diff --git a/www/policy/CAcertCommunityAgreement.php b/www/policy/CAcertCommunityAgreement.php
new file mode 100644
index 0000000..4725355
--- /dev/null
+++ b/www/policy/CAcertCommunityAgreement.php
@@ -0,0 +1,512 @@
+
+
+
+
CAcert Community Agreement
+
+
+
+
+
+ 0. Introduction
+
+
+This agreement is between
+you, being a registered member ("Member")
+within CAcert's community at large ("Community")
+and CAcert Incorporated ("CAcert"),
+being an operator of services to the Community.
+
+
+
+-
+ "CAcert"
+ means CAcert Inc.,
+ a non-profit Association of Members incorporated in
+ New South Wales, Australia.
+ Note that Association Members are distinct from
+ the Members defined here.
+
-
+ "Member"
+ means you, a registered participant within CAcert's Community,
+ with an account on the website and the
+ facility to request certificates.
+ Members may be individuals ("natural persons")
+ or organisations ("legal persons").
+
-
+ "Organisation"
+ is defined under the Organisation Assurance programme,
+ and generally includes corporations and other entities
+ that become Members and become Assured.
+
-
+ "Community"
+ means all of the Members
+ that are registered by this agreement
+ and other parties by other agreements,
+ all being under CAcert's Arbitration.
+
-
+ "Non-Related Person" ("NRP"),
+ being someone who is not a
+ Member, is not part of the Community,
+ and has not registered their agreement.
+ Such people are offered the NRP-DaL
+ another agreement allowing the USE of certificates.
+
-
+ "Non-Related Persons - Disclaimer and Licence" ("NRP-DaL"),
+ another agreement that is offered to persons outside the
+ Community.
+
-
+ "Arbitration"
+ is the Community's forum for
+ resolving disputes, or jurisdiction.
+
-
+ "Dispute Resolution Policy" ("DRP" => COD7)
+ is the policy and
+ rules for resolving disputes.
+
-
+ "USE"
+ means the act by your software
+ to conduct its tasks, incorporating
+ the certificates according to software procedures.
+
-
+ "RELY"
+ means your human act in taking on a
+ risk and liability on the basis of the claim(s)
+ bound within a certificate.
+
-
+ "OFFER"
+ means the your act
+ of making available your certificate to another person.
+ Generally, you install and configure your software
+ to act as your agent and facilite this and other tasks.
+ OFFER does not imply suggestion of reliance.
+
-
+ "Issue"
+ means creation of a certificate by CAcert.
+ To create a certificate,
+ CAcert affixes a digital signature from the root
+ onto a public key and other information.
+ This act would generally bind a statement or claim,
+ such as your name, to your key.
+
-
+ "Root"
+ means CAcert's top level key,
+ used for signing certificates for Members.
+ In this document, the term includes any subroots.
+
-
+ "CAcert Official Document" ("COD" => COD3)
+ in a standard format for describing the details of
+ operation and governance essential to a certificate authority.
+ Changes are managed and controlled.
+ CODs define more technical terms.
+ See 4.2 for listing of relevant CODs.
+
-
+ "Certification Practice Statement" ("CPS" => COD6)
+ is the document that controls details
+ about operational matters within CAcert.
+
+
+
+ 1. Agreement and Licence
+
+ 1.1 Agreement
+
+
+You and CAcert both agree to the terms and conditions
+in this agreement.
+Your agreement is given by any of
+
+
+-
+ your signature on a form to request assurance of identity
+ ("CAP" form),
+
-
+ your request on the website
+ to join the Community and create an account,
+
-
+ your request for Organisation Assurance,
+
-
+ your request for issuing of certificates, or
+
-
+ if you USE, RELY, or OFFER
+ any certificate issued to you.
+
+
+
+Your agreement
+is effective from the date of the first event above
+that makes this agreement known to you.
+This Agreement
+replaces and supercedes prior agreements,
+including the NRP-DaL.
+
+
+
+ 1.2 Licence
+
+
+As part of the Community, CAcert offers you these rights:
+
+
+-
+ You may USE any certificates issued by CAcert.
+
-
+ You may RELY on any certificate issued by CAcert,
+ as explained and limited by CPS (COD6).
+
-
+ You may OFFER certificates issued to you by CAcert
+ to Members for their RELIANCE.
+
-
+ You may OFFER certificates issued to you by CAcert
+ to NRPs for their USE, within the general principles
+ of the Community.
+
-
+ This Licence is free of cost,
+ non-exclusive, and non-transferrable.
+
+
+ 1.3 Your Contributions
+
+
+
+You agree to a non-exclusive non-restrictive non-revokable
+transfer of Licence to CAcert for your contributions.
+That is, if you post an idea or comment on a CAcert forum,
+or email it to other Members,
+your work can be used freely by the Community for
+CAcert purposes, including placing under CAcert's licences
+for wider publication.
+
+
+
+You retain authorship rights, and the rights to also transfer
+non-exclusive rights to other parties.
+That is, you can still use your
+ideas and contributions outside the Community.
+
+
+
+Note that the following exceptions override this clause:
+
+
+-
+ Contributions to controlled documents are subject to
+ Policy on Policy ("PoP" => COD1)
+
-
+ Source code is subject to an open source licence regime.
+
+
+ 1.4 Privacy
+
+
+
+You give rights to CAcert to store, verify and process
+and publish your data in accordance with policies in force.
+These rights include shipping the data to foreign countries
+for system administration, support and processing purposes.
+Such shipping will only be done among
+CAcert Community administrators and Assurers.
+
+
+
+Privacy is further covered in the Privacy Policy ("PP" => COD5).
+
+
+ 2. Your Risks, Liabilities and Obligations
+
+
+As a Member, you have risks, liabilities
+and obligations within this agreement.
+
+
+
+
+-
+ A certificate may prove unreliable.
+
-
+ Your account, keys or other security tools may be
+ lost or otherwise compromised.
+
-
+ You may find yourself subject to Arbitration
+ (DRP => COD7).
+
+
+ 2.2 Liabilities
+
+-
+ You are liable for any penalties
+ as awarded against you by the Arbitrator.
+
-
+ Remedies are as defined in the DRP (COD7).
+ An Arbitrator's ruling may
+ include monetary amounts, awarded against you.
+
-
+ Your liability is limited to
+ a total maximum of
+ 1000 Euros.
+
-
+ "Foreign Courts" may assert jurisdiction.
+ These include your local courts, and are outside our Arbitration.
+ Foreign Courts will generally refer to the Arbitration
+ Act of their country, which will generally refer
+ civil cases to Arbitration.
+ The Arbitration Act will not apply to criminal cases.
+
+
+ 2.3 Obligations
+
+
+ You are obliged
+
+
+-
+ to provide accurate information
+ as part of Assurance.
+ You give permission for verification of the information
+ using CAcert-approved methods.
+
-
+ to make no false representations.
+
-
+ to submit all your disputes to Arbitration
+ (DRP => COD7).
+
+
+ 2.4 Principles
+
+
+As a Member of CAcert, you are a member of
+the Community.
+ You are further obliged to
+ work within the spirit of the Principles
+ of the Community.
+ These are described in
+ Principles of the Community.
+
+
+ 2.5 Security
+
+CAcert exists to help you to secure yourself.
+You are primarily responsible for your own security.
+Your security obligations include
+
+
+-
+ to secure yourself and your computing platform (e.g., PC),
+
-
+ to keep your email account in good working order,
+
-
+ to secure your CAcert account
+ (e.g., credentials such as username, password),
+
-
+ to secure your private keys,
+
-
+ to review certificates for accuracy,
+ and
+
-
+ when in doubt, notify CAcert,
+
-
+ when in doubt, take other reasonable actions, such as
+ revoking certificates,
+ changing account credentials,
+ and/or generating new keys.
+
+
+
+Where, above, 'secure' means to protect to a reasonable
+degree, in proportion with your risks and the risks of
+others.
+
+
+ 3. Law and Jurisdiction
+
+ 3.1 Governing Law
+
+
+This agreement is governed under the law of
+New South Wales, Australia,
+being the home of the CAcert Inc. Association.
+
+
+ 3.2 Arbitration as Forum of Dispute Resolution
+
+
+You agree, with CAcert and all of the Community,
+that all disputes arising out
+of or in connection to our use of CAcert services
+shall be referred to and finally resolved
+by Arbitration under the rules within the
+Dispute Resolution Policy of CAcert
+(DRP => COD7).
+The rules select a single Arbitrator chosen by CAcert
+from among senior Members in the Community.
+The ruling of the Arbitrator is binding and
+final on Members and CAcert alike.
+
+
+
+In general, the jurisdiction for resolution of disputes
+is within CAcert's own forum of Arbitration,
+as defined and controlled by its own rules (DRP => COD7).
+
+
+
+We use Arbitration for many purposes beyond the strict
+nature of disputes, such as governance and oversight.
+A systems administrator may
+need authorisation to conduct a non-routine action,
+and Arbitration may provide that authorisation.
+Thus, you may find yourself party to Arbitration
+that is simply support actions, and you may file disputes in
+order to initiate support actions.
+
+
+ 3.3 Termination
+
+You may terminate this agreement by resigning
+from CAcert. You may do this at any time by
+writing to CAcert's online support forum and
+filing dispute to resign.
+All services will be terminated, and your
+certificates will be revoked.
+However, some information will continue to
+be held for certificate processing purposes.
+
+
+
+The provisions on Arbitration survive any termination
+by you by leaving CAcert.
+That is, even if you resign from CAcert,
+you are still bound by the DRP (COD7),
+and the Arbitrator may reinstate any provision of this
+agreement or bind you to a ruling.
+
+
+
+Only the Arbitrator may terminate this agreement with you.
+
+
+ 3.4 Changes of Agreement
+
+
+CAcert may from time to time vary the terms of this Agreement.
+Changes will be done according to the documented CAcert policy
+for changing policies, and is subject to scrutiny and feedback
+by the Community.
+Changes will be notified to you by email to your primary address.
+
+
+
+If you do not agree to the changes, you may terminate as above.
+Continued use of the service shall be deemed to be agreement
+by you.
+
+
+ 3.5 Communication
+
+
+Notifications to CAcert are to be sent by
+email to the address
+support at CAcert.org.
+You should attach a digital signature,
+but need not do so in the event of security
+or similar urgency.
+
+
+
+Notifications to you are sent
+by CAcert to the primary email address
+registered with your account.
+You are responsible for keeping your email
+account in good working order and able
+to receive emails from CAcert.
+
+
+
+Arbitration is generally conducted by email.
+
+
+ 4. Miscellaneous
+
+ 4.1 Other Parties Within the Community
+
+
+As well as you and other Members in the Community,
+CAcert forms agreements with third party
+vendors and others.
+Thus, such parties will also be in the Community.
+Such agreements are also controlled by the same
+policy process as this agreement, and they should
+mirror and reinforce these terms.
+
+
+
+ 4.2 References and Other Binding Documents
+
+
+This agreement is CAcert Official Document 9 (COD9)
+and is a controlled document.
+
+
+
+You are also bound by
+
+
+-
+
+ Certification Practice Statement (CPS => COD6).
+
-
+
+ Dispute Resolution Policy (DRP => COD7).
+
-
+
+ Privacy Policy (PP => COD5).
+
-
+
+ Principles of the Community.
+
+
+
+Where documents are referred to as => COD x,
+they are controlled documents
+under the control of Policy on Policies (COD1).
+
+
+
+This agreement and controlled documents above are primary,
+and may not be replaced or waived except
+by formal policy channels and by Arbitration.
+
+
+ 4.3 Informative References
+
+
+The governing documents are in English.
+Documents may be translated for convenience.
+Because we cannot control the legal effect of translations,
+the English documents are the ruling ones.
+
+
+
+You are encouraged to be familiar with the
+Assurer Handbook,
+which provides a more readable introduction for much of
+the information needed.
+The Handbook is not however an agreement, and is overruled
+by this agreement and others listed above.
+
+
+ 4.4 Not Covered in this Agreement
+
+
+Intellectual Property.
+This Licence does not transfer any intellectual
+property rights ("IPR") to you. CAcert asserts and
+maintains its IPR over its roots, issued certificates,
+brands, logos and other assets.
+Note that the certificates issued to you
+are CAcert's intellectual property
+and you do not have rights other than those stated.
+
+
+
+
+
diff --git a/www/policy/DisputeResolutionPolicy.php b/www/policy/DisputeResolutionPolicy.php
new file mode 100644
index 0000000..8b103d3
--- /dev/null
+++ b/www/policy/DisputeResolutionPolicy.php
@@ -0,0 +1,639 @@
+
+
+
+
+Dispute Resulution Policy
+
+
+
+
+
+
+ DRP |
+ |
+ Teus Hagen |
+
+
+
+ POLICY m20070919.3 |
+ |
+
+ $Date: 2008/01/18 22:56:31 $
+
+ |
+
+
+
+ COD7 |
+ |
+ |
+
+
+
+
+ |
+ Dispute Resolution Policy |
+ |
+
+
+
+
+
+ 0. Introduction
+
+
+This is the Dispute Resolution Policy for CAcert.
+Disputes arising out of
+operations by CAcert and interactions between
+users may be addressed through this policy.
+This document also presents the rules for
+resolution of disputes.
+
+
+ 0.1 Nature of Disputes
+
+
+Disputes include:
+
+
+-
+ Requests for non-routine support actions.
+ CAcert support team has no authority to
+ act outside the normal support facilities made
+ available to Users;
+
-
+ Classical disputes where a User or another
+ assert claims and demand remedies;
+
-
+ Requests by external organisations, including
+ legal processes from foreign courts;
+
-
+ Events initiated for training purposes.
+
+
+ 1. Filing
+
+ 1.1 Filing Party
+
+Anyone may file a dispute.
+In filing, they become Claimants.
+
+
+ 1.2 Channel for Filing
+
+
+Disputes are filed by being sent to the normal
+support channel of CAcert,
+and a fee may be payable.
+
+
+
+Such fees as are imposed on filing will be specified
+on the dispute resolution page of the website.
+
+
+ 1.3 Case Manager
+
+The Case Manager (CM) takes control of the filing.
+
+
+-
+ CM makes an initial determination as
+ to whether this filing is a dispute
+ for resolution, or it is a request
+ for routine support.
+
-
+ CM logs the case and establishes such
+ documentation and communications support as is customary.
+
-
+ If any party acts immediately on the filing
+ (such as an urgent security action),
+ the CM names these parties to the case.
+
-
+ CM selects the Arbitrator.
+
+
+
+The personnel within the CAcert support team
+are Case Managers, by default, or as directed
+by the Dispute Resolution Officer.
+
+
+ 1.4 Contents
+
+The filing must specify:
+
+
+-
+ The filing party(s), being the Claimant(s).
+
-
+ The party(s) to whom the complaint is addressed to,
+ being the Respondent(s).
+ This will be CAcert in the
+ case of requests for support actions.
+ It may be a User (possibly unidentified) in the
+ case where one User has given rise to a complaint against another.
+
-
+ The Complaint.
+ For example, a trademark has been infringed,
+ privacy has been breached,
+ or a user has defrauded using a certificate.
+
-
+ The action(s) requested by the filing party
+ (technically, called the relief).
+ For example, to delete an account,
+ to revoke a certificate, or to stop a
+ trademark infringement.
+
+
+
+If the filing is inadequate for lack of information
+or for format, the Case Manager
+may refile with the additional information,
+attaching the original messages.
+
+
+ 1.5 The Arbitrator
+
+
+The Case Manager selects the Arbitrator according
+to the mechanism managed by the Dispute Resolution Officer
+and approved from time to time.
+This mechanism is to maintain a list of Arbitrators available for
+dispute resolution.
+Each selected Arbitrator has the right to decline the dispute,
+and should decline a dispute with which there exists a conflict
+of interest.
+The reason for declining should be stated.
+If no Arbitrator accepts the dispute, the case is
+closed with status "declined."
+
+
+
+Arbitrators are experienced Assurers of CAcert.
+They should be independent and impartial, including
+of CAcert itself where it becomes a party.
+
+
+ 2. The Arbitration
+
+
+ 2.1 Authority
+
+
+The Board of CAcert and the Users vest in Arbitrators
+full authority to hear disputes and deliver rulings
+which are binding on CAcert and the Users.
+
+
+
+ 2.2 Preliminaries
+
+
+The Arbitrator conducts some preliminaries:
+
+
+-
+ The Arbitrator reviews the available documentation
+ and affirms the rules of dispute resolution.
+ Jurisdiction is established, see below.
+
-
+ The Arbitrator affirms the governing law (NSW, Australia).
+ The Arbitrator may select local law and local
+ procedures where Claimants and all Respondents
+ agree, are under such jurisdiction, and it is deemed
+ more appropriate.
+ However, this is strictly limited to those parties,
+ and especially, CAcert and other parties
+ remains under the governing law.
+
-
+ The Arbitrator reviews the Respondents and Claimants
+ with a view to dismissal or joining of additional parties.
+ E.g., support personel may be joined if emergency action was
+ taken.
+
-
+ Any parties that are not Users and are not bound
+ by the CPS are given the opportunity to enter into
+ CAcert and be bound by the CPS and these rules of arbitration.
+ If these Non-Related Persons (NRPs) remain outside,
+ their rights and remedies under CAcert's policies
+ and forum are strictly limited to that specified in the
+ Non-Related Persons -- Disclaimer and Licence.
+ NRPs may proceed with Arbitration subject to preliminary orders
+ of the Arbitrator.
+
-
+ Participating Users may not resign until the completion of the case.
+
-
+ The Arbitrator confirms that all parties accept
+ the forum of dispute resolution.
+ This is especially important where a User might be
+ in a country with no Arbitration Act in law, or
+ where there is reason to believe that a party might
+ go to an external court.
+
-
+ The Arbitrator confirms that parties are representing
+ themselves. Parties are entitled to be legally
+ represented, but are not encouraged to do so,
+ bearing in mind the volunteer nature of the
+ organisation and the size of the dispute.
+ If they do so they must declare such, including any
+ changes.
+
-
+ The Arbitrator may appoint experienced Assurers
+ to assist and represent parties, especially for NRPs.
+ The Case Manager must not to provide such assistance.
+
-
+ The Arbitrator is bound to maintain the balance
+ of legal fairness.
+
-
+ The Arbitrator may make any preliminary orders,
+ including protection orders and orders referring
+ to emergency actions already taken.
+
-
+ The Arbitrator may request any written pleadings,
+ counterclaim, and/or statements of defence.
+
+
+
+ 2.3 Jurisdiction
+
+
+Jurisidiction - the right or power to hear and rule on
+disputes - is initially established by clauses in the
+User agreements for all CAcert Users.
+The agreement must establish:
+
+
+-
+ That all Parties agree to binding Arbitration
+ in CAcert's forum of dispute resolution;
+
-
+ for all disputes relating to activities within
+ CAcert, issued certificates, roles and actions, etc;
+
-
+ as defined by these rules, including the selection
+ of a single Arbitrator;
+
-
+ under the Law of NSW, Australia; and
+
-
+ the Parties keep email accounts in good working order.
+
+
+
+An external court may have ("assert") jurisdiction to decide on
+issues such as trademark, privacy, contract and fraud,
+and may do so with legal remedies.
+These are areas where jurisdiction may need
+to be considered carefully:
+
+
+-
+ Where NRPs, being not members of CAcert and not
+ bound by agreement, are parties to the dispute.
+ E.g., intellectual property disputes may involve
+ NRPs and their trademarks;
+
-
+ criminal actions or actions likely to result in criminal
+ proceedings,
+ e.g., fraud;
+
-
+ Contracts between Users that were formed without
+ a clause to seek arbitration in the forum;
+
-
+ Areas where laws fall outside the Arbitration Act,
+ such as privacy;
+
-
+ Legal process (subpoenas, etc) delivered by
+ an external court of "competent jurisdiction."
+
+
+
+The Arbitrator must consider jurisdiction and rule on a
+case by case basis whether jurisdiction is asserted,
+either wholly or partially, or declines to hear the case.
+In the event of asserting
+jurisdiction, and a NRP later decides to pursue rights in
+another forum, the Arbitrator should seek the agreement
+of the NRP to file the ruling as part of the new case.
+
+
+ 2.4 Basis in Law
+
+
+Each country generally has an Arbitration Act
+that elevates Arbitration as a strong dispute
+resolution forum.
+The Act generally defers to Arbitration
+if the parties have so agreed.
+That is, as Users of CAcert, you agree to resolve
+all disputes before CAcert's forum.
+This is sometimes called private law
+or alternative dispute resolution.
+
+
+
+As a matter of public policy, courts will generally
+refer any case back to Arbitration.
+Users should understand that they will have
+strictly limited rights to ask the courts to
+seek to have a case heard or to override a Ruling.
+
+
+
+ 2.5 External Courts
+
+
+ When an external court claims and asserts its jurisdiction,
+ and issues a court order, subpoena or other service to CAcert,
+ the CM files the order as a dispute, with the external court
+ as Claimant.
+ The CM and other support staff are granted no authority to
+ act on the basis of any court order, and ordinarily
+ must await the order of the Arbitrator
+ (which might simply be a repeat of the external court order).
+
+
+
+ The Arbitrator establishes the bona fides of the
+ court, and rules.
+ The Arbitrator may rule to reject the order,
+ for jurisdiction or other reasons.
+ By way of example, if all Parties are registered Users,
+ then jurisdiction more normally falls within the forum.
+ If the Arbitrator rules to reject,
+ he should do so only after consulting with CAcert counsel.
+ The Arbitrator's jurisidiction is ordinarily that of
+ dealing with the order, and
+ not that which the external court has claimed to.
+
+
+
+ 2.6 Process
+
+
+The Arbitrator follows the procedure:
+
+
+
+-
+ Establish the facts.
+ The Arbitrator collects the evidence from the parties.
+ The Arbitrator may order CAcert or Users under
+ jurisdiction to provide support or information.
+ The Arbitrator may use email, phone or face-to-face
+ meetings as proceedings.
+
-
+ Apply the Rules of Dispute Resolution,
+ the policies of CAcert and the governing law.
+ The Arbitrator may request that the parties
+ submit their views.
+ The Arbitrator also works to the mission of CAcert,
+ the benefit of all Users, and the community as a whole.
+ The Arbitrator may any assistance.
+
-
+ Makes a considered Ruling.
+
+
+ 3. The Ruling
+
+ 3.1 The Contents
+
+
+The Arbitrator records:
+
+
+-
+ The Identification of the Parties,
+
-
+ The Facts,
+
-
+ The logic of the rules and law,
+
-
+ The directions and actions to be taken by each party
+ (the ruling).
+
-
+ The date and place that the ruling is rendered.
+
+
+
+ 3.2 Process
+
+Once the Ruling is delivered, the case is closed.
+The Case Manager is responsible for recording the
+Ruling, publishing it, and advising users.
+
+
+
+Proceedings are ordinarily private.
+The Ruling is ordinarily published,
+within the bounds of the Privacy Policy.
+The Ruling is written in English.
+
+
+
+Only under exceptional circumstances can the
+Arbitrator declare the Ruling private under seal.
+Such a declaration must be reviewed in its entirety
+by the Board,
+and the Board must confirm or deny that declaration.
+If it confirms, the existance of any Rulings under seal
+must be published to the Users in a timely manner
+(within days).
+
+
+ 3.3 Binding and Final
+
+
+The Ruling is binding and final on CAcert and all Users.
+Ordinarily, all Users agree to be bound by this dispute
+resolution policy. Users must declare in the Preliminaries
+any default in agreement or binding.
+
+
+
+If a person who is not a User is a party to the dispute,
+then the Ruling is not binding and final on that person,
+but the Ruling must be presented in filing any dispute
+in another forum such as the person's local courts.
+
+
+ 3.4 Re-opening the Case or Appeal
+
+
+In the case of clear injustices, egregious behaviour or
+unconscionable Rulings, parties may seek to re-open the
+case by filing a dispute. The new Arbitrator
+reviews the new dispute,
+re-examines and reviews the entire case, then rules on
+whether the case may be re-opened or not.
+
+
+
+If the new Arbitrator rules the case be re-opened,
+then it is referred to the Board of CAcert Inc.
+The Board hears the case and delivers a final
+and binding Ruling.
+
+
+ 3.5 Liability
+
+
+All liability of the Arbitrator for any act in
+connection with deciding a dispute is excluded
+by all parties, provided such act does not constitute
+an intentional breach of duty.
+All liability of the Arbitrators, CAcert, its officers and its
+employees (including Case Manager)
+for any other act or omission in connection with
+arbitration proceedings is excluded, provided such acts do not
+constitute an intentional or grossly negligent breach of duty.
+
+
+
+The above provisions may only be overridden by
+appeal process (by means of a new dispute causing
+referral to the Board).
+
+
+ 3.6 Remedies
+
+
+The Arbitrator generally instructs using internal remedies,
+that is ones that are within the general domain of CAcert,
+but there are some external remedies at his disposal.
+He may rule and instruct any of the parties on these issues.
+
+
+-
+ "community service" typically including
+
-
+ attend and assure people at trade shows / open source gatherings,
+
-
+ writing documentation
+
-
+ serve in role - support, dispute arbitration
+
+ or others as decided.
+
+ -
+ Fined by loss of assurance points, which may result
+ in losing Assurer or Assured status.
+
+
-
+ Retraining in role.
+
+
-
+ Revoking of any certificates.
+
+
-
+ Monetary fine up to the liability cap established for
+ each party as described in the Registered User Agreement.
+
+
-
+ Exclusion from community.
+
+
-
+ Reporting to applicable authorities.
+
+
-
+ Changes to policies and procedures.
+
+
+
+
+The Arbitrator is not limited within the general domain
+of CAcert, and may instruct novel remedies as seen fit.
+Novel remedies outside the domain may be routinely
+confirmed by the Board by way of appeals process,
+in order to establish precedent.
+
+
+ 4. Appendix
+
+
+ 4.1 The Advantages of this Forum
+
+The advantage of this process for Users is:
+
+
+-
+ CAcert and Users operate across many jurisdictions.
+ Arbitration allows us to select a single set of
+ rules across all jurisdictions.
+
-
+ Arbitration allows CAcert to appropriately separate
+ out the routine support actions from difficult dispute
+ actions. Support personnel have no authority to
+ act, the appropriately selected Arbitrator has all
+ authority to act.
+ Good governance is thus maintained.
+
-
+ This forum allows CAcert Users to look after themselves
+ in a community, without exposing each other to potentially
+ disastrous results in strange courts from foreign lands.
+
-
+ By volunteering to resolve things "in-house" the costs
+ are reduced.
+
-
+ Even simple support issues such as password changing
+ can be improved by treating as a dispute. A clear
+ chain of request, analysis, ruling and action can be established.
+
-
+ CAcert Assurers can develop the understanding and the rules
+ for sorting out own problems far better than courts or
+ other external agencies.
+
+
+ 4.2 The Disadvantages of this Forum
+
+
+Some disadvantages exist.
+
+
+-
+ Users may have their rights trampled over.
+ In such a case, the community should strive to
+ re-open the case and refer it to the board.
+
-
+ Users may feel overwhelmed by the formality
+ of the process.
+ It is kept formal so as to establish good and proper
+ authority to act; otherwise, support and other
+ people in power may act without thought and with
+ damaging consequences.
+
-
+ A country may not have an Arbitration Act.
+ In that case, the parties should enter into
+ spirit of the forum.
+ If they choose to break that spirit,
+ they should also depart the community.
+
+
+ 4.3 Process and Flow
+
+
+To the extent reasonable, the Arbitrator conducts
+the arbitration as with any legal proceedings.
+This means that the process and style should follow
+legal tradition.
+
+
+
+However, the Arbitrator is unlikely to be trained in
+law. Hence, common sense must be applied, and the
+Arbitrator has wide latitude to rule on any particular
+motion, pleading, submission. The Arbitrator's ruling
+is final within the arbitration.
+
+
+
+Note also that many elements of legal proceedings are
+deliberately left out of the rules.
+
+
+
+
diff --git a/www/policy/NRPDisclaimerAndLicence.php b/www/policy/NRPDisclaimerAndLicence.php
index a630227..6dbc647 100644
--- a/www/policy/NRPDisclaimerAndLicence.php
+++ b/www/policy/NRPDisclaimerAndLicence.php
@@ -1,7 +1,7 @@
diff --git a/www/policy/OrganisationAssurancePolicy.php b/www/policy/OrganisationAssurancePolicy.php
new file mode 100644
index 0000000..ea10a1b
--- /dev/null
+++ b/www/policy/OrganisationAssurancePolicy.php
@@ -0,0 +1,379 @@
+
+
+
+Organisation Assurance Policy
+
+
+
+
+
+ OAP |
+ |
+ Jens |
+
+
+
+ POLICY m20070918.x |
+ |
+
+ $Date: 2008/01/18 22:56:31 $
+
+ |
+
+
+
+ COD11 |
+ |
+ |
+
+
+
+
+ |
+ Organisation Assurance Policy |
+ |
+
+
+
+
+
+
+ 0. Preliminaries
+
+
+This policy describes how Organisation Assurers ("OAs")
+conduct Assurances on Organisations.
+It fits within the overall web-of-trust
+or Assurance process of Cacert.
+
+
+
+This policy is not a Controlled document, for purposes of
+Configuration Control Specification ("CCS").
+
+
+ 1. Purpose
+
+
+Organisations with assured status can issue certificates
+directly with their own domains within.
+
+
+
+The purpose and statement of the certificate remains
+the same as with ordinary users (natural persons)
+and as described in the CPS.
+
+
+-
+ The organisation named within is identified.
+
-
+ The organisation has been verified according
+ to this policy.
+
-
+ The organisation is within the jurisdiction
+ and can be taken to Arbitration.
+
+
+
+ 2. Roles and Structure
+
+ 2.1 Assurance Officer
+
+
+The Assurance Officer ("AO")
+manages this policy and reports to the board.
+
+
+
+The AO manages all OAs and is responsible for process,
+the CAcert Organisation Assurance Programme form ("COAP"),
+OA training and testing, manuals, quality control.
+In these responsibilities, other Officers will assist.
+
+
+ 2.2 Organisation Assurers
+
+
+
+
+ -
+ An OA must be an experienced Assurer
+
+ - Have 150 assurance points.
+ - Be fully trained and tested on all general Assurance processes.
+
+
+ -
+ Must be trained as Organisation Assurer.
+
+ - Global knowledge: This policy.
+ - Global knowledge: A OA manual covers how to do the process.
+ - Local knowledge: legal forms of organisations within jurisdiction.
+ - Basic governance.
+ - Training may be done a variety of ways,
+ such as on-the-job, etc.
+
+
+ -
+ Must be tested.
+
+ - Global test: Covers this policy and the process.
+ - Local knowledge: Subsidiary Policy to specify.
+ - Tests to be created, approved, run, verified
+ by CAcert only (not outsourced).
+ - Tests are conducted manually, not online/automatic.
+ - Documentation to be retained.
+ - Tests may include on-the-job components.
+
+
+ -
+ Must be approved.
+
+ - Two supervising OAs must sign-off on new OA,
+ as trained, tested and passed.
+
+ - AO must sign-off on a new OA,
+ as supervised, trained and tested.
+
+
+
+
+
+
+ 2.3 Organisation Administrator
+
+
+The Administrator within each Organisation ("O-Admin")
+is the one who handles the assurance requests
+and the issuing of certificates.
+
+
+ -
+ O-Admin must be Assurer
+
+ - Have 100 assurance points.
+ - Fully trained and tested as Assurer.
+
+
+ -
+ Organisation is required to appoint O-Admin,
+ and appoint ones as required.
+
+ - On COAP Request Form.
+
+
+ -
+ O-Admin must work with an assigned OA.
+
+ - Have contact details.
+
+
+
+
+ 3. Policies
+
+ 3.1 Policy
+
+
+There is one policy being this present document,
+and several subsidiary policies.
+
+
+
+ - This policy authorises the creation of subsidiary policies.
+ - This policy is international.
+ - Subsidiary policies are implementations of the policy.
+ - Organisations are assured under an appropriate subsidiary policy.
+
+
+ 3.2 Subsidiary Policies
+
+
+The nature of the Subsidiary Policies ("SubPols"):
+
+
+-
+ SubPols are purposed to check the organisation
+ under the rules of the jurisdiction that creates the
+ organisation. This does not evidence an intention
+ by CAcert to
+ enter into the local jurisdiction, nor an intention
+ to impose the rules of that jurisdiction over any other
+ organisation.
+ CAcert assurances are conducted under the jurisdiction
+ of CAcert.
+
-
+ For OAs,
+ SubPol specifies the tests of local knowledge
+ including the local organisational forms.
+
-
+ For assurances,
+ SubPol specifies the local documentation forms
+ which are acceptable under this SubPol to meet the
+ standard.
+
-
+ SubPols are subjected to the normal
+ policy approval process.
+
+
+ 3.3 Freedom to Assemble
+
+
+Subsidiary Policies are open, accessible and free to enter.
+
+
+-
+ SubPols compete but are compatible.
+
-
+ No SubPol is a franchise.
+
-
+ Many will be on State or National lines,
+ reflecting the legal
+ tradition of organisations created
+ ("incorporated") by states.
+
-
+ However, there is no need for strict national lines;
+ it is possible to have 2 SubPols in one country, or one
+ covering several countries with the same language
+ (e.g., Austria with Germany, England with Wales but not Scotland).
+
-
+ There could also be SubPols for special
+ organisations, one person organisations,
+ UN agencies, churches, etc.
+
-
+ Where it is appropriate to use the SubPol
+ in another situation (another country?), it
+ can be so approved.
+ (e.g., Austrian SubPol might be approved for Germany.)
+ The SubPol must record this approval.
+
+
+
+ 4. Process
+
+ 4.1 Standard of Organisation Assurance
+
+The essential standard of Organisation Assurance is:
+
+
+-
+ the organisation exists
+
-
+ the organisation name is correct and consistent:
+
+ - in official documents specified in SubPol.
+ - on COAP form.
+ - in CAcert database.
+ - form or type of legal entity is consistent
+
+ -
+ signing rights:
+ requestor can sign on behalf of the organisation.
+
-
+ the organisation has agreed to the terms of the
+ Registered User Agreement,
+ and is therefore subject to Arbitration.
+
+
+
+ Acceptable documents to meet above standard
+ are stated in the SubPol.
+
+
+
+
+The COAP form documents the checks and the resultant
+assurance results to meet the standard.
+Additional information to be provided on form:
+
+
+-
+ CAcert account of O-Admin (email address?)
+
-
+ location:
+
+ - country (MUST).
+ - city (MUST).
+ - additional contact information (as required by SubPol).
+
+ -
+ administrator account names (1 or more)
+
-
+ domain name(s)
+
-
+ Agreement with registered user agreement.
+ Statement and initials box for organsation
+ and also for OA.
+
-
+ Date of completion of Assurance.
+ Records should be maintained for 7 years from
+ this date.
+
+
+
+The COAP should be in English. Where translations
+are provided, they should be matched to the English,
+and indication provided that the English is the
+ruling language (due to Arbitration requirements).
+
+
+ 4.3 Jurisdiction
+
+
+Organisation Assurances are carried out by
+CAcert Inc under its Arbitration jurisdiction.
+Actions carried out by OAs are under this regime.
+
+
+-
+ The organisation has agreed to the terms of the
+ Registered User Agreement,
+
-
+ The organisation, the Organisation Assurers, CAcert and
+ other related parties are bound into CAcert's jurisdiction
+ and dispute resolution.
+
-
+ The OA is responsible for ensuring that the
+ organisation reads, understands, intends and
+ agrees to the registered user agreement.
+ This OA responsibility should be recorded on COAP
+ (statement and initials box).
+
+
+ 5. Exceptions
+
+
+-
+ Conflicts of Interest.
+ An OA must not assure an organisation in which
+ there is a close or direct relationship by, e.g.,
+ employment, family, financial interests.
+ Other conflicts of interest must be disclosed.
+
-
+ Trusted Third Parties.
+ TTPs are not generally approved to be part of
+ organisation assurance,
+ but may be approved by subsidiary policies according
+ to local needs.
+
-
+ Exceptional Organisations.
+ (e.g., Vatican, International Space Station, United Nations)
+ can be dealt with as a single-organisation
+ SubPol.
+ The OA creates the checks, documents them,
+ and subjects them to to normal policy approval.
+
-
+ DBA.
+ Alternative names for organisations
+ (DBA, "doing business as")
+ can be added as long as they are proven independently.
+ E.g., registration as DBA or holding of registered trade mark.
+ This means that the anglo law tradition of unregistered DBAs
+ is not accepted without further proof.
+
+
|