From 79129197a9884e12ce359ef4504f7a768a612594 Mon Sep 17 00:00:00 2001
From: root <root@www.cacert.org>
Date: Fri, 18 Jan 2008 22:56:31 +0000
Subject: [PATCH] Added new licenses

---
 www/policy/CAcertCommunityAgreement.php    | 512 +++++++++++++++++
 www/policy/DisputeResolutionPolicy.php     | 639 +++++++++++++++++++++
 www/policy/NRPDisclaimerAndLicence.php     |   2 +-
 www/policy/OrganisationAssurancePolicy.php | 379 ++++++++++++
 4 files changed, 1531 insertions(+), 1 deletion(-)
 create mode 100644 www/policy/CAcertCommunityAgreement.php
 create mode 100644 www/policy/DisputeResolutionPolicy.php
 create mode 100644 www/policy/OrganisationAssurancePolicy.php

diff --git a/www/policy/CAcertCommunityAgreement.php b/www/policy/CAcertCommunityAgreement.php
new file mode 100644
index 0000000..4725355
--- /dev/null
+++ b/www/policy/CAcertCommunityAgreement.php
@@ -0,0 +1,512 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head><title>CAcert Community Agreement</title></head>
+<body>
+
+
+
+
+<h3> <a name="0"> 0. </a>  Introduction </h3>
+
+<p>
+This agreement is between
+you, being a registered member ("Member")
+within CAcert's community at large ("Community")
+and CAcert Incorporated ("CAcert"),
+being an operator of services to the Community.
+</p>
+
+<h4> <a name="0.1"> 0.1 </a>  Terms </h4>
+<ol><li>
+    "CAcert"
+    means CAcert Inc.,
+    a non-profit Association of Members incorporated in
+    New South Wales, Australia.
+    Note that Association Members are distinct from
+    the Members defined here.
+  </li><li>
+    "Member"
+    means you, a registered participant within CAcert's Community,
+    with an account on the website and the
+    facility to request certificates.
+    Members may be individuals ("natural persons")
+    or organisations ("legal persons").
+  </li><li>
+    "Organisation"
+    is defined under the Organisation Assurance programme,
+    and generally includes corporations and other entities
+    that become Members and become Assured.
+  </li><li>
+    "Community"
+    means all of the Members
+    that are registered by this agreement
+    and other parties by other agreements,
+    all being under CAcert's Arbitration.
+  </li><li>
+    "Non-Related Person" ("NRP"),
+    being someone who is not a
+    Member, is not part of the Community,
+    and has not registered their agreement.
+    Such people are offered the NRP-DaL
+    another agreement allowing the USE of certificates.
+  </li><li>
+    "Non-Related Persons - Disclaimer and Licence" ("NRP-DaL"),
+    another agreement that is offered to persons outside the
+    Community.
+  </li><li>
+    "Arbitration"
+    is the Community's forum for
+    resolving disputes, or jurisdiction.
+  </li><li>
+    "Dispute Resolution Policy" ("DRP" => COD7)
+    is the policy and
+    rules for resolving disputes.
+  </li><li>
+    "USE"
+    means the act by your software
+    to conduct its tasks, incorporating
+    the certificates according to software procedures.
+  </li><li>
+    "RELY"
+    means your human act in taking on a
+    risk and liability on the basis of the claim(s)
+    bound within a certificate.
+  </li><li>
+    "OFFER"
+    means the your act
+    of making available your certificate to another person.
+    Generally, you install and configure your software
+    to act as your agent and facilite this and other tasks.
+    OFFER does not imply suggestion of reliance.
+  </li><li>
+    "Issue"
+    means creation of a certificate by CAcert.
+    To create a certificate,
+    CAcert affixes a digital signature from the root
+    onto a public key and other information.
+    This act would generally bind a statement or claim,
+    such as your name, to your key.
+  </li><li>
+    "Root"
+    means CAcert's top level key,
+    used for signing certificates for Members.
+    In this document, the term includes any subroots.
+  </li><li>
+    "CAcert Official Document" ("COD" => COD3)
+    in a standard format for describing the details of
+    operation and governance essential to a certificate authority.
+    Changes are managed and controlled.
+    CODs define more technical terms.
+    See 4.2 for listing of relevant CODs.
+  </li><li>
+    "Certification Practice Statement" ("CPS" => COD6)
+    is the document that controls details
+    about operational matters within CAcert.
+</li></ol>
+
+
+<h3> <a name="1"> 1. </a>  Agreement and Licence </h3>
+
+<h4> <a name="1.1"> 1.1 </a>  Agreement </h4>
+
+<p>
+You and CAcert both agree to the terms and conditions
+in this agreement.
+Your agreement is given by any of
+</p>
+
+<ul><li>
+    your signature on a form to request assurance of identity
+    ("CAP" form),
+  </li><li>
+    your request on the website
+    to join the Community and create an account,
+  </li><li>
+    your request for Organisation Assurance,
+  </li><li>
+    your request for issuing of certificates, or
+  </li><li>
+    if you USE, RELY, or OFFER
+    any certificate issued to you.
+</li></ul>
+
+<p>
+Your agreement
+is effective from the date of the first event above
+that makes this agreement known to you.
+This Agreement
+replaces and supercedes prior agreements,
+including the NRP-DaL.
+</p>
+
+
+<h4> <a name="1.2"> 1.2 </a>  Licence </h4>
+
+<p>
+As part of the Community, CAcert offers you these rights:
+</p>
+
+<ol><li>
+    You may USE any certificates issued by CAcert.
+  </li><li>
+    You may RELY on any certificate issued by CAcert,
+    as explained and limited by CPS (COD6).
+  </li><li>
+    You may OFFER certificates issued to you by CAcert
+    to Members for their RELIANCE.
+  </li><li>
+    You may OFFER certificates issued to you by CAcert
+    to NRPs for their USE, within the general principles
+    of the Community.
+  </li><li>
+    This Licence is free of cost,
+    non-exclusive, and non-transferrable.
+</li></ol>
+
+<h4> <a name="1.3"> 1.3 </a>  Your Contributions </h4>
+
+
+<p>
+You agree to a non-exclusive non-restrictive non-revokable
+transfer of Licence to CAcert for your contributions.
+That is, if you post an idea or comment on a CAcert forum,
+or email it to other Members,
+your work can be used freely by the Community for
+CAcert purposes, including placing under CAcert's licences
+for wider publication.
+</p>
+
+<p>
+You retain authorship rights, and the rights to also transfer
+non-exclusive rights to other parties.
+That is, you can still use your
+ideas and contributions outside the Community.
+</p>
+
+<p>
+Note that the following exceptions override this clause:
+</p>
+
+<ol><li>
+    Contributions to controlled documents are subject to
+    Policy on Policy ("PoP" => COD1)
+  </li><li>
+    Source code is subject to an open source licence regime.
+</li></ol>
+
+<h4> <a name="1.4"> 1.4 </a>  Privacy </h4>
+
+
+<p>
+You give rights to CAcert to store, verify and process
+and publish your data in accordance with policies in force.
+These rights include shipping the data to foreign countries
+for system administration, support and processing purposes.
+Such shipping will only be done among
+CAcert Community administrators and Assurers.
+</p>
+
+<p>
+Privacy is further covered in the Privacy Policy ("PP" => COD5).
+</p>
+
+<h3> <a name="2"> 2. </a>  Your Risks, Liabilities and Obligations </h3>
+
+<p>
+As a Member, you have risks, liabilities
+and obligations within this agreement.
+</p>
+
+<h4> <a name="2.1"> 2.1 </a>  Risks </h4>
+
+<ol><li>
+    A certificate may prove unreliable.
+  </li><li>
+    Your account, keys or other security tools may be
+    lost or otherwise compromised.
+  </li><li>
+    You may find yourself subject to Arbitration
+    (DRP => COD7).
+</li></ol>
+
+<h4> <a name="2.2"> 2.2 </a>  Liabilities </h4>
+
+<ol><li>
+    You are liable for any penalties
+    as awarded against you by the Arbitrator.
+  </li><li>
+    Remedies are as defined in the DRP (COD7).
+    An Arbitrator's ruling may
+    include monetary amounts, awarded against you.
+  </li><li>
+    Your liability is limited to
+    a total maximum of
+    <b>1000 Euros</b>.
+  </li><li>
+    "Foreign Courts" may assert jurisdiction.
+    These include your local courts, and are outside our Arbitration.
+    Foreign Courts will generally refer to the Arbitration
+    Act of their country, which will generally refer
+    civil cases to Arbitration.
+    The Arbitration Act will not apply to criminal cases.
+</li></ol>
+
+<h4> <a name="2.3"> 2.3 </a>  Obligations </h4>
+
+<p>
+    You are obliged
+</p>
+
+<ol><li>
+    to provide accurate information
+    as part of Assurance.
+    You give permission for verification of the information
+    using CAcert-approved methods.
+  </li><li>
+    to make no false representations.
+  </li><li>
+    to submit all your disputes to Arbitration
+    (DRP => COD7).
+</li></ol>
+
+<h4> <a name="2.4"> 2.4 </a>  Principles </h4>
+
+<p>
+As a Member of CAcert, you are a member of
+the Community.
+    You are further obliged to 
+    work within the spirit of the Principles
+    of the Community.
+    These are described in
+    <a href="http://svn.cacert.org/CAcert/principles.html">Principles of the Community</a>.
+</p>
+
+<h4> <a name="2.5"> 2.5 </a>  Security </h4>
+<p>
+CAcert exists to help you to secure yourself.
+You are primarily responsible for your own security.
+Your security obligations include
+</p>
+
+<ol><li>
+    to secure yourself and your computing platform (e.g., PC),
+  </li><li>
+    to keep your email account in good working order,
+  </li><li>
+    to secure your CAcert account
+    (e.g., credentials such as username, password),
+  </li><li>
+    to secure your private keys,
+  </li><li>
+    to review certificates for accuracy,
+    and
+  </li><li>
+    when in doubt, notify CAcert,
+  </li><li>
+    when in doubt, take other reasonable actions, such as
+    revoking certificates,
+    changing account credentials,
+    and/or generating new keys.
+</li></ol>
+
+<p>
+Where, above, 'secure' means to protect to a reasonable
+degree, in proportion with your risks and the risks of
+others.
+</p>
+
+<h3> <a name="3"> 3. </a>  Law and Jurisdiction </h3>
+
+<h4> <a name="3.1"> 3.1 </a>  Governing Law </h4>
+
+<p>
+This agreement is governed under the law of
+New South Wales, Australia,
+being the home of the CAcert Inc. Association.
+</p>
+
+<h4> <a name="3.2"> 3.2 </a>  Arbitration as Forum of Dispute Resolution </h4>
+
+<p>
+You agree, with CAcert and all of the Community,
+that all disputes arising out
+of or in connection to our use of CAcert services
+shall be referred to and finally resolved
+by Arbitration under the rules within the
+Dispute Resolution Policy of CAcert
+(DRP => COD7).
+The rules select a single Arbitrator chosen by CAcert
+from among senior Members in the Community.
+The ruling of the Arbitrator is binding and
+final on Members and CAcert alike.
+</p>
+
+<p>
+In general, the jurisdiction for resolution of disputes
+is within CAcert's own forum of Arbitration,
+as defined and controlled by its own rules (DRP => COD7).
+</p>
+
+<p>
+We use Arbitration for many purposes beyond the strict
+nature of disputes, such as governance and oversight.
+A systems administrator may
+need authorisation to conduct a non-routine action,
+and Arbitration may provide that authorisation.
+Thus, you may find yourself party to Arbitration
+that is simply support actions, and you may file disputes in
+order to initiate support actions.
+</p>
+
+<h4> <a name="3.3"> 3.3 </a>  Termination </h4>
+<p>
+You may terminate this agreement by resigning
+from CAcert.  You may do this at any time by
+writing to CAcert's online support forum and
+filing dispute to resign.
+All services will be terminated, and your
+certificates will be revoked.
+However, some information will continue to
+be held for certificate processing purposes.
+</p>
+
+<p>
+The provisions on Arbitration survive any termination
+by you by leaving CAcert.
+That is, even if you resign from CAcert,
+you are still bound by the DRP (COD7),
+and the Arbitrator may reinstate any provision of this
+agreement or bind you to a ruling.
+</p>
+
+<p>
+Only the Arbitrator may terminate this agreement with you.
+</p>
+
+<h4> <a name="3.4"> 3.4 </a>  Changes of Agreement </h4>
+
+<p>
+CAcert may from time to time vary the terms of this Agreement.
+Changes will be done according to the documented CAcert policy
+for changing policies, and is subject to scrutiny and feedback
+by the Community.
+Changes will be notified to you by email to your primary address.
+</p>
+
+<p>
+If you do not agree to the changes, you may terminate as above.
+Continued use of the service shall be deemed to be agreement
+by you.
+</p>
+
+<h4> <a name="3.5"> 3.5 </a>  Communication </h4>
+
+<p>
+Notifications to CAcert are to be sent by
+email to the address
+<b>support</b> <i>at</i> CAcert.org.
+You should attach a digital signature,
+but need not do so in the event of security
+or similar urgency.
+</p>
+
+<p>
+Notifications to you are sent
+by CAcert to the primary email address
+registered with your account.
+You are responsible for keeping your email
+account in good working order and able
+to receive emails from CAcert.
+</p>
+
+<p>
+Arbitration is generally conducted by email.
+</p>
+
+<h3> <a name="4"> 4. </a> Miscellaneous </h3>
+
+<h4> <a name="4.1"> 4.1 </a>  Other Parties Within the Community </h4>
+
+<p>
+As well as you and other Members in the Community,
+CAcert forms agreements with third party
+vendors and others.
+Thus, such parties will also be in the Community.
+Such agreements are also controlled by the same
+policy process as this agreement, and they should
+mirror and reinforce these terms.
+</p>
+
+
+<h4> <a name="4.2"> 4.2 </a>  References and Other Binding Documents </h4>
+
+<p>
+This agreement is CAcert Official Document 9 (COD9)
+and is a controlled document.
+</p>
+
+<p>
+You are also bound by
+</p>
+
+<ol><li>
+    <a href="http://svn.cacert.org/CAcert/policy.htm">
+    Certification Practice Statement</a> (CPS => COD6).
+  </li><li>
+    <a href="http://svn.cacert.org/CAcert/dispute_resolution.html">
+    Dispute Resolution Policy</a> (DRP => COD7).
+  </li><li>
+    <a href="http://www.cacert.org/index.php?id=10">
+    Privacy Policy</a> (PP => COD5).
+  </li><li>
+    <a href="http://svn.cacert.org/CAcert/principles.html">
+    Principles of the Community</a>.
+</li></ol>
+
+<p>
+Where documents are referred to as <i>=> COD x</i>,
+they are controlled documents
+under the control of Policy on Policies (COD1).
+</p>
+
+<p>
+This agreement and controlled documents above are primary,
+and may not be replaced or waived except
+by formal policy channels and by Arbitration.
+</p>
+
+<h4> <a name="4.3"> 4.3 </a>  Informative References </h4>
+
+<p>
+The governing documents are in English.
+Documents may be translated for convenience.
+Because we cannot control the legal effect of translations,
+the English documents are the ruling ones.
+</p>
+
+<p>
+You are encouraged to be familiar with the
+Assurer Handbook,
+which provides a more readable introduction for much of
+the information needed.
+The Handbook is not however an agreement, and is overruled
+by this agreement and others listed above.
+</p>
+
+<h4> <a name="4.4"> 4.4 </a>  Not Covered in this Agreement </h4>
+
+<p>
+<b>Intellectual Property.</b>
+This Licence does not transfer any intellectual
+property rights ("IPR") to you.  CAcert asserts and
+maintains its IPR over its roots, issued certificates,
+brands, logos and other assets.
+Note that the certificates issued to you
+are CAcert's intellectual property
+and you do not have rights other than those stated.
+</p>
+
+
+</body>
+</html>
diff --git a/www/policy/DisputeResolutionPolicy.php b/www/policy/DisputeResolutionPolicy.php
new file mode 100644
index 0000000..8b103d3
--- /dev/null
+++ b/www/policy/DisputeResolutionPolicy.php
@@ -0,0 +1,639 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head>
+<title>Dispute Resulution Policy</title>
+</head>
+<body>
+
+<table width="100%">
+
+<tr>
+<td> DRP </td>
+<td> </td>
+<td width="20%"> Teus Hagen </td>
+</tr>
+
+<tr>
+<td> POLICY&nbsp;<a href="http://wiki.cacert.org/wiki/TopMinutes-20070917">m20070919.3</a> </td>
+<td>  </td>
+<td>
+  $Date: 2008/01/18 22:56:31 $
+  <!--
+     to get this to work, we have to do this:
+       svn propset svn:keywords "Date" PolicyOnPolicy.html
+     except it does not work through the website.
+   -->
+</td>
+</tr>
+
+<tr>
+<td> COD7 </td>
+<td> </td>
+<td> <!-- contributors --> </td>
+</tr>
+
+
+<tr> <!-- title only -->
+<td> </td>
+<td > <b>Dispute&nbsp;Resolution&nbsp;Policy</b> </td>
+<td> </td>
+</tr>
+
+</table>
+
+
+<h2> <a name="0"> 0. </a> Introduction</h2>
+
+<p>
+This is the Dispute Resolution Policy for CAcert.
+Disputes arising out of
+operations by CAcert and interactions between
+users may be addressed through this policy.
+This document also presents the rules for
+resolution of disputes.
+</p>
+
+<h3> <a name="0.1"> 0.1 </a> Nature of Disputes </h3>
+
+<p>
+Disputes include:
+</p>
+
+<ul><li>
+    Requests for non-routine support actions.
+    CAcert support team has no authority to
+    act outside the normal support facilities made
+    available to Users;
+  </li><li>
+    Classical disputes where a User or another
+    assert claims and demand remedies;
+  </li><li>
+    Requests by external organisations, including
+    legal processes from foreign courts;
+  </li><li>
+    Events initiated for training purposes.
+</li></ul>
+
+<h2> <a name="1"> 1. </a> Filing</h2>
+
+<h3> <a name="1.1"> 1.1 </a> Filing Party</h3>
+<p>
+Anyone may file a dispute.
+In filing, they become <i>Claimants</i>.
+</p>
+
+<h3> <a name="1.2">1.2 </a> Channel for Filing</h3>
+
+<p>
+Disputes are filed by being sent to the normal
+support channel of CAcert,
+and a fee may be payable.
+</p>
+
+<p>
+Such fees as are imposed on filing will be specified
+on the dispute resolution page of the website.
+</p>
+
+<h3> <a name="1.3">1.3 </a> Case Manager</h3>
+<p>
+The Case Manager (CM) takes control of the filing.
+</p>
+
+<ol><li>
+    CM makes an initial determination as
+    to whether this filing is a dispute
+    for resolution, or it is a request
+    for routine support.
+  </li><li>
+    CM logs the case and establishes such
+    documentation and communications support as is customary.
+  </li><li>
+    If any party acts immediately on the filing
+    (such as an urgent security action),
+    the CM names these parties to the case.
+  </li><li>
+    CM selects the Arbitrator.
+</li></ol>
+
+<p>
+The personnel within the CAcert support team
+are Case Managers, by default, or as directed
+by the Dispute Resolution Officer.
+</p>
+
+<h3> <a name="1.4">1.4 </a> Contents</h3>
+<p>
+The filing must specify:
+</p>
+
+<ul><li>
+    The filing party(s), being the <i>Claimant(s)</i>.
+  </li><li>
+    The party(s) to whom the complaint is addressed to,
+    being the <i>Respondent(s)</i>.
+    This will be CAcert in the
+    case of requests for support actions.
+    It may be a User (possibly unidentified) in the
+    case where one User has given rise to a complaint against another.
+  </li><li>
+    The <i>Complaint</i>.
+    For example, a trademark has been infringed,
+    privacy has been breached,
+    or a user has defrauded using a certificate.
+  </li><li>
+    The action(s) requested by the filing party
+    (technically, called the <i>relief</i>).
+    For example, to delete an account,
+    to revoke a certificate, or to stop a
+    trademark infringement.
+</li></ul>
+
+<p>
+If the filing is inadequate for lack of information
+or for format, the Case Manager
+may refile with the additional information,
+attaching the original messages.
+</p>
+
+<h3> <a name="1.5">1.5 </a> The Arbitrator</h3>
+
+<p>
+The Case Manager selects the Arbitrator according
+to the mechanism managed by the Dispute Resolution Officer
+and approved from time to time.
+This mechanism is to maintain a list of Arbitrators available for
+dispute resolution.
+Each selected Arbitrator has the right to decline the dispute,
+and should decline a dispute with which there exists a conflict
+of interest.
+The reason for declining should be stated.
+If no Arbitrator accepts the dispute, the case is
+closed with status "declined."
+</p>
+
+<p>
+Arbitrators are experienced Assurers of CAcert.
+They should be independent and impartial, including
+of CAcert itself where it becomes a party.
+</p>
+
+<h2> <a name="2"> 2. </a> The Arbitration</h2>
+
+
+<h3> <a name="2.1">2.1 </a>  Authority</h3>
+
+<p>
+The Board of CAcert and the Users vest in Arbitrators
+full authority to hear disputes and deliver rulings
+which are binding on CAcert and the Users.
+</p>
+
+
+<h3> <a name="2.2">2.2 </a>  Preliminaries</h3>
+
+<p>
+The Arbitrator conducts some preliminaries:
+</p>
+
+<ul><li>
+   The Arbitrator reviews the available documentation
+   and affirms the rules of dispute resolution.
+   Jurisdiction is established, see below.
+  </li><li>
+   The Arbitrator affirms the governing law (NSW, Australia).
+   The Arbitrator may select local law and local
+   procedures where Claimants and all Respondents
+   agree, are under such jurisdiction, and it is deemed
+   more appropriate.
+   However, this is strictly limited to those parties,
+   and especially, CAcert and other parties
+   remains under the governing law.
+  </li><li>
+   The Arbitrator reviews the Respondents and Claimants
+   with a view to dismissal or joining of additional parties.
+   E.g., support personel may be joined if emergency action was
+   taken.
+  </li><li>
+   Any parties that are not Users and are not bound
+   by the CPS are given the opportunity to enter into
+   CAcert and be bound by the CPS and these rules of arbitration.
+   If these Non-Related Persons (NRPs) remain outside,
+   their rights and remedies under CAcert's policies
+   and forum are strictly limited to that specified in the
+   Non-Related Persons -- Disclaimer and Licence.
+   NRPs may proceed with Arbitration subject to preliminary orders
+   of the Arbitrator.
+  </li><li>
+   Participating Users may not resign until the completion of the case.
+  </li><li>
+   The Arbitrator confirms that all parties accept
+   the forum of dispute resolution.
+   This is especially important where a User might be
+   in a country with no Arbitration Act in law, or
+   where there is reason to believe that a party might
+   go to an external court.
+  </li><li>
+   The Arbitrator confirms that parties are representing
+   themselves.  Parties are entitled to be legally
+   represented, but are not encouraged to do so,
+   bearing in mind the volunteer nature of the
+   organisation and the size of the dispute.
+   If they do so they must declare such, including any
+   changes.
+  </li><li>
+   The Arbitrator may appoint experienced Assurers
+   to assist and represent parties, especially for NRPs.
+   The Case Manager must not to provide such assistance.
+  </li><li>
+   The Arbitrator is bound to maintain the balance
+   of legal fairness.
+  </li><li>
+   The Arbitrator may make any preliminary orders,
+   including protection orders and orders referring
+   to emergency actions already taken.
+  </li><li>
+   The Arbitrator may request any written pleadings,
+   counterclaim, and/or statements of defence.
+</li></ul>
+
+
+<h3> <a name="2.3">2.3 </a>  Jurisdiction </h3>
+
+<p>
+Jurisidiction - the right or power to hear and rule on
+disputes - is initially established by clauses in the
+User agreements for all CAcert Users.
+The agreement must establish:
+</p>
+
+<ul><li>
+    That all Parties agree to binding Arbitration
+    in CAcert's forum of dispute resolution;
+  </li><li>
+    for all disputes relating to activities within
+    CAcert, issued certificates, roles and actions, etc;
+  </li><li>
+    as defined by these rules, including the selection
+    of a single Arbitrator;
+  </li><li>
+    under the Law of NSW, Australia;  and
+  </li><li>
+    the Parties keep email accounts in good working order.
+</li></ul>
+
+<p>
+An external court may have ("assert") jurisdiction to decide on
+issues such as trademark, privacy, contract and fraud,
+and may do so with legal remedies.
+These are areas where jurisdiction may need
+to be considered carefully:
+</p>
+
+<ul><li>
+    Where NRPs, being not members of CAcert and not
+    bound by agreement, are parties to the dispute.
+    E.g., intellectual property disputes may involve
+    NRPs and their trademarks;
+  </li><li>
+    criminal actions or actions likely to result in criminal
+    proceedings,
+    e.g., fraud;
+  </li><li>
+    Contracts between Users that were formed without
+    a clause to seek arbitration in the forum;
+  </li><li>
+    Areas where laws fall outside the Arbitration Act,
+    such as privacy;
+  </li><li>
+    Legal process (subpoenas, etc) delivered by
+    an external court of "competent jurisdiction."
+</li></ul>
+
+<p>
+The Arbitrator must consider jurisdiction and rule on a
+case by case basis whether jurisdiction is asserted,
+either wholly or partially, or declines to hear the case.
+In the event of asserting
+jurisdiction, and a NRP later decides to pursue rights in
+another forum, the Arbitrator should seek the agreement
+of the NRP to file the ruling as part of the new case.
+</p>
+
+<h3> <a name="2.4">2.4 </a>  Basis in Law </h3>
+
+<p>
+Each country generally has an Arbitration Act
+that elevates Arbitration as a strong dispute
+resolution forum.
+The Act generally defers to Arbitration
+if the parties have so agreed.
+That is, as Users of CAcert, you agree to resolve
+all disputes before CAcert's forum.
+This is sometimes called <i>private law</i>
+or <i>alternative dispute resolution</i>.
+</p>
+
+<p>
+As a matter of public policy, courts will generally
+refer any case back to Arbitration.
+Users should understand that they will have
+strictly limited rights to ask the courts to
+seek to have a case heard or to override a Ruling.
+</p>
+
+
+<h3> <a name="2.5">2.5 </a>  External Courts </h3>
+
+<p>
+    When an external court claims and asserts its jurisdiction,
+    and issues a court order, subpoena or other service to CAcert,
+    the CM files the order as a dispute, with the external court
+    as <i>Claimant</i>.
+    The CM and other support staff are granted no authority to
+    act on the basis of any court order, and ordinarily
+    must await the order of the Arbitrator
+    (which might simply be a repeat of the external court order).
+</p>
+
+<p>
+    The Arbitrator establishes the bona fides of the
+    court, and rules.
+    The Arbitrator may rule to reject the order,
+    for jurisdiction or other reasons.
+    By way of example, if all Parties are registered Users,
+    then jurisdiction more normally falls within the forum.
+    If the Arbitrator rules to reject,
+    he should do so only after consulting with CAcert counsel.
+    The Arbitrator's jurisidiction is ordinarily that of
+    dealing with the order, and
+    not that which the external court has claimed to.
+</p>
+
+
+<h3> <a name="2.6">2.6 </a>  Process</h3>
+
+<p>
+The Arbitrator follows the procedure:
+</p>
+
+
+<ol><li>
+    Establish the facts.
+    The Arbitrator collects the evidence from the parties.
+    The Arbitrator may order CAcert or Users under
+    jurisdiction to provide support or information.
+    The Arbitrator may use email, phone or face-to-face
+    meetings as proceedings.
+  </li><li>
+    Apply the Rules of Dispute Resolution,
+    the policies of CAcert and the governing law.
+    The Arbitrator may request that the parties
+    submit their views.
+    The Arbitrator also works to the mission of CAcert,
+    the benefit of all Users, and the community as a whole.
+    The Arbitrator may any assistance.
+  </li><li>
+    Makes a considered Ruling.
+</li></ol>
+
+<h2> <a name="3"> 3. </a> The Ruling</h2>
+
+<h3> <a name="3.1">3.1 </a>  The Contents </h3>
+
+<p>
+The Arbitrator records:
+</p>
+
+<ol><li>
+   The Identification of the Parties,
+  </li><li>
+   The Facts,
+  </li><li>
+   The logic of the rules and law,
+  </li><li>
+   The directions and actions to be taken by each party
+   (the ruling).
+  </li><li>
+   The date and place that the ruling is rendered.
+</li></ol>
+
+
+<h3> <a name="3.2">3.2 </a>  Process </h3>
+<p>
+Once the Ruling is delivered, the case is closed.
+The Case Manager is responsible for recording the
+Ruling, publishing it, and advising users.
+</p>
+
+<p>
+Proceedings are ordinarily private.
+The Ruling is ordinarily published,
+within the bounds of the Privacy Policy.
+The Ruling is written in English.
+</p>
+
+<p>
+Only under exceptional circumstances can the
+Arbitrator declare the Ruling private <i>under seal</i>.
+Such a declaration must be reviewed in its entirety
+by the Board,
+and the Board must confirm or deny that declaration.
+If it confirms, the existance of any Rulings under seal
+must be published to the Users in a timely manner
+(within days).
+</p>
+
+<h3> <a name="3.3">3.3 </a>  Binding and Final </h3>
+
+<p>
+The Ruling is binding and final on CAcert and all Users.
+Ordinarily, all Users agree to be bound by this dispute
+resolution policy.  Users must declare in the Preliminaries
+any default in agreement or binding.
+</p>
+
+<p>
+If a person who is not a User is a party to the dispute,
+then the Ruling is not binding and final on that person,
+but the Ruling must be presented in filing any dispute
+in another forum such as the person's local courts.
+</p>
+
+<h3> <a name="3.4">3.4 </a>  Re-opening the Case or Appeal </h3>
+
+<p>
+In the case of clear injustices, egregious behaviour or
+unconscionable Rulings, parties may seek to re-open the
+case by filing a dispute.  The new Arbitrator
+reviews the new dispute,
+re-examines and reviews the entire case, then rules on
+whether the case may be re-opened or not.
+</p>
+
+<p>
+If the new Arbitrator rules the case be re-opened,
+then it is referred to the Board of CAcert Inc.
+The Board hears the case and delivers a final
+and binding Ruling.
+</p>
+
+<h3> <a name="3.5">3.5 </a>  Liability </h3>
+
+<p>
+All liability of the Arbitrator for any act in
+connection with deciding a dispute is excluded
+by all parties, provided such act does not constitute
+an intentional breach of duty.
+All liability of the Arbitrators, CAcert, its officers and its
+employees (including Case Manager)
+for any other act or omission in connection with
+arbitration proceedings is excluded, provided such acts do not
+constitute an intentional or grossly negligent breach of duty.
+</p>
+
+<p>
+The above provisions may only be overridden by
+appeal process (by means of a new dispute causing
+referral to the Board).
+</p>
+
+<h3> <a name="3.6">3.6 </a>  Remedies </h3>
+
+<p>
+The Arbitrator generally instructs using internal remedies,
+that is ones that are within the general domain of CAcert,
+but there are some external remedies at his disposal.
+He may rule and instruct any of the parties on these issues.
+</p>
+
+<ul><li>
+    "community service" typically including
+    <ul><li>
+        attend and assure people at trade shows / open source gatherings,
+      </li><li>
+        writing documentation
+      </li><li>
+        serve in role - support, dispute arbitration
+    </li></ul>
+    or others as decided.
+
+  </li><li>
+    Fined by loss of assurance points, which may result
+    in losing Assurer or Assured status.
+
+  </li><li>
+    Retraining in role.
+
+  </li><li>
+    Revoking of any certificates.
+
+  </li><li>
+    Monetary fine up to the liability cap established for
+    each party as described in the Registered User Agreement.
+
+  </li><li>
+    Exclusion from community.
+
+  </li><li>
+    Reporting to applicable authorities.
+
+  </li><li>
+    Changes to policies and procedures.
+
+</li></ul>
+
+<p>
+The Arbitrator is not limited within the general domain
+of CAcert, and may instruct novel remedies as seen fit.
+Novel remedies outside the domain may be routinely
+confirmed by the Board by way of appeals process,
+in order to establish precedent.
+</p>
+
+<h2> <a name="4"> 4. </a> Appendix</h2>
+
+
+<h3> <a name="4.1">4.1 </a>  The Advantages of this Forum </h3>
+<p>
+The advantage of this process for Users is:
+</p>
+
+<ul><li>
+    CAcert and Users operate across many jurisdictions.
+    Arbitration allows us to select a single set of
+    rules across all jurisdictions.
+  </li><li>
+    Arbitration allows CAcert to appropriately separate
+    out the routine support actions from difficult dispute
+    actions.  Support personnel have no authority to
+    act, the appropriately selected Arbitrator has all
+    authority to act.
+    Good governance is thus maintained.
+  </li><li>
+    This forum allows CAcert Users to look after themselves
+    in a community, without exposing each other to potentially
+    disastrous results in strange courts from foreign lands.
+  </li><li>
+    By volunteering to resolve things "in-house" the costs
+    are reduced.
+  </li><li>
+    Even simple support issues such as password changing
+    can be improved by treating as a dispute.  A clear
+    chain of request, analysis, ruling and action can be established.
+  </li><li>
+    CAcert Assurers can develop the understanding and the rules
+    for sorting out own problems far better than courts or
+    other external agencies. 
+</li></ul>
+
+<h3> <a name="4.2">4.2 </a>  The Disadvantages of this Forum </h3>
+
+<p>
+Some disadvantages exist.
+</p>
+
+<ul><li>
+     Users may have their rights trampled over.
+     In such a case, the community should strive to
+     re-open the case and refer it to the board.
+  </li><li>
+     Users may feel overwhelmed by the formality
+     of the process.
+     It is kept formal so as to establish good and proper
+     authority to act;  otherwise, support and other
+     people in power may act without thought and with
+     damaging consequences.
+  </li><li>
+     A country may not have an Arbitration Act.
+     In that case, the parties should enter into
+     spirit of the forum.
+     If they choose to break that spirit,
+     they should also depart the community.
+</li></ul>
+
+<h3> <a name="4.3">4.3 </a>  Process and Flow </h3>
+
+<p>
+To the extent reasonable, the Arbitrator conducts
+the arbitration as with any legal proceedings.
+This means that the process and style should follow
+legal tradition.
+</p>
+
+<p>
+However, the Arbitrator is unlikely to be trained in
+law.  Hence, common sense must be applied, and the
+Arbitrator has wide latitude to rule on any particular
+motion, pleading, submission.  The Arbitrator's ruling
+is final within the arbitration.
+</p>
+
+<p>
+Note also that many elements of legal proceedings are
+deliberately left out of the rules.
+</p>
+
+</body>
+</html>
diff --git a/www/policy/NRPDisclaimerAndLicence.php b/www/policy/NRPDisclaimerAndLicence.php
index a630227..6dbc647 100644
--- a/www/policy/NRPDisclaimerAndLicence.php
+++ b/www/policy/NRPDisclaimerAndLicence.php
@@ -1,7 +1,7 @@
 <?php
 loadem("index");
 $id = intval($id);
-showheader(_("CAcert - Non-Related Persons - Disclaimer and Licence"));
+//showheader(_("CAcert - Non-Related Persons - Disclaimer and Licence"));
 ?>
 
 <table border="1" bgcolor="#EEEEEE"><tr><td>
diff --git a/www/policy/OrganisationAssurancePolicy.php b/www/policy/OrganisationAssurancePolicy.php
new file mode 100644
index 0000000..ea10a1b
--- /dev/null
+++ b/www/policy/OrganisationAssurancePolicy.php
@@ -0,0 +1,379 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head><title>Organisation Assurance Policy</title></head>
+<body>
+
+<table width="100%">
+
+<tr>
+<td> OAP </td>
+<td> </td>
+<td width="20%"> Jens  </td>
+</tr>
+
+<tr>
+<td> POLICY&nbsp;<a href="http://wiki.cacert.org/wiki/TopMinutes-20070917">m20070918.x</a> </td>
+<td>  </td>
+<td>
+  $Date: 2008/01/18 22:56:31 $
+  <!--
+     to get this to work, we have to do this:
+       svn propset svn:keywords "Date" file.html
+     except it does not work through the website.
+   -->
+</td>
+</tr>
+
+<tr>
+<td> COD11 </td>
+<td> </td>
+<td> </td>
+</tr>
+
+
+<tr>
+<td> </td>
+<td > <b>Organisation&nbsp;Assurance&nbsp;Policy</b> </td>
+<td> </td>
+</tr>
+
+</table>
+
+
+
+<h2> <a name="0"> 0. </a>  Preliminaries </h2>
+
+<p>
+This policy describes how Organisation Assurers ("OAs")
+conduct Assurances on Organisations.
+It fits within the overall web-of-trust
+or Assurance process of Cacert.
+</p>
+
+<p>
+This policy is not a Controlled document, for purposes of
+Configuration Control Specification ("CCS").
+</p>
+
+<h2> <a name="1"> 1. </a> Purpose </h2>
+
+<p>
+Organisations with assured status can issue certificates
+directly with their own domains within.
+</p>
+
+<p>
+The purpose and statement of the certificate remains
+the same as with ordinary users (natural persons)
+and as described in the CPS.
+</p>
+
+<ul><li>
+    The organisation named within is identified.
+  </li><li>
+    The organisation has been verified according
+    to this policy.
+  </li><li>
+    The organisation is within the jurisdiction
+    and can be taken to Arbitration.
+</li></ul>
+
+
+<h2> <a name="2"> 2. </a> Roles and Structure </h2> 
+
+<h3> <a name="2.1"> 2.1 </a> Assurance Officer </h3> 
+
+<p>
+The Assurance Officer ("AO")
+manages this policy and reports to the board.
+</p>
+
+<p>
+The AO manages all OAs and is responsible for process,
+the CAcert Organisation Assurance Programme form ("COAP"),
+OA training and testing, manuals, quality control.
+In these responsibilities, other Officers will assist.
+</p>
+
+<h3> <a name="2.2"> 2.2 </a> Organisation Assurers </h3> 
+
+<p>
+</p>
+
+<ol type="a"> <li>
+    An OA must be an experienced Assurer
+    <ol type="i">
+      <li>Have 150 assurance points.</li>
+      <li>Be fully trained and tested on all general Assurance processes.</li>
+    </ol>
+
+  </li><li>
+    Must be trained as Organisation Assurer.
+    <ol type="i">
+      <li> Global knowledge:  This policy. </li>
+      <li> Global knowledge:  A OA manual covers how to do the process.</li>
+      <li> Local knowledge:   legal forms of organisations within jurisdiction.</li>
+      <li> Basic governance. </li>
+      <li> Training may be done a variety of ways,
+           such as on-the-job, etc. </li>
+    </ol>
+
+  </li><li>
+    Must be tested.
+    <ol type="i">
+      <li> Global test:  Covers this policy and the process. </li>
+      <li> Local knowledge:   Subsidiary Policy to specify.</li>
+      <li> Tests to be created, approved, run, verified
+           by CAcert only (not outsourced). </li>
+      <li> Tests are conducted manually, not online/automatic. </li>
+      <li> Documentation to be retained. </li>
+      <li> Tests may include on-the-job components. </li>
+    </ol>
+
+  </li><li>
+    Must be approved.
+    <ol type="i">
+      <li> Two supervising OAs must sign-off on new OA,
+           as trained, tested and passed.
+           </li>
+      <li> AO must sign-off on a new OA,
+           as supervised, trained and tested.
+           </li>
+    </ol>
+</ol>
+
+
+
+<h3> <a name="2.3"> 2.3 </a> Organisation Administrator </h3> 
+
+<p>
+The Administrator within each Organisation ("O-Admin")
+is the one who handles the assurance requests
+and the issuing of certificates.
+</p>
+
+<ol type="a"> <li>
+    O-Admin must be Assurer
+    <ol type="i">
+      <li>Have 100 assurance points.</li>
+      <li>Fully trained and tested as Assurer.</li>
+    </ol>
+
+  </li><li>
+    Organisation is required to appoint O-Admin,
+    and appoint ones as required.
+    <ol type="i">
+      <li> On COAP Request Form.</li>
+    </ol>
+
+  </li><li>
+    O-Admin must work with an assigned OA.
+    <ol type="i">
+      <li> Have contact details.</li>
+    </ol>
+</ol>
+
+
+<h2> <a name="3"> 3. </a> Policies </h2> 
+
+<h3> <a name="3.1"> 3.1 </a> Policy </h3> 
+
+<p>
+There is one policy being this present document,
+and several subsidiary policies.
+</p>
+
+<ol type="a">
+  <li>  This policy authorises the creation of subsidiary policies. </li>
+  <li>  This policy is international. </li>
+  <li>  Subsidiary policies are implementations of the policy. </li>
+  <li>  Organisations are assured under an appropriate subsidiary policy. </li>
+</ol>
+
+<h3> <a name="3.2"> 3.2 </a> Subsidiary Policies </h3>
+
+<p>
+The nature of the Subsidiary Policies ("SubPols"):
+</p>
+
+<ol type="a"><li>
+    SubPols are purposed to check the organisation
+    under the rules of the jurisdiction that creates the
+    organisation.  This does not evidence an intention
+    by CAcert to
+    enter into the local jurisdiction, nor an intention
+    to impose the rules of that jurisdiction over any other
+    organisation.
+    CAcert assurances are conducted under the jurisdiction
+    of CAcert.
+  </li><li>
+    For OAs,
+    SubPol specifies the <i>tests of local knowledge</i>
+    including the local organisational forms.
+  </li><li>
+    For assurances,
+    SubPol specifies the <i>local documentation forms</i>
+    which are acceptable under this SubPol to meet the
+    standard.
+  </li><li>
+   SubPols are subjected to the normal 
+   policy approval process.
+</li></ol>
+
+<h3> <a name="">  </a> 3.3  Freedom to Assemble </h3>
+
+<p>
+Subsidiary Policies are open, accessible and free to enter. 
+</p>
+
+<ol type="a"><li>
+    SubPols compete but are compatible.
+  </li><li>
+    No SubPol is a franchise.
+  </li><li>
+    Many will be on State or National lines,
+    reflecting the legal
+    tradition of organisations created
+    ("incorporated") by states.
+  </li><li>
+    However, there is no need for strict national lines;
+    it is possible to have 2 SubPols in one country, or one
+    covering several countries with the same language
+    (e.g., Austria with Germany, England with Wales but not Scotland).
+  </li><li>
+    There could also be SubPols for special
+    organisations, one person organisations,
+    UN agencies, churches, etc.
+  </li><li>
+    Where it is appropriate to use the SubPol
+    in another situation (another country?), it
+    can be so approved.
+    (e.g., Austrian SubPol might be approved for Germany.)
+    The SubPol must record this approval.
+</li></ol>
+
+
+<h2> <a name="4"> 4. </a>  Process </h2>
+
+<h3> <a name="4.1"> 4.1 </a>  Standard of Organisation Assurance </h3>
+<p>
+The essential standard of Organisation Assurance is:
+</p>
+
+<ol type="a"><li>
+    the organisation exists
+  </li><li>
+    the organisation name is correct and consistent:
+    <ol type="i">
+      <li>in official documents specified in SubPol.</li>
+      <li>on COAP form.</li>
+      <li>in CAcert database.</li>
+      <li>form or type of legal entity is consistent</li>
+    </ol>
+  </li><li>
+    signing rights:
+    requestor can sign on behalf of the organisation.
+  </li><li>
+    the organisation has agreed to the terms of the
+    Registered User Agreement,
+    and is therefore subject to Arbitration.
+</li></ol>
+
+<p>
+    Acceptable documents to meet above standard
+    are stated in the SubPol.
+</p>
+
+<h3> <a name="4.2"> 4.2 </a>  COAP </h3>
+<p>
+The COAP form documents the checks and the resultant
+assurance results to meet the standard.
+Additional information to be provided on form:
+</p>
+
+<ol type="a"><li>
+    CAcert account of O-Admin (email address?)
+  </li><li>
+    location:
+    <ol type="i">
+      <li>country (MUST).</li>
+      <li>city (MUST).</li>
+      <li>additional contact information (as required by SubPol).</li>
+    </ol>
+  </li><li>
+    administrator account names (1 or more)
+  </li><li>
+    domain name(s)
+  </li><li>
+    Agreement with registered user agreement.
+    Statement and initials box for organsation
+    and also for OA.
+  </li><li>
+    Date of completion of Assurance.
+    Records should be maintained for 7 years from
+    this date.
+</li></ol>
+
+<p>
+The COAP should be in English.  Where translations
+are provided, they should be matched to the English,
+and indication provided that the English is the
+ruling language (due to Arbitration requirements).
+</p>
+
+<h3> <a name="4.3"> 4.3 </a> Jurisdiction </h3>
+
+<p>
+Organisation Assurances are carried out by
+CAcert Inc under its Arbitration jurisdiction.
+Actions carried out by OAs are under this regime.
+</p>
+
+<ol type="a"><li>
+    The organisation has agreed to the terms of the
+    Registered User Agreement,
+  </li><li>
+    The organisation, the Organisation Assurers, CAcert and
+    other related parties are bound into CAcert's jurisdiction
+    and dispute resolution.
+  </li><li>
+    The OA is responsible for ensuring that the
+    organisation reads, understands, intends and
+    agrees to the registered user agreement.
+    This OA responsibility should be recorded on COAP
+    (statement and initials box).
+</li></ol>
+
+<h2> <a name="5"> 5. </a> Exceptions </h2>
+
+
+<ol type="a"><li>
+    <b> Conflicts of Interest.</b>
+    An OA must not assure an organisation in which
+    there is a close or direct relationship by, e.g.,
+    employment, family, financial interests.
+    Other conflicts of interest must be disclosed.
+  </li><li>
+    <b> Trusted Third Parties.</b>
+    TTPs are not generally approved to be part of
+    organisation assurance,
+    but may be approved by subsidiary policies according
+    to local needs.
+  </li><li>
+    <b>Exceptional Organisations.</b>
+    (e.g., Vatican, International Space Station, United Nations)
+    can be dealt with as a single-organisation
+    SubPol.
+    The OA creates the checks, documents them,
+    and subjects them to to normal policy approval.
+  </li><li>
+    <b>DBA.</b>
+    Alternative names for organisations
+    (DBA, "doing business as")
+    can be added as long as they are proven independently.
+    E.g., registration as DBA or holding of registered trade mark.
+    This means that the anglo law tradition of unregistered DBAs
+    is not accepted without further proof.
+</li></ol>
+