d16b89fa71
git-svn-id: http://svn.cacert.org/CAcert/Policies@873 14b1bab8-4ef6-0310-b690-991c95c89dfd
757 lines
26 KiB
HTML
757 lines
26 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=windows-1252">
|
|
<TITLE>Assurance Policy</TITLE>
|
|
<meta name="CREATEDBY" content="Ian Grigg">
|
|
<meta name="CREATED" content="20080530;0">
|
|
<meta name="CHANGEDBY" content="Teus Hagen">
|
|
<meta name="CHANGED" content="20080701;0">
|
|
<meta name="CHANGEDBY" content="Robert Cruikshank">
|
|
<meta name="CHANGED" content="20080702;0">
|
|
|
|
<STYLE TYPE="text/css">
|
|
<!--
|
|
TD P { color: #000000 }
|
|
H1 { color: #000000 }
|
|
P { color: #000000 }
|
|
H2 { color: #000000 }
|
|
DT { color: #000000 }
|
|
DD { color: #000000 }
|
|
H3 { color: #000000 }
|
|
TH P { color: #000000 }
|
|
-->
|
|
</STYLE>
|
|
</HEAD>
|
|
<BODY LANG="en-GB" TEXT="#000000" DIR="LTR">
|
|
<H1>Assurance Policy for CAcert Community Members</H1>
|
|
<P><A HREF="PolicyOnPolicy.html"><IMG SRC="Images/cacert-wip.png" NAME="graphics1" ALT="CAcert Policy Status" ALIGN=BOTTOM WIDTH=90 HEIGHT=33 BORDER=0></A>
|
|
<BR>
|
|
Author: Ian Grigg<BR>
|
|
Creation date: 2008-05-30<BR>
|
|
Status: WIP
|
|
2008-05-30<BR>
|
|
Next status: DRAFT June 2008
|
|
</P>
|
|
<H2>0. Preamble</H2>
|
|
<P>Definitions of terms:
|
|
</P>
|
|
<DL>
|
|
<DT><EM>Member</EM>
|
|
</DT><DD>
|
|
A Member is an individual who has agreed to the CAcert Community
|
|
Agreement (CCA) and has created successfully a CAcert (web)account
|
|
on http://www.cacert.org.
|
|
</DD><DT>
|
|
<EM>Assurance</EM>
|
|
</DT><DD>
|
|
Assurance is the process by which a Member of CAcert Community
|
|
(Assurer) identifies an individual (<SPAN LANG="en-US">Assuree</SPAN>).
|
|
<BR>With sufficient assurances, a Member may: (a) issue certificates
|
|
with their name included, (b) participate in assuring others, and
|
|
(c) other related activities. The strength of these activities is
|
|
based on the strength of the assurance.
|
|
</DD><DT>
|
|
<EM>Name</EM>
|
|
</DT><DD>
|
|
A Name is the full name of an individual: first name(s), family
|
|
name(s), name extensions, abbreviation of name(s), etc. The Name is
|
|
technically spoken a string exactly taken from a governmental issued
|
|
photo ID.
|
|
</DD><DT>
|
|
<EM>Secondary Distinguishing Feature</EM> (DoB)
|
|
</DT><DD STYLE="margin-bottom: 0.5cm">
|
|
A Name for an individual is discriminated from similar full names by
|
|
a secondary distinguished feature, as recorded on the on-line CAcert
|
|
(web) account. Currently this is the date of birth (DoB) of the
|
|
individual.
|
|
</DD></DL>
|
|
<H3>
|
|
The CAcert Web of Trust</H3>
|
|
<P>Each Assurance claims a number of Assurance Points, applied to the
|
|
assured Member or Member prospect. By combining the Assurances, and
|
|
the Assurance Points, CAcert constructs a global <EM>Web-of-Trust</EM>
|
|
or "WoT".
|
|
</P>
|
|
<P>CAcert explicitly chooses to meet its various goals by
|
|
construction of a Web-of-Trust of all Members. This is done by
|
|
face-to-face meetings, identifying and sharing claims in a network.
|
|
Maintaining a sufficient strength for the Web-of-Trust is a
|
|
high-level objective of the Assurance process.
|
|
</P>
|
|
<H3>Related Documentation</H3>
|
|
<P>Documentation on Assurance is split between this Assurance Policy
|
|
(AP) and the <A HREF="http://wiki.cacert.org/wiki/AssuranceHandbook2" TARGET="_blank">Assurance
|
|
Handbook</A>. The policy is controlled by Configuration Control
|
|
Specification (<A HREF="http://wiki.cacert.org/wiki/PolicyDrafts/ConfigurationControlSpecification" TARGET="_blank">CCS</A>)
|
|
under Policy on Policy (<A HREF="http://www.cacert.org/policy/PolicyOnPolicy.php" TARGET="_blank">PoP</A>)
|
|
policy document regime. <BR>Because Assurance is an active area, much
|
|
of the practice is handed over to the Assurance Handbook, which is
|
|
not a controlled policy document, and can more easily respond to
|
|
experience and circumstances. It is also more readable.
|
|
</P>
|
|
<P>See also Organisation Assurance Policy (<A HREF="http://www.cacert.org/policy/OrganisationAssurancePolicy.php" TARGET="_blank">OAP</A>)
|
|
and CAcert Policy Statement (<A HREF="http://svn.cacert.org/CAcert/policy.htm" TARGET="_blank">CPS</A>).
|
|
</P>
|
|
<H2>1. Purpose</H2>
|
|
<P>The purpose of Assurance is to add <I>confidence</I> in the
|
|
Assurance Statement made by a Member of the CAcert Community.
|
|
</P>
|
|
<H3>The Assurance Statement</H3>
|
|
<P>The following claims can be made about a person who is assured:
|
|
</P>
|
|
<OL>
|
|
<LI><P STYLE="margin-bottom: 0cm">The person is a bona fide Member.
|
|
In other words, the person is a member of the CAcert Community, as
|
|
defined by the CAcert Community Agreement (CCA).
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">The Member has a (login)
|
|
(web)Account with CAcert's on-line registration and service system.
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">The Member can be determined from
|
|
any CAcert certificate issued by the Account.
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">The Member is bound into CAcert's
|
|
Arbitration, as defined by the CCA.
|
|
</P>
|
|
<LI><P>Some personal details of the Member (Name(s), primary and
|
|
other listed email address(es), secondary distinguished feature (eg
|
|
DoB)) are known to CAcert.
|
|
</P>
|
|
</OL>
|
|
<P>The confidence level of the Assurance Statement is expressed by
|
|
the Assurance Points.
|
|
</P>
|
|
<H3>Relying Party Statement</H3>
|
|
<P>The primary goal of the Assurance Statement is to meet the needs
|
|
of the <EM>Relying Party Statement</EM>, which latter is found in the
|
|
Certification Practice Statement (<A HREF="http://svn.cacert.org/CAcert/policy.htm" TARGET="_blank">CPS</A>)
|
|
for the express purpose of certificates.
|
|
</P>
|
|
<P>When a certificate is issued, some or all of the Assurance
|
|
Statement may be incorporated (e.g. full name) or implied (e.g.
|
|
comparable name, unique certificate serial number, membership or
|
|
status) into the certificate and be part of the <EM>Relying Party
|
|
Statement</EM>. In short, this means that other Members of the
|
|
Community may rely on the information verified by Assurance and found
|
|
in the certificate.
|
|
</P>
|
|
<P>In particular, certificates are sometimes considered to provide
|
|
reliable indications of the Member's Name and eg. email address. The
|
|
nature of Assurance, the number of Assurance Points, and other
|
|
policies and processes should be understood as limitations on any
|
|
reliance.
|
|
</P>
|
|
<H2>2. The Member</H2>
|
|
<H3>Name(s) in an account</H3>
|
|
<P LANG="en-AU">In principle the Name in the CAcert web account is
|
|
identical to the name in at least one of the ID document of that
|
|
individual. Names in an ID can differ, so a CAcert account can have
|
|
more <FONT COLOR="#000000"><STRIKE>as</STRIKE></FONT><FONT COLOR="#000000"><SPAN STYLE="text-decoration: none">
|
|
than</SPAN></FONT> one Name.<BR>The technical form of a Name is a
|
|
string of characters. Each Name should be exactly copied once from a
|
|
governmental-issued photo ID. </P>
|
|
<H3>Multiple Names</H3>
|
|
<P>A Member can have multiple individual names. For example, married
|
|
name, variations of initials of first or middle names, abbreviation
|
|
of a first name, different language or country variations and
|
|
transliterations of characters in a name. Each individual Name
|
|
originating from a governmental ID must be assured to the applicable
|
|
level of 50 Assurance Points before the (comparable) name can be used
|
|
as Common Name in a certificate. </P>
|
|
<H3>Comparison of names</H3>
|
|
<P><A HREF="http://en.wikipedia.org/wiki/Transliteration" TARGET="_blank">Transliteration</A>
|
|
of characters as defined in the transliteration character table (<A HREF="http://svn.cacert.org/CAcert/Policies/transtab.utf" TARGET="_blank">UTF
|
|
Transtab</A>) for names is permitted, but the result must be 7-bit
|
|
ASCII for the full name. Transliteration is one way and is towards
|
|
7-bit ASCII. Transliteration is a way to compare two names. However
|
|
transliteration of a name makes the name less discriminative.</P>
|
|
<P>In general names are handled case insensitively.</P>
|
|
<P>Abbreviation of second given name(s), middle name(s), titles and
|
|
name extensions in the name of an individual to one character and the
|
|
dot indicating the abbreviation, is permitted. If the first given
|
|
name in the ID document is abbreviated, the first given name in the
|
|
web account Name may be abbreviated. Abbreviation of a name
|
|
makes the name less discriminative.</P>
|
|
<P>Titles and name extensions in the name of an individual may be
|
|
omitted.</P>
|
|
<P>The assurance ambition is to <FONT COLOR="#000000"><STRIKE>pursuit
|
|
for</STRIKE></FONT><FONT COLOR="#000000"> pursue</FONT> a highly
|
|
discriminative assured Name. The ambition is to have a Name in the
|
|
account with no abbreviation(s), no transliteration and case
|
|
<FONT COLOR="#000000"><STRIKE>sensitive </STRIKE></FONT><FONT COLOR="#000000">sensitivity</FONT>.</P>
|
|
<P>The Common Name and related certificate fields in the issued
|
|
certificate is dependent on the assurance of the Name in the web
|
|
account. Abbreviation and transliteration handling in the CN is
|
|
defined in the Certificate Implementation Policy (<A HREF="http://svn.cacert.org/CAcert/Policies/CertificateImplementationPolicy.html" TARGET="_blank">CIP</A>)
|
|
and is similar to the name comparison as defined in this policy.
|
|
However the Common Name may become less discriminative <FONT COLOR="#000000"><STRIKE>as</STRIKE></FONT><FONT COLOR="#000000">
|
|
than</FONT> the assured Name as the unique certificate serial number
|
|
will lead to the account of the individual in a unique way, and in
|
|
this way to the Name and email address of the individual or
|
|
organisation. The first given name in the Common Name may be
|
|
abbreviated on request.</P>
|
|
<TABLE BORDER=1 CELLPADDING=2 CELLSPACING=0>
|
|
<TR>
|
|
<TH WIDTH=25%>
|
|
<P><I>name on the ID</I></P>
|
|
</TH>
|
|
<TH WIDTH=25%>
|
|
<P><I>Name in the account</I></P>
|
|
</TH>
|
|
<TH WIDTH=25%>
|
|
<P><I>name in the certificate request</I></P>
|
|
</TH>
|
|
<TH WIDTH=25%>
|
|
<P><I>name on the issued certificate</I></P>
|
|
</TH>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P>Maria Kate Marvel-Java sr</P>
|
|
</TD>
|
|
<TD>
|
|
<P>Maria K. Marvel-Java</P>
|
|
</TD>
|
|
<TD>
|
|
<P>M. K. Marvel-Java</P>
|
|
</TD>
|
|
<TD>
|
|
<P>Maria K. Marvel-Java</P>
|
|
</TD>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P>prof. dr. John K. Marvel sr</P>
|
|
</TD>
|
|
<TD>
|
|
<P>John K. Marvel</P>
|
|
</TD>
|
|
<TD>
|
|
<P>John K. Marvel</P>
|
|
</TD>
|
|
<TD>
|
|
<P>John K. Marvel</P>
|
|
</TD>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P>Moeria Koete v. Java</P>
|
|
</TD>
|
|
<TD>
|
|
<P>Möria Kœté von Java</P>
|
|
</TD>
|
|
<TD>
|
|
<P>Möria K. v. Java</P>
|
|
</TD>
|
|
<TD>
|
|
<P>Möria K. v. Java</P>
|
|
</TD>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P>Jamé de Häring</P>
|
|
</TD>
|
|
<TD>
|
|
<P>Jame de Haering</P>
|
|
</TD>
|
|
<TD>
|
|
<P>J. d. Häring</P>
|
|
</TD>
|
|
<TD>
|
|
<P>J. d. Haering</P>
|
|
</TD>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P>Jame d. Haering</P>
|
|
</TD>
|
|
<TD>
|
|
<P>dr Jamé de Häring</P>
|
|
</TD>
|
|
<TD>
|
|
<P>John de Haering</P>
|
|
</TD>
|
|
<TD>
|
|
<P>dr Jamé de Häring</P>
|
|
</TD>
|
|
</TR>
|
|
</TABLE>
|
|
<P ALIGN=CENTER STYLE="margin-bottom: 0cm"><FONT SIZE=2>table
|
|
Examples of names in different contexts</FONT></P>
|
|
<P><STRIKE>If the governmental ID indicates for part of the Name a
|
|
type (title, first given name, secondary given name(s),
|
|
middlename(s), family name, and/or name extensions) and the Name in
|
|
the web account provides the type of name field attribute, this will
|
|
be assured in the Name account administration. </STRIKE>
|
|
</P>
|
|
<H3>Capabilities</H3>
|
|
<P>A Member has the following capabilities derived from an Assurance:
|
|
</P>
|
|
<TABLE BORDER=1 CELLPADDING=5 CELLSPACING=0>
|
|
<TR>
|
|
<TD WIDTH=10%>
|
|
<P ALIGN=LEFT><EM>Minimum Assurance Points</EM></P>
|
|
</TD>
|
|
<TD WIDTH=25%>
|
|
<P ALIGN=LEFT><EM>Capability</EM></P>
|
|
</TD>
|
|
<TD WIDTH=65%>
|
|
<P ALIGN=LEFT><EM>Comment</EM></P>
|
|
</TD>
|
|
</TR>
|
|
<TR VALIGN=TOP>
|
|
<TD>
|
|
<P ALIGN=CENTER>0</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=LEFT>request unnamed certificates</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=LEFT>although the Member's details are recorded in the
|
|
account, they are not highly assured.</P>
|
|
</TD>
|
|
</TR>
|
|
<TR VALIGN=TOP>
|
|
<TD>
|
|
<P ALIGN=CENTER>50</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=LEFT>request named certificates</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=LEFT>the name and Assurance Statement is assured to 50
|
|
Assurance Points or more</P>
|
|
</TD>
|
|
</TR>
|
|
<TR VALIGN=TOP>
|
|
<TD>
|
|
<P ALIGN=CENTER>100</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=LEFT>become an Assurer</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=LEFT>assured to 100 Assurance Points or more, and other
|
|
requirements listed below</P>
|
|
</TD>
|
|
</TR>
|
|
</TABLE>
|
|
<P ALIGN=CENTER STYLE="margin-bottom: 0cm"><FONT SIZE=2><I>table
|
|
Assurance Capability</I></FONT></P>
|
|
<P>The CAcert Policy Statement (CPS) and other policies may list
|
|
other capabilities that rely on Assurance Points.
|
|
</P>
|
|
<H2>3. The Assurer</H2>
|
|
<P>An Assurer is a Member with the following:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Is assured to a minimum of 100
|
|
Assurance Points;
|
|
</P>
|
|
<LI><P>Has passed the Assurer Challenge.
|
|
</P>
|
|
</UL>
|
|
<P>The Assurer Challenge is administered by the Education Team on
|
|
behalf of the Assurance Officer.
|
|
</P>
|
|
<H3>The Obligations of the Assurer</H3>
|
|
<P>The Assurer is obliged to:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Follow this Assurance Policy;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Follow any additional rules of
|
|
detail laid out by the Assurance Officer;
|
|
</P>
|
|
<LI><P>Be guided by the <A HREF="http://wiki.cacert.org/wiki/AssuranceHandbook2" TARGET="_blank">Assurance
|
|
Handbook</A> in their judgement;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Make a good faith effort at
|
|
identifying and verifying Members;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Maintain the documentation on each
|
|
Assurance;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Deliver documentation to
|
|
Arbitration, or as otherwise directed by the Arbitrator;
|
|
</P>
|
|
<LI><P>Keep up-to-date with developments within the CAcert
|
|
Community.
|
|
</P>
|
|
</UL>
|
|
<H2>4. The Assurance</H2>
|
|
<H3>The Assurance Process</H3>
|
|
<P>The Assurer conducts the process of Assurance with each Member.
|
|
</P>
|
|
<P>The process consists of:
|
|
</P>
|
|
<OL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Voluntary agreement by both
|
|
Assurer and Member or <FONT COLOR="#000000"><STRIKE>prospect</STRIKE></FONT><FONT COLOR="#000000">
|
|
prospective</FONT> Member to conduct the Assurance;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Personal meeting of Assurer and
|
|
Member or <FONT COLOR="#000000"><STRIKE>prospect</STRIKE></FONT><FONT COLOR="#000000">
|
|
prospective</FONT> Member;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Recording of essential details on
|
|
CAP form (below);
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Examination of Identity documents
|
|
by Assurer and verification of recorded details (Name(s) and
|
|
Secondary Distinguishing Feature, e.g., DoB);
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Allocation of Assurance Points by
|
|
Assurer;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Optional: supervision of
|
|
reciprocal Assurance made by Assuree (Mutual Assurance);
|
|
</P>
|
|
<LI><P>Safe keeping of the CAP forms by Assurer.
|
|
</P>
|
|
</OL>
|
|
<H3>Mutual Assurance</H3>
|
|
<P>Mutual Assurance follows the principle of reciprocity. This means
|
|
that the Assurance may be two-way, and that each member participating
|
|
in the Assurance procedure should be able to show evidence of their
|
|
identity to the other.
|
|
</P>
|
|
<P>In the event that an Assurer is assured by a Member who is not
|
|
certified as an Assurer, the Assurer supervises the Assurance
|
|
procedure and process, and is responsible for the results.
|
|
</P>
|
|
<P>Reciprocity maintains a balance between the (new) member and the
|
|
Assurer, and reduces any sense of power. It is also an important aid
|
|
to the assurance training for future Assurers.
|
|
</P>
|
|
<P><EM>Evidence of Assurer status</EM> <BR>On the question of
|
|
providing evidence that one is an Assurer, CAcert Policy Statement
|
|
(<A HREF="http://svn.cacert.org/CAcert/policy.htm#p3.2" TARGET="_blank">CPS</A>)
|
|
says:<EM> "The level at which each Member is Assured is public
|
|
data. The number of Assurance Points for each Member is not
|
|
published.</EM>.".
|
|
</P>
|
|
<H3>Assurance Points</H3>
|
|
<P>The Assurance applies Assurance Points to each Member which
|
|
measure the increase of confidence in the Statement (above).
|
|
Assurance Points should not be interpreted for any other purpose.
|
|
Note that, even though they are sometimes referred to as <EM>Web-of-Trust</EM>
|
|
(Assurance) Points, or <EM>Trust</EM> Points, the meaning of the word
|
|
'Trust' is not well defined.
|
|
</P>
|
|
<P><EM>Assurance Points Allocation.</EM> <BR>An Assurer can allocate
|
|
a number of Assurance Points to the Member according to the Assurer's
|
|
experience (Experience Point system, see below). The allocation of
|
|
the maximum means that the Assurer is 100% confident in the
|
|
information presented:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Detail on form, system, documents,
|
|
person in accordance;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Sufficient quality identity
|
|
documents have been checked;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Assurer's familiarity with
|
|
identity documents;
|
|
</P>
|
|
<LI><P>The Assurance Statement is confirmed.
|
|
</P>
|
|
</UL>
|
|
<P>Any lesser confidence should result in less Assurance Points for a
|
|
Name. If the Assurer has no confidence in the information presented,
|
|
then <EM>zero </EM>Assurance Points may be allocated by the
|
|
Assurer. For example, this may happen if the identity documents
|
|
are totally unfamiliar to the Assurer. The number of Assurance Points
|
|
from <EM>zero</EM> to <EM>maximum </EM>is guided by the Assurance
|
|
Handbook and the judgement of the Assurer.
|
|
</P>
|
|
<P>Multiple Names should be allocated separately in a single
|
|
Assurance. <STRIKE>That is, the Assurer may allocate the maximum to
|
|
one Name, half that amount to another Name, and zero to a third Name.</STRIKE>
|
|
</P>
|
|
<P>A (new) Member who is not an Assurer may award an Assurer in a
|
|
reciprocal process a maximum of 2 Assurance Points, according to his
|
|
judgement. The Assurer should strive to have the Member allocate
|
|
according to the Member's judgement, and stay on the cautious side a
|
|
maximum of Assurance Points per Name; a (new) Member new to the
|
|
assurance process should allocate <EM>zero</EM> Assurance Points
|
|
until they get some confidence in what is happening.</P>
|
|
<P>Each Name of a Member must have had at least two assurances to
|
|
reach 50 Assurance Points per Name. To reach 100 Assurance Points, at
|
|
least one Name of the Member must have been assured at least three
|
|
times.
|
|
</P>
|
|
<P><STRIKE>No Assurance process can give more than 50 Assurance
|
|
Points per Name. This means that to reach 50 Assurance Points
|
|
(certificate with a Name), a Member must have been assured at least
|
|
once. To reach 100 Assurance Points, at least one Name of the Member
|
|
must have been assured at least twice. </STRIKE>
|
|
</P>
|
|
<H3>Experience Points</H3>
|
|
<P>The maximum number of Assurance Points that may be awarded by an
|
|
Assurer is determined by the Experience Points of the Assurer.
|
|
</P>
|
|
<DL>
|
|
<DD>
|
|
<TABLE WIDTH=15% BORDER=1 CELLPADDING=2 CELLSPACING=0>
|
|
<TR>
|
|
<TD>
|
|
<P><EM>Assurer's Experience Points</EM></P>
|
|
</TD>
|
|
<TD>
|
|
<P><EM>Allocatable Assurance Points</EM></P>
|
|
</TD>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P ALIGN=CENTER>0</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=CENTER>10</P>
|
|
</TD>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P ALIGN=CENTER>10</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=CENTER>15</P>
|
|
</TD>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P ALIGN=CENTER>20</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=CENTER>20</P>
|
|
</TD>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P ALIGN=CENTER>30</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=CENTER>25</P>
|
|
</TD>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P ALIGN=CENTER>40</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=CENTER>30</P>
|
|
</TD>
|
|
</TR>
|
|
<TR>
|
|
<TD>
|
|
<P ALIGN=CENTER>>=50</P>
|
|
</TD>
|
|
<TD>
|
|
<P ALIGN=CENTER>35</P>
|
|
</TD>
|
|
</TR>
|
|
</TABLE>
|
|
</DL>
|
|
<P ALIGN=LEFT STYLE="margin-bottom: 0cm"><FONT SIZE=2><I>table
|
|
Maximum of Assurance Points </I></FONT></P>
|
|
<P ALIGN=LEFT STYLE="margin-bottom: 0cm"><BR>
|
|
</P>
|
|
<P>An Assurer is given a maximum of 2 Experience Points for every
|
|
completed Assurance. On reaching Assurer status, the Experience
|
|
Points start at 0 (zero).
|
|
</P>
|
|
<P>Less Experience Points (1) may be given for mass Assurance events,
|
|
where each Assurance is quicker.
|
|
</P>
|
|
<P>Additional Experience Points may be granted temporarily or
|
|
permanently to an Assurer by CAcert Inc.'s Committee (board), on
|
|
recommendation from the Assurance Officer.
|
|
</P>
|
|
<P>Experience Points are not to be confused with Assurance Points.
|
|
</P>
|
|
<H3>CAcert Assurance Programme (CAP) form</H3>
|
|
<P>The CAcert Assurance Programme (CAP) form requests the following
|
|
details of each Member or prospect Member:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Name(s), as recorded in the
|
|
on-line account;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Primary email address, as recorded
|
|
in the on-line account;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Secondary Distinguishing Feature,
|
|
as recorded in the on-line account (normally, date of birth);
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Statement of agreement with the
|
|
CAcert Community Agreement (CCA);
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Permission to the Assurer to
|
|
conduct the Assurance (required for privacy reasons);
|
|
</P>
|
|
<LI><P>Date and signature of the Assuree.
|
|
</P>
|
|
</UL>
|
|
<P>The CAP form requests the following details of the Assurer:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">At least one Name as recorded in
|
|
the on-line account of the Assurer;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Assurance Points for each Name in
|
|
the identity document(s);
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Statement of Assurance;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Optional: If the Assurance is
|
|
reciprocal, then the Assurer's email address and Secondary
|
|
Distinguishing Feature are required as well.
|
|
</P>
|
|
<LI><P>Date, location of Assurance and signature of Assurer.
|
|
</P>
|
|
</UL>
|
|
<P>The CAP forms are to be kept at least for 7 years by the Assurer.
|
|
</P>
|
|
<H2>5. The Assurance Officer</H2>
|
|
<P>The Committee (board) of CAcert Inc. appoints an Assurance Officer
|
|
with the following responsibilities:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Reporting to the Committee and
|
|
advising on all matters to do with Assurance;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Training and testing of Assurers,
|
|
in association with the Education Team;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Updating this Assurance Policy,
|
|
under the process established by Policy on Policy (<A HREF="https://www.cacert.org/policy/PolicyOnPolicy.php" TARGET="_blank">PoP</A>);
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Management of all Subsidiary
|
|
Policies (see below) for Assurances, under Policy on Policy ( <A HREF="https://www.cacert.org/policy/PolicyOnPolicy.php" TARGET="_blank">PoP</A>);
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Managing and creating rules of
|
|
detail or procedure where inappropriate for policies;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Incorporating rulings from
|
|
Arbitration into policies, procedures or guidelines;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Assisting the Arbitrator in any
|
|
requests;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Managing the Assurer Handbook;
|
|
</P>
|
|
<LI><P>Maintaining a sufficient strength in the Assurance process
|
|
(web-of-trust) to meet the agreed needs of the Community.
|
|
</P>
|
|
</UL>
|
|
<H2>6. Subsidiary Policies</H2>
|
|
<P>The Assurance Officer manages various exceptions and additional
|
|
processes. Each must be covered by an approved Subsidiary Policy
|
|
(refer to Policy on Policy => COD1). Subsidiary Policies specify
|
|
any additional tests of knowledge required and variations to process
|
|
and documentation, within the general standard stated here.
|
|
</P>
|
|
<P>Examples of expected subsidiary policies are these:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm"><EM>Remote Assurance Check
|
|
(policy);</EM>
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm"><EM>Super Assurer Policy;</EM>
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm"><EM>Junior Assurer Policy;</EM>
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm"><EM>Code Signing Policy;</EM>
|
|
</P>
|
|
<LI><P><EM>Organisation Assurance Policy and sub-policies per
|
|
country or region.</EM>
|
|
</P>
|
|
</UL>
|
|
<H3>Standard</H3>
|
|
<P>Each Subsidiary Policy must augment and improve the general
|
|
standards in this Assurance Policy. It is the responsibility of each
|
|
Subsidiary Policy to describe how it maintains and improves the
|
|
specific and overall goals. It must describe exceptions and potential
|
|
areas of risk.
|
|
</P>
|
|
<H3>High Risk Applications</H3>
|
|
<P>In addition to the Assurance or Experience Points ratings set here
|
|
in and in other policies, Assurance Officer or policies can designate
|
|
certain applications as high risk. If so, additional measures may be
|
|
added to the Assurance process that specifically address the risks. </P>
|
|
<P>Additional measures may include additional information. Additional
|
|
information can be required in process of assurance:
|
|
</P>
|
|
<UL>
|
|
<LI><DD>Unique numbers of identity documents;
|
|
</DD><LI><DD>
|
|
Photocopy of identity documents;
|
|
</DD><LI><DD>
|
|
Photo of User;
|
|
</DD><LI><DD STYLE="margin-bottom: 0.5cm">
|
|
Address of User.
|
|
</DD></UL>
|
|
<P>Additional Information is to be kept by Assurer, attached to CAP
|
|
form. Assurance Points allocation by this assurance is unchanged.
|
|
User's CAcert (web)account should be annotated to record type of
|
|
additional information:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Arbitration:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Member to participate in
|
|
Arbitration. This confirms their acceptance of the forum as well as
|
|
trains in the process and import.
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Member to file Arbitration to
|
|
present case. This allows Arbitrator as final authority.
|
|
</P>
|
|
</UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Additional training;
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Member to be Assurer (>= 100
|
|
Assurance Points and passed Assurer Challenge);
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">Member agrees to additional
|
|
specific agreement(s);
|
|
</P>
|
|
<LI><P>Additional checking/auditing of systems data by CAcert
|
|
support administrators;
|
|
</P>
|
|
</UL>
|
|
<P>Applications that might attract additional measures include
|
|
code-signing certificates and administration roles.
|
|
</P>
|
|
<H2>Privacy</H2>
|
|
<P>CAcert is a "privacy" organisation, and takes the
|
|
privacy of its Members seriously. The process maintains the security
|
|
and privacy of both parties.
|
|
</P>
|
|
<P>Information is collected primarily to make claims within the
|
|
certificates requested by users and to contact the Members. It is
|
|
used secondarily for training, testing, administration and other
|
|
internal purposes.
|
|
</P>
|
|
<P>The Member's information can be accessed under these
|
|
circumstances:
|
|
</P>
|
|
<UL>
|
|
<LI><P STYLE="margin-bottom: 0cm">Under Arbitrator ruling, in a duly
|
|
filed dispute (<A HREF="http://www.cacert.org/policy/DisputeResolutionPolicy.html" TARGET="_blank">Dispute
|
|
Resolution Policy</A> => COD7)
|
|
</P>
|
|
<LI><P STYLE="margin-bottom: 0cm">An Assurer in the process of an
|
|
Assurance, as permitted on the CAP form.
|
|
</P>
|
|
<LI><P>CAcert support administration and CAcert systems
|
|
administration when operating under the authority of Arbitrator or
|
|
under CAcert policy.
|
|
</P>
|
|
</UL>
|
|
<P><A HREF="http://validator.w3.org/check?uri=referer"><IMG SRC="../Images/valid-xhtml11-blue" NAME="graphics2" ALT="Valid XHTML 1.1" ALIGN=BOTTOM WIDTH=90 HEIGHT=33 BORDER=0></A>
|
|
</P>
|
|
</BODY>
|
|
</HTML>
|