure the increase of confidence in the Statement (above).
|
|
Assurance Points should not be interpreted for any other purpose.
|
|
Note that, even though they are sometimes referred to as <em>Web-of-Trust</em> (Assurance) Points, or <em>Trust</em> Points, the meaning of the word 'trust' is not well defined.
|
|
<p >
|
|
<em>Assurance Points Allocation.</em>
|
|
<br>An Assurer can allocate a number of Assurance Points to the Member according to the Assurer's experience (Experience Point system, see below).
|
|
The allocation of the maximum means that the Assurer is 100% confident in the information presented:
|
|
<ul>
|
|
<li>Detail on form, system, documents, person in accordance;
|
|
</li>
|
|
<li>Sufficient quality identity documents have been checked;
|
|
</li>
|
|
<li>Assurer's familiarity with identity documents;
|
|
</li>
|
|
<li>The Assurance Statement is confirmed.
|
|
</li></ul>
|
|
<p >
|
|
Any lesser confidence should result in less Assurance Points for a Name. If the Assurer has no confidence in the information presented, then <em>zero </em> Assurance Points may be allocated by the Assurer.
|
|
For example, this may happen if the identity documents are totally unfamiliar to the Assurer.
|
|
The number of Assurance Points from <em>zero</em> to <em>maximum </em> is guided by the Assurance Handbook and the judgement of the Assurer.
|
|
<p >
|
|
Multiple Names should be allocated separately in a single Assurance.
|
|
That is, the Assurer may allocate the maximum to one Name, half that amount to another Name, and zero to a third Name.
|
|
<p >
|
|
A (new) Member who is not an Assurer may award an Assurer in a reciprocal process a maximum of 2 Assurance Points, according to his judgement.
|
|
The Assurer should strive to have the Member allocate according to the Member's judgement, and stay on the cautious side; a (new) Member new to the assurance process should allocate <em>zero</em> Assurance Points until they get some confidence in what is happening.
|
|
<p >
|
|
No Assurance process can give more than 50 Assurance Points per Name.
|
|
This means that to reach 50 Assurance Points (certificate with a Name), a Member must have been assured at least once.
|
|
To reach 100 Assurance Points, at least one Name of the Member must have been assured at least twice.
|
|
<p >
|
|
|
|
<h3 >Experience Points</h3>
|
|
|
|
<p >
|
|
The maximum number of Assurance Points that may be awarded by an Assurer is determined by the Experience Points of the Assurer.
|
|
<div><table border=1 cellspacing=0 width=15%>
|
|
<caption align=bottom>Assurance Points table</caption>
|
|
<tr>
|
|
<td><em>Assurer's Experience Points</em></td> <td><em>Allocatable Assurance Points</em></td>
|
|
</tr>
|
|
<tr align=center>
|
|
<td>0</td> <td>10</td>
|
|
</tr>
|
|
<tr align=center>
|
|
<td>10</td> <td>15</td>
|
|
</tr>
|
|
<tr align=center>
|
|
<td>20</td> <td>20</td>
|
|
</tr>
|
|
<tr align=center>
|
|
<td>30</td> <td> 25</td>
|
|
</tr>
|
|
<tr align=center>
|
|
<td>40</td> <td>30</td>
|
|
</tr>
|
|
<tr align=center>
|
|
<td>>=50</td> <td>35</td>
|
|
</tr>
|
|
</table></div>
|
|
<p >
|
|
An Assurer is given a maximum of 2 Experience Points for every completed Assurance.
|
|
On reaching Assurer status, the Experience Points start at zero.
|
|
<p>
|
|
Less Experience Points (1) may be given for mass Assurance events, where each Assurance is quicker.
|
|
<p>
|
|
Additional Experience Points may be granted temporarily or permanently to an Assurer by CAcert Inc's Board, on recommendation from the Assurance Officer.
|
|
<p >
|
|
Experience Points are not to be confused with Assurance Points.
|
|
<p >
|
|
<em>Comment: this part still needs to be agreed.</em>
|
|
<p >
|
|
|
|
<h3 >CAcert Assurance Programme (CAP) form</h3>
|
|
|
|
<p >
|
|
The CAcert Assurance Programme (CAP) form requests the following details of each Member or prospect Member:
|
|
<ul>
|
|
<li>Name(s), as recorded in the on-line account;
|
|
</li>
|
|
<li>Primary email address, as recorded in the on-line account;
|
|
</li>
|
|
<li>Secondary Distinguishing Feature, as recorded in the on-line account (normally, date of birth);
|
|
</li>
|
|
<li>Statement of agreement with the CAcert Community Agreement (CCA);
|
|
</li>
|
|
<li>Permission to the Assurer to conduct the Assurance (required for privacy reasons);
|
|
</li>
|
|
<li>Date and signature of the Assuree.
|
|
</li></ul>
|
|
The CAP form requests the following details of the Assurer:
|
|
<ul>
|
|
<li>At least one Name as recorded in the on-line account of the Assurer;
|
|
</li>
|
|
<li>Assurance Points for each Name in the identity document(s);
|
|
</li>
|
|
<li>Statement of Assurance;
|
|
</li>
|
|
<li>
|
|
Optional: If the Assurance is reciprocal, then the Assurer's email address and Secondary Distinguishing Feature are required as well.
|
|
</li>
|
|
<li>Date, location of Assurance and signature of Assurer.
|
|
</li></ul>
|
|
<p >
|
|
The CAP forms are to be kept at least for 7 years by the Assurer.
|
|
<p >
|
|
|
|
|
|
<h2 >5. The Assurance Officer</h2>
|
|
|
|
<p >
|
|
The Commitee (Board) of CAcert Inc. appoints an Assurance Officer with the following responsibilities:
|
|
<ul>
|
|
<li>Reporting to the Board and advising on all matters to do with Assurance;
|
|
</li>
|
|
<li>Training and testing of Assurers, in association with the Education Team;
|
|
</li>
|
|
<li>
|
|
Updating this Assurance Policy, under the process established by <a class="https" href="https://www.cacert.org/policy/PolicyOnPolicy.php">Policy on Policy</a>;
|
|
</li>
|
|
<li>
|
|
Management of all Subsidiary Policies (see below) for Assurances, under <a class="https" href="https://www.cacert.org/policy/PolicyOnPolicy.php">Policy on Policy</a>;
|
|
</li>
|
|
<li>Managing and creating rules of detail or procedure where inappropriate for policies;
|
|
</li>
|
|
<li>Incorporating rulings from Arbitration into policies, procedures or guidelines;
|
|
</li>
|
|
<li>Assisting the Arbitrator in any requests;
|
|
</li>
|
|
<li>Managing the Assurer Handbook;
|
|
</li>
|
|
<li>Maintaining a sufficient strength in the Assurance process (web-of-trust) to meet the agreed needs of the Community.
|
|
</li></ul>
|
|
<p >
|
|
|
|
<h2 >6. Subsidiary Policies</h2>
|
|
|
|
<p >
|
|
The Assurance Officer manages various exceptions and additional processes.
|
|
Each must be covered by an approved Subsidiary Policy (refer to Policy on Policy => COD1).
|
|
Subsidiary Policies specify any additional tests of knowledge required and variations to process and documentation, within the general standard stated here.
|
|
<p >
|
|
Examples of expected subsidiary policies are these:
|
|
<ul>
|
|
<li>
|
|
<em>Remote Assurer Check;</em>
|
|
</li>
|
|
<li>
|
|
<em>Super Assurer Policy;</em>
|
|
</li>
|
|
<li>
|
|
<em> Junior Assurer Policy;</em>
|
|
</li>
|
|
<li>
|
|
<em> Code Signing Policy;</em>
|
|
</li>
|
|
<li>
|
|
<em>Organisation Assurance Policy and sub-policies per country or region.</em>
|
|
</li></ul>
|
|
<p >
|
|
|
|
|
|
<h3 >Standard</h3>
|
|
|
|
<p >
|
|
Each Subsidiary Policy must augment and improve the general standards in this Assurance Policy.
|
|
It is the responsibility of each Subsidiary Policy to describe how it maintains and improves the specific and overall goals.
|
|
It must describe exceptions and potential areas of risk.
|
|
<p >
|
|
|
|
<h3 >High Risk Applications</h3>
|
|
|
|
<p >
|
|
In addition to the Assurance or Experience Points ratings set here in and in other policies, Assurance Officer or policies can designate certain applications as high risk.
|
|
If so, additional measures may be added to the Assurance process that specifically address the risks.
|
|
These may include:
|
|
<dl>
|
|
<dt>Additional information</dt>
|
|
<dd>Additional information can be required in process of assurance:
|
|
<ul>
|
|
<li>Unique numbers of identity documents;
|
|
</li>
|
|
<li>Photocopy of identity documents;
|
|
</li>
|
|
<li>Photo of User;
|
|
</li>
|
|
<li>Address of User.
|
|
</li></ul>
|
|
</dd></dl>
|
|
<p >
|
|
Additional Information is to be kept by Assurer, attached to CAP form.
|
|
Assurance Points allocation by this assurance is unchanged.
|
|
User's CAcert (web)account should be annotated to record type of additional information:
|
|
<ul>
|
|
<li>Arbitration:
|
|
<ul>
|
|
<li>Member to participate in Arbitration.
|
|
This confirms their acceptance of the forum as well as trains in the process and import.
|
|
</li>
|
|
<li>Member to file Arbitration to present case.
|
|
This allows Arbitrator as final authority.
|
|
</li></ul>
|
|
</li>
|
|
<li class="gap">Additional training;
|
|
</li>
|
|
<li class="gap">Member to be Assurer (>= 100 Assurance Points and passed Assurer Challenge);
|
|
</li>
|
|
<li class="gap">Member agrees to additional specific agreement(s);
|
|
</li>
|
|
<li class="gap">Additional checking/auditing of systems data by CAcert support administrators;
|
|
</li></ul>
|
|
<p >
|
|
Applications that might attract additonal measures include code-signing certificates and administration roles.
|
|
<p >
|
|
|
|
<h2 >Privacy</h2>
|
|
|
|
<p >
|
|
CAcert is a "privacy" organisation, and takes the privacy of its Members seriously.
|
|
The process maintains the security and privacy of both parties.
|
|
<p >
|
|
Information is collected primarily to make claims within the certificates requested by users and to contact the Members.
|
|
<br>
|
|
It is used secondarily for training, testing, administration and other internal purposes.
|
|
<p >
|
|
The Member's information can be accessed under these circumstances: <ul>
|
|
<li>
|
|
Under Arbitrator ruling, in a duly filed dispute (<a class="http" href="http://www.cacert.org/policy/DisputeResolutionPolicy.html">Dispute Resolution Policy</a> => COD7)
|
|
</li>
|
|
<li>An Assurer in the process of an Assurance, as permitted on the CAP form.
|
|
</li>
|
|
<li>CAcert support administration and CAcert systems administration when operating under the authority of Arbitrator or under CAcert policy.
|
|
</li></ul>
|
|
<p >
|
|
<a href="http://validator.w3.org/check?uri=referer"><img src="../Images/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>
|
|
</p>
|
|
</body>
|
|
</html>
|
|
|