f7120cb9a8
git-svn-id: http://svn.cacert.org/CAcert/Policies@2106 14b1bab8-4ef6-0310-b690-991c95c89dfd
214 lines
6.7 KiB
HTML
214 lines
6.7 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
|
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<title> CAcert -- TTP-Assisted Assurance Policy </title>
|
|
<style type="text/css">
|
|
<!--
|
|
.comment {
|
|
color : steelblue;
|
|
}
|
|
-->
|
|
</style>
|
|
|
|
</head>
|
|
<body>
|
|
<div class="comment">
|
|
<table width="100%">
|
|
|
|
<tr>
|
|
<td>
|
|
Name: TTP-Assist <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD13.2</a><br />
|
|
Status: DRAFT <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20100913">p20100913</a><br />
|
|
Editor: Iang<br />
|
|
Licence: <a href="//wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br />
|
|
</td>
|
|
<td valign="top" align="right">
|
|
<a href="//www.cacert.org/policy/PolicyOnPolicy.php"><img src="images/cacert-draft.png" alt="TTP-Assist Status - DRAFT" height="31" width="88" style="border-style: none;" /></a>
|
|
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
|
|
<h1> TTP-Assisted Assurance Policy </h1>
|
|
|
|
<h2 id="s0"> 0. Preliminaries </h2>
|
|
<p>
|
|
This sub-policy extends the
|
|
<a href="//www.cacert.org/policy/AssurancePolicy.php">
|
|
Assurance Policy</a> ("AP" => COD13)
|
|
by specifying how Assurers can be assisted by
|
|
outsourcing the identity documents verification
|
|
component of assurance to trusted third parties (TTPs).
|
|
Other definitions and terms can be found in AP or in
|
|
<a href="//wiki.cacert.org/AssuranceHandbook">Assurance Handbook</a>
|
|
("AH").
|
|
</p>
|
|
|
|
<h2 id="s1"> 1. Scope </h2>
|
|
<p>
|
|
This sub-policy is restricted to members located
|
|
in areas not well-served with Assurers.
|
|
It serves a goal of promoting both Assurers and Members in those areas.
|
|
</p>
|
|
|
|
<h2 id="s2"> 2. Roles </h2>
|
|
|
|
<h3 id="s2.1"> 2.1 Trusted Third Party </h3>
|
|
<p>
|
|
A Trusted Third Party ("TTP") is a person who is traditionally respected
|
|
for making reliable statements to others, especially over identification
|
|
documents. Typically, notaries public (anglo),
|
|
Notaries (European), bank managers, accountants
|
|
and lawyers.
|
|
</p>
|
|
|
|
<h3 id="s2.2"> 2.2 The Assurer (aka TTP-admin) </h3>
|
|
<p>
|
|
To employ a TTP in an assurance,
|
|
the Assurer must be a <a href="//wiki.cacert.org/SeniorAssurer">Senior Assurer</a>.
|
|
The Assurer must be familiar with the local
|
|
language and customs.
|
|
</p>
|
|
|
|
<h3 id="s2.3"> 2.3 Member </h3>
|
|
|
|
<p>
|
|
A Member ("assuree") who is located in a place not well-served
|
|
by Assurers may use the TTP-assisted assurance.
|
|
</p>
|
|
|
|
<h2 id="s3"> 3. The Assurance </h2>
|
|
|
|
<p>
|
|
Assurance assisted by TTP must meet these requirements:
|
|
</p>
|
|
<ol type="a"><li>
|
|
The Assurer must positively confirm the identity and
|
|
suitability of the TTP.
|
|
</li><li>
|
|
The TTP and the Member must meet face-to-face.
|
|
</li><li>
|
|
The TTP confirms the details supporting the Assurance Statement.
|
|
</li><li>
|
|
The Assurer makes a reliable statement to confirm the
|
|
Assurance Statement.
|
|
</li><li>
|
|
Assurance must be marked as TTP-Assisted
|
|
(e.g., by use of TTPAdmin flag).
|
|
</li></ol>
|
|
|
|
|
|
|
|
<h2 id="s4"> 4. Assurance Officer ("AO") </h2>
|
|
<p>
|
|
The Board routinely delegates its responsibilities to the
|
|
Assurance Officer (and this section assumes that, but does
|
|
not require it).
|
|
</p>
|
|
|
|
<p>
|
|
A report is requested annually from the Assurance Officer
|
|
on performance of this policy for the association's
|
|
annual report.
|
|
</p>
|
|
<h3 id="s4.1"> 4.1 Practice </h3>
|
|
<p>
|
|
Assurance Officer should prepare a
|
|
<a href="//wiki.cacert.org/TTP">detailed documentation</a>
|
|
under
|
|
<a href="//wiki.cacert.org/AssuranceHandbook">AH</a>
|
|
that meets the needs of this policy, including:
|
|
</p>
|
|
<ul><li>
|
|
Form for TTPs
|
|
</li><li>
|
|
Guide for TTPs.
|
|
</li><li>
|
|
Form for TTP-assisted assurance (used by Assurer)
|
|
</li><li>
|
|
Guide and protocol for Assurers.
|
|
</li><li>
|
|
Mechanisms for contacting Assurers available for
|
|
TTP-assisted assurances.
|
|
</li><li>
|
|
Definition of
|
|
<a href="//wiki.cacert.org/SeniorAssurer">
|
|
Senior Assurer</a>.
|
|
</li></ul>
|
|
|
|
<h3 id="s4.2"> 4.2 Deserts </h3>
|
|
<p>
|
|
The Assurance Officer maintains a
|
|
<a href="//wiki.cacert.org/deserts">list of regions</a>
|
|
that are designated as '<i>deserts,</i>' being areas that are so short
|
|
of Assurers as to render face-to-face Assurance impractical.
|
|
In each region, approved types of TTP are listed (e.g., Notary).
|
|
The list is expected to vary according to the
|
|
different juridical traditions of different regions.
|
|
Changes to the regional lists are prepared by
|
|
either an Organisation Assurer for that region
|
|
(as described by OAP)
|
|
or by two Assurers familiar with the traditions
|
|
in that region.
|
|
Changes are then submitted to the Board for approval.
|
|
</p>
|
|
<p>
|
|
Use of a type of TTP not on the list must be approved by
|
|
AO and notified to Board.
|
|
It is an explicit goal to reduce the usage of
|
|
TTP-assisted assurances in favour of face-to-face Assurance.
|
|
<p>
|
|
|
|
<p>
|
|
In coordination with internal and external auditors,
|
|
the Assurance Officer shall design and implement a
|
|
suitable programme to meet the needs of audit.
|
|
Where approved by auditors or Board, the Assurance
|
|
Officer may document and implement minor variations to this policy.
|
|
</p>
|
|
|
|
<h2 id="s5"> 5. Topup Assurance </h2>
|
|
|
|
<p>
|
|
AO is to operate a <cite>Topup Assurance Programme</cite>
|
|
to help seed deserts with Assurers.
|
|
A topup assurance will add additional Assurance Points
|
|
to those gained from two previously conducted TTP-assisted assurances,
|
|
in order for a Member to reach 100 Assurance Points
|
|
for the express purpose of becoming an Assurer.
|
|
</p>
|
|
|
|
<p>
|
|
A topup assurance is conducted by a third Senior Assurer
|
|
according to the following requirements:
|
|
</p>
|
|
|
|
<ol><li>
|
|
Assurer Challenge must be completed as passed by Member.
|
|
</li><li>
|
|
The topup must be requested by Member for
|
|
purpose of enabling the Member to reach Assurer level.
|
|
</li><li>
|
|
Topup Assurer must be a Senior Assurer,
|
|
and must be independent of the TTP-assist Assurers.
|
|
</li><li>
|
|
The Topup Assurer reviews the two TTP-assisted assurances,
|
|
and conducts other checks as set by the Assurance Officer.
|
|
The normal face-to-face meeting is not conducted.
|
|
</li><li>
|
|
Topup Assurer may award up to 35 points.
|
|
</li><li>
|
|
Assurance must be marked as Topup
|
|
(e.g., by use of new feature with TTPAdmin flag).
|
|
</ol></li>
|
|
|
|
<p>
|
|
Each topup is to be reported to AO.
|
|
Topup is only available in designated deserts.
|
|
</p>
|
|
|
|
</body>
|
|
</html>
|