aafee15734
git-svn-id: http://svn.cacert.org/CAcert/Policies@860 14b1bab8-4ef6-0310-b690-991c95c89dfd
492 lines
19 KiB
HTML
492 lines
19 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
|
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<title>
|
|
Assurance Poilicy
|
|
</title>
|
|
</head>
|
|
<body>
|
|
<h1>
|
|
Assurance Policy for CAcert Community Members
|
|
</h1>
|
|
<p>
|
|
<a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
|
|
Author: Ian Grigg<br />
|
|
Creation date: 2008-05-30<br />
|
|
Status: WIP 2008-05-30<br />
|
|
Next status: DRAFT June 2008<br />
|
|
<!-- $Id: AssurancePolicy.html 772 2008-06-02 13:46:20Z teus $ -->
|
|
</p>
|
|
|
|
|
|
<h2 >0. Preamble</h2>
|
|
|
|
<p >
|
|
Assurance is the process by which a member of CAcert identifies another member.
|
|
With sufficient assurances, a member may (a) issue certificates with their names included, (b) participate in assuring others, and (c) other related activities.
|
|
The strength of these activities is based on the strength of the assurance.
|
|
<p >
|
|
|
|
<h3 >The CAcert Web of Trust</h3>
|
|
|
|
<p >
|
|
Each assurance claims a number of points, applied to the assured member.
|
|
By combining the assurances, and the points, CAcert constructs a global <em>web of trust</em> ("WoT").
|
|
<p >
|
|
CAcert explicitly chooses to meet its various goals by construction of a web of trust of all members.
|
|
This is done by members meeting face-to-face, identifying and sharing claims in a network.
|
|
Maintaining a sufficient strength for the web of trust is a high-level objective of the Assurance process.
|
|
<p >
|
|
|
|
|
|
<h3 >Related Documentation</h3>
|
|
|
|
<p >
|
|
Documentation on Assurance is split between this policy and the <a href="/wiki/AssuranceHandbook2">Assurance Handbook</a>.
|
|
The policy is controlled by <a href="/wiki/PolicyDrafts/ConfigurationControlSpecification">CCS</a> under <a class="http" href="http://www.cacert.org/policy/PolicyOnPolicy.php">PoP</a>.
|
|
Because Assurance is an active area, much of the practice is handed over to the Assurance Handbook, which is not a controlled document, and can more easily respond to experience and circumstances.
|
|
It is also more readable.
|
|
<p >
|
|
See also <a class="http" href="http://www.cacert.org/policy/OrganisationAssurancePolicy.php">Organisation Assurance Policy</a> and <a class="http" href="http://svn.cacert.org/CAcert/policy.htm">CPS</a>.
|
|
<p >
|
|
|
|
|
|
<h2 >1. Purpose</h2>
|
|
|
|
<p >
|
|
The purpose of Assurance is to add confidence in the Assurance Statement made of a Member by the Community.
|
|
<p >
|
|
|
|
<h3 >The Assurance Statement</h3>
|
|
|
|
<p >
|
|
The following claims can be made about a person who is assured: <ol type="1">
|
|
<li> The person is a bona fide CAcert Member.
|
|
In other words, the person is a member of the CAcert Community, as defined by the CAcert Community Agreement.
|
|
</li>
|
|
<li> The Member has a login account with CAcert's online registration and service system.
|
|
</li>
|
|
<li> The Member account can be determined from any certificate issued by the account.
|
|
</li>
|
|
<li> The Member is bound into CAcert's Arbitration.
|
|
</li>
|
|
<li> Some personal details of the Member (names, emails, Date of Birth) are known to CAcert.
|
|
</li></ol>
|
|
<p >
|
|
The confidence level of the Assurance Statement is expressed by the Assurance Points.
|
|
<p >
|
|
|
|
|
|
<h3 >Relying Party Statement</h3>
|
|
|
|
<p >
|
|
The primary goal of the Assurance Statement is to meet the needs of the <em>Relying Party Statement</em>, which latter is found in the Certification Practice Statement (<a class="http" href="http://svn.cacert.org/CAcert/policy.htm">CPS</a>) for the express purpose of certificates.
|
|
<p >
|
|
When a certificate is issued, some or all of the Assurance Statement may be incorporated (e.g., name) or implied (e.g., membership or status) into the certificate and be part of the <em>Relying Party Statement</em>.
|
|
In short, this means that other Members of the Community may rely on the information verified by Assurance and found in the certificate.
|
|
<p >
|
|
In particular, certificates are sometimes considered to provide reliable indications of the member's Name.
|
|
The nature of Assurance, the number of Assurance Points, and other policies and processes should be understood as limitations on any reliance.
|
|
<p >
|
|
|
|
<h2 >2. The Member</h2>
|
|
|
|
<p >
|
|
|
|
<h3 >Names</h3>
|
|
|
|
|
|
<p >
|
|
The general standard is that the name of the Member is as written on a government-issued Identity document.
|
|
<p >
|
|
<em>For more details see the <a href="/wiki/PolicyDrafts/PolicyOnNames">PolicyDrafts/PolicyOnNames</a>, where the discussion is carried on.
|
|
This page will be copied into here when the discussion is complete.</em>
|
|
<p >
|
|
<strong>Multiple Names.</strong> A Member may have multiple names.
|
|
For example, married names, variations of initials of first or middle names, and different language or country variations.
|
|
An individual name must be assured to the applicable level.
|
|
That is, each name to 50 points to be used in a certificate, and one name at least to 100 points to be an Assurer.
|
|
<p >
|
|
(<em>Note that the Account system has not yet been changed to implement the multiple name feature.</em>)
|
|
<p >
|
|
|
|
<h3 >Capabilities</h3>
|
|
|
|
<p >
|
|
A Member has the following capabilities derived from Assurance:
|
|
<div><table border=1 cellspacing=0 cellpadding=5><tbody>
|
|
<caption align=bottom>Assurance Capability table</caption>
|
|
<tr align=left>
|
|
<td width=10%><em>Minimum Assurance Points</em></td>
|
|
<td width=25%><em>Capability</em></td>
|
|
<td width=65%><em>Comment</em></td>
|
|
</tr>
|
|
<tr align=left valign=top>
|
|
<td align=center>0</td>
|
|
<td>request un-named certificates</td>
|
|
<td>although the Member's details are recorded in the account, they are not highly assured.</td>
|
|
</tr>
|
|
<tr align=left valign=top>
|
|
<td align=center>50</td>
|
|
<td>request named certificates</td>
|
|
<td>the name and Assurance Statement is assured to 50 points or more</td>
|
|
</tr>
|
|
<tr align=left valign=top>
|
|
<td align=center>100</td>
|
|
<td>become an Assurer</td>
|
|
<td>assured to 100 points or more, and other requirements listed below</td>
|
|
</tr>
|
|
</tbody></table></div>
|
|
|
|
<p >
|
|
The CPS and other policies may list other capabilities that rely on Assurance Points.
|
|
<p >
|
|
|
|
<h2 >3. The Assurer</h2>
|
|
|
|
<p >
|
|
An Assurer is a Member with the following: <ul>
|
|
<li>is assured to a minimum of 100 Assurance Points,
|
|
</li>
|
|
<li>has passed the Assurer Challenge.
|
|
</li></ul>
|
|
<p >
|
|
The Assurer Challenge is administered by the Education Team on behalf of the Assurance Officer.
|
|
<p >
|
|
|
|
<h3 >The Obligations of the Assurer</h3>
|
|
|
|
<p >
|
|
The Assurer is obliged to: <ul>
|
|
<li>follow this Assurance Policy,
|
|
</li>
|
|
<li>follow any additional rules of detail laid out by the Assurance Officer,
|
|
</li>
|
|
<li>
|
|
<p >
|
|
be guided by the <a href="/wiki/AssuranceHandbook2">Assurance Handbook</a> in their judgement,
|
|
</li>
|
|
<li>make a good faith effort at identifying and verifying Members,
|
|
</li>
|
|
<li>maintain the documentation on each Assurance,
|
|
</li>
|
|
<li>deliver documentation to Arbitration, or as otherwise directed by the Arbitrator, and
|
|
</li>
|
|
<li>keep up-to-date with developments within the CAcert Community.
|
|
</li></ul>
|
|
<p >
|
|
<em>Comment: <strong>New.</strong> derived from earlier section, and other conventions.
|
|
Should be discussed, agreed.</em>
|
|
<p >
|
|
|
|
|
|
<h2 >4. The Assurance</h2>
|
|
|
|
<p >
|
|
|
|
<h3 >The process</h3>
|
|
|
|
<p >
|
|
The Assurer conducts the process of Assurance with each Member.
|
|
<p >
|
|
The process consists of <ol type="1">
|
|
<li>voluntary agreement by both Assurer and Member to conduct the Assurance.
|
|
</li>
|
|
<li>personal meeting of Assurer and Member
|
|
</li>
|
|
<li>recording of essential details on CAP form (below).
|
|
</li>
|
|
<li>examination of Identity documents by Assurer and verification of recorded details.
|
|
</li>
|
|
<li>allocation of Assurance Points by Assurer.
|
|
</li>
|
|
<li>safe keeping of the CAP forms by Assurer.
|
|
</li></ol>
|
|
<p >
|
|
|
|
<h3 >Mutual Assurance</h3>
|
|
|
|
<p >
|
|
Assurance follows the principle of reciprocity.
|
|
This means that it may be two-way, and that each member should be able to show evidence of their status to the other.
|
|
<p >
|
|
In the event that an Assurer is assured by a Member who is not certified as an Assurer, the Assurer supervises the process and is responsible for the results.
|
|
<p >
|
|
Reciprocity maintains a balance between the new Member and the Assurer, and reduces any sense of power.
|
|
It is also an important aid to training for future Assurers.
|
|
<p >
|
|
<em>Non-policy Notes:</em> <ul>
|
|
<li>
|
|
<p >
|
|
<em>the Account system has not yet been changed to implement the non-Assurer reciprocity feature.</em>
|
|
</li>
|
|
<li>
|
|
<p >
|
|
<em>On the question of providing evidence that one is an Assurer, <a class="http" href="http://svn.cacert.org/CAcert/policy.htm#p3.2">CPS says</a>: <strong>The level at which each Member is Assured is public data. The number of points for each Member is not published.</strong> That would answer the need, implementation pending ...</em>
|
|
</li></ul>
|
|
<p >
|
|
|
|
|
|
<h3 >Assurance Points</h3>
|
|
|
|
<p >
|
|
The Assurance applies Assurance Points to each Member which measure the increase of confidence in the Statement (above).
|
|
Assurance Points should not be interpreted for any other purpose.
|
|
Note that, even though they are sometimes referred to as <em>Web-of-Trust</em> points, or <em>Trust</em> points, the meaning of the word 'trust' is not well defined.
|
|
<p >
|
|
<strong>Allocation.</strong> An Assurer can allocate a number of Assurance Points to the Member according to the Assurer's Experience, see below.
|
|
The allocation of the maximum means that the Assurer is 100% confident in the information presented: <ul>
|
|
<li>detail on form, system, documents, person in accordance,
|
|
</li>
|
|
<li>sufficient quality identity documents have been checked,
|
|
</li>
|
|
<li>the Assurance Statement is confirmed.
|
|
</li></ul>
|
|
<p >
|
|
Any lesser confidence should give less points. If the Assurer has no confidence in the information presented, then zero points may be allocated.
|
|
For example, this may happen if the identity documents are totally unfamiliar to the Assurer.
|
|
The number of points from zero to maximum is guided by the Assurance Handbook and the judgement of the Assurer.
|
|
<p >
|
|
Multiple names (fields for reliance in certs) should be allocated separately in a single Assurance.
|
|
That is, the Assurer may allocate the maximum to one name, half that amount to another name, and zero to a third name.
|
|
<p >
|
|
A Member who is not an Assurer may award an Assurer in a reciprocal process a maximum of 2 Assurance Points, according to Member's judgement.
|
|
The Assurer should strive to have the Member allocate according to the Member's judgement, and err on the cautious side; a Member new to the process should allocate zero points until they get some confidence in what is happening.
|
|
<p >
|
|
No assurance process can give more than 50 points.
|
|
This means that to reach 50 points, a Member must have been assured at least once.
|
|
To reach 100 points, a Member must have been assured at least twice.
|
|
<p >
|
|
<em>Non-policy Notes:</em> <ul>
|
|
<li>
|
|
<p >
|
|
<em>what form of assurance would exceed 50 points?</em> <ul>
|
|
<li>
|
|
<p >
|
|
<em>In the past, TTPs gave 75 points each.
|
|
Designed to give 150 points for two TTPs which creates an Assurer.
|
|
This is now scaled back to 50 points, per TTP.</em>
|
|
</li>
|
|
<li>
|
|
<p >
|
|
<em>In the past, <a href="/wiki/SuperAssurers">SuperAssurers</a> gave up to 150 points, as an old idea to seed an area with (full) Assurers.
|
|
This is no longer applicable as the Assurer Challenge will stop any "easy" Assurer creation.
|
|
Therefore Super-Assurer would now only work to Assure people.</em>
|
|
</li>
|
|
<li>
|
|
<p >
|
|
<em> <a href="/wiki/SuperAssurers">SuperAssurers</a> being limited to 50 points means that they can still bring people up to Assured level without any additional change.
|
|
Pending writing of policy.</em>
|
|
</li></ul>
|
|
</li></ul>
|
|
<p >
|
|
|
|
|
|
<h3 >Experience Points</h3>
|
|
|
|
<p >
|
|
The maximum number of Assurance Points that may be awarded by an Assurer is determined by the Assurer's Experience Points.
|
|
<div><table border=1 cellspacing=0 width=15%>
|
|
<caption align=bottom>Assurance Points table</caption>
|
|
<tr>
|
|
<td><em>Assurer's Experience Points</em></td> <td><em>Allocatable Assurance Points</em></td>
|
|
</tr>
|
|
<tr align=center>
|
|
<td>0</td> <td>10</td>
|
|
</tr>
|
|
<tr align=center>
|
|
<td>10</td> <td>15</td>
|
|
</tr>
|
|
<tr align=center>
|
|
<td>20</td> <td>20</td>
|
|
</tr>
|
|
<tr align=center>
|
|
<td>30</td> <td> 25</td>
|
|
</tr>
|
|
<tr align=center>
|
|
<td>40</td> <td>30</td>
|
|
</tr>
|
|
<tr align=center>
|
|
<td>>=50</td> <td>35</td>
|
|
</tr>
|
|
</table></div>
|
|
<p >
|
|
An Assurer is given a maximum of 2 Experience Points for every completed Assurance.
|
|
On reaching Assurer status, the points start at zero.
|
|
Less points (1) may be given for mass Assurance events, where each Assurance is quicker.
|
|
Additional Experience Points may be granted temporarily or permanently to an Assurer by CAcert Inc's Board, on recommendation from the Assurance Officer.
|
|
<p >
|
|
Experience Points are not to be confused with Assurance Points.
|
|
<p >
|
|
<em>Comment: this part still needs to be agreed.</em>
|
|
<p >
|
|
|
|
<h3 >CAP Form</h3>
|
|
|
|
<p >
|
|
The CAcert Assurance Programme Form requests the following details of each Member: <ul>
|
|
<li>Name(s), as recorded in the online account,
|
|
</li>
|
|
<li>primary email address, as recorded in the online account,
|
|
</li>
|
|
<li>secondary distinguishing feature, as recorded in the online account (normally, date-of-birth),
|
|
</li>
|
|
<li>Statement of agreement with the CAcert Community Agreement,
|
|
</li>
|
|
<li>Permission to the Assurer to conduct the Assurance (required for privacy reasons).
|
|
</li>
|
|
<li>Date and signature
|
|
</li></ul>
|
|
<p >
|
|
If the assurance is not mutual, then the Assurer's email address and secondary distinguishing feature may be omitted.
|
|
<p >
|
|
The CAP forms are to be kept for 7 years by the Assurer.
|
|
<p >
|
|
|
|
|
|
<h2 >5. The Assurance Officer</h2>
|
|
|
|
<p >
|
|
The Board of CAcert Inc appoints an Assurance Officer with the following responsibilities: <ul>
|
|
<li>reporting to the Board and advising on all matters to do with Assurance,
|
|
</li>
|
|
<li>training and testing of Assurers, in association with the Education Team,
|
|
</li>
|
|
<li>
|
|
<p >
|
|
updating this Assurance Policy, under the process established by <a class="https" href="https://www.cacert.org/policy/PolicyOnPolicy.php">Policy on Policy</a>,
|
|
</li>
|
|
<li>
|
|
<p >
|
|
management of all Subsidiary Policies, under <a class="https" href="https://www.cacert.org/policy/PolicyOnPolicy.php">Policy on Policy</a>,
|
|
</li>
|
|
<li>managing and creating rules of detail or procedure where inappropriate for policies,
|
|
</li>
|
|
<li>incorporating rulings from Arbitration into policies, procedures or guidelines,
|
|
</li>
|
|
<li>assisting the Arbitrator in any requests,
|
|
</li>
|
|
<li>managing the Assurer Handbook,
|
|
</li>
|
|
<li>maintaining a sufficient strength in the Assurance process (web of trust) to meet the agreed needs of the Community.
|
|
</li></ul>
|
|
<p >
|
|
<em>Comment: <strong>New.</strong> derived from OAP and other conventions.
|
|
Should be discussed, agreed.</em>
|
|
<p >
|
|
|
|
|
|
<h2 >6. Subsidiary Policies</h2>
|
|
|
|
<p >
|
|
The Assurance Officer manages various exceptions and additional processes.
|
|
Each must be covered by an approved subsidiary policy (Policy on Policy => COD1).
|
|
Subsidiary policies specify any additional tests of knowledge required and variations to process and documentation, within the general standard stated here.
|
|
<p >
|
|
<em>Note: expected subsidiary policies are these:</em> <ul>
|
|
<li>
|
|
<p >
|
|
<em> PolicyDrafts/TTPAssurerCheck (wip) </em>
|
|
</li>
|
|
<li>
|
|
<p >
|
|
<em> PolicyDrafts/SuperAPolicy (wip) </em>
|
|
</li>
|
|
<li>
|
|
<p >
|
|
<em> Junior Assurer Policy (none started at least in <a href="/wiki/PolicyDrafts">PolicyDrafts</a>) </em>
|
|
</li>
|
|
<li>
|
|
<p >
|
|
<em> <a href="/wiki/PolicyDrafts/CodesigningAssurancePolicy">PolicyDrafts/CodesigningAssurancePolicy</a> (wip) </em>
|
|
</li>
|
|
<li>
|
|
<p >
|
|
<em> <a class="http" href="http://www.cacert.org/policy/OrganisationAssurancePolicy.php">Organisation Assurance Policy</a> (POLICY) and its <a class="http" href="http://svn.cacert.org/CAcert/Policies/OrganisationAssurancePolicy/">many SubPols</a> (wip/DRAFT) </em>
|
|
</li></ul>
|
|
<p >
|
|
|
|
|
|
<h3 >Standard</h3>
|
|
|
|
<p >
|
|
Each subsidiary policy must augment and improve the general standards in this Assurance Policy.
|
|
It is the responsibility of each subsidiary policy to describe how it maintains and improves the specific and overall goals.
|
|
It must describe exceptions and potential areas of risk.
|
|
<p >
|
|
|
|
<h3 >High Risk Applications</h3>
|
|
|
|
<p >
|
|
In addition to the points ratings set here in and in other policies, Assurance Officer or policies can designate certain applications as high risk.
|
|
If so, additional measures may be added to the Assurance process that specifically address the risks.
|
|
These may include: <ul>
|
|
<li>Additional information can be required in process of assurance. <ul>
|
|
<li>unique numbers of identity documents
|
|
</li>
|
|
<li>photocopy of identity documents
|
|
</li>
|
|
<li>photo of User
|
|
</li>
|
|
<li>address of User
|
|
</li></ul>
|
|
</li></ul>
|
|
<p >
|
|
Additional Information is to be kept by Assurer, attached to CAP.
|
|
Points allocation by this assurance is unchanged.
|
|
User's account should be annotated to record type of additional information. <ul>
|
|
<li>Arbitration: <ul>
|
|
<li>Member to participate in Arbitration.
|
|
This confirms their acceptance of the forum as well as trains in the process and import.
|
|
</li>
|
|
<li>Member to file Arbitration to present case.
|
|
This allows Arbitrator as final authority.
|
|
</li></ul>
|
|
</li>
|
|
<li class="gap">additional training.
|
|
</li>
|
|
<li class="gap">Member to be full Assurer
|
|
</li>
|
|
<li class="gap">Member agrees to additional specific agreement
|
|
</li>
|
|
<li class="gap">additional checking/auditing of systems data by support administrators
|
|
</li></ul>
|
|
<p >
|
|
Applications that might attract additonal measures include code-signing certificates and administration roles.
|
|
<p >
|
|
|
|
|
|
<h2 >Privacy</h2>
|
|
|
|
<p >
|
|
CAcert is a privacy organisation, and takes the privacy of its members seriously.
|
|
The process maintains the security and privacy of both parties.
|
|
<p >
|
|
Information is collected primarily to make claims within the certificates requested by users and to contact the users.
|
|
It is used secondarily for training, testing, administration and other internal purposes.
|
|
<p >
|
|
The Member's information can be accessed under these circumstances: <ul>
|
|
<li>
|
|
<p >
|
|
under Arbitrator ruling, in a duly filed dispute (<a class="http" href="http://www.cacert.org/policy/DisputeResolutionPolicy.html">Dispute Resolution Policy</a> => COD7)
|
|
</li>
|
|
<li>an Assurer in the process of an assurance, as permitted on the CAP form.
|
|
</li>
|
|
<li>support administration and systems administration when operating under the authority of Arbitrator or under policy.
|
|
</li></ul>
|
|
<p >
|
|
<em>Comment: should carefully review Privacy and decide if any additional statement is needed.
|
|
It seems out of place, we have a Privacy statement elsewhere.
|
|
Maybe move it to the Obligations of the Assurer?</em>
|
|
|
|
<p >
|
|
|
|
</p>
|
|
|
|
<a href="http://validator.w3.org/check?uri=referer"><img src="../Images/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>
|
|
</p>
|
|
</body>
|
|
</html>
|
|
|