Added new licenses
parent
4d6d19d22b
commit
79129197a9
@ -0,0 +1,512 @@
|
|||||||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||||
|
|
||||||
|
<html>
|
||||||
|
<head><title>CAcert Community Agreement</title></head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<h3> <a name="0"> 0. </a> Introduction </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This agreement is between
|
||||||
|
you, being a registered member ("Member")
|
||||||
|
within CAcert's community at large ("Community")
|
||||||
|
and CAcert Incorporated ("CAcert"),
|
||||||
|
being an operator of services to the Community.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h4> <a name="0.1"> 0.1 </a> Terms </h4>
|
||||||
|
<ol><li>
|
||||||
|
"CAcert"
|
||||||
|
means CAcert Inc.,
|
||||||
|
a non-profit Association of Members incorporated in
|
||||||
|
New South Wales, Australia.
|
||||||
|
Note that Association Members are distinct from
|
||||||
|
the Members defined here.
|
||||||
|
</li><li>
|
||||||
|
"Member"
|
||||||
|
means you, a registered participant within CAcert's Community,
|
||||||
|
with an account on the website and the
|
||||||
|
facility to request certificates.
|
||||||
|
Members may be individuals ("natural persons")
|
||||||
|
or organisations ("legal persons").
|
||||||
|
</li><li>
|
||||||
|
"Organisation"
|
||||||
|
is defined under the Organisation Assurance programme,
|
||||||
|
and generally includes corporations and other entities
|
||||||
|
that become Members and become Assured.
|
||||||
|
</li><li>
|
||||||
|
"Community"
|
||||||
|
means all of the Members
|
||||||
|
that are registered by this agreement
|
||||||
|
and other parties by other agreements,
|
||||||
|
all being under CAcert's Arbitration.
|
||||||
|
</li><li>
|
||||||
|
"Non-Related Person" ("NRP"),
|
||||||
|
being someone who is not a
|
||||||
|
Member, is not part of the Community,
|
||||||
|
and has not registered their agreement.
|
||||||
|
Such people are offered the NRP-DaL
|
||||||
|
another agreement allowing the USE of certificates.
|
||||||
|
</li><li>
|
||||||
|
"Non-Related Persons - Disclaimer and Licence" ("NRP-DaL"),
|
||||||
|
another agreement that is offered to persons outside the
|
||||||
|
Community.
|
||||||
|
</li><li>
|
||||||
|
"Arbitration"
|
||||||
|
is the Community's forum for
|
||||||
|
resolving disputes, or jurisdiction.
|
||||||
|
</li><li>
|
||||||
|
"Dispute Resolution Policy" ("DRP" => COD7)
|
||||||
|
is the policy and
|
||||||
|
rules for resolving disputes.
|
||||||
|
</li><li>
|
||||||
|
"USE"
|
||||||
|
means the act by your software
|
||||||
|
to conduct its tasks, incorporating
|
||||||
|
the certificates according to software procedures.
|
||||||
|
</li><li>
|
||||||
|
"RELY"
|
||||||
|
means your human act in taking on a
|
||||||
|
risk and liability on the basis of the claim(s)
|
||||||
|
bound within a certificate.
|
||||||
|
</li><li>
|
||||||
|
"OFFER"
|
||||||
|
means the your act
|
||||||
|
of making available your certificate to another person.
|
||||||
|
Generally, you install and configure your software
|
||||||
|
to act as your agent and facilite this and other tasks.
|
||||||
|
OFFER does not imply suggestion of reliance.
|
||||||
|
</li><li>
|
||||||
|
"Issue"
|
||||||
|
means creation of a certificate by CAcert.
|
||||||
|
To create a certificate,
|
||||||
|
CAcert affixes a digital signature from the root
|
||||||
|
onto a public key and other information.
|
||||||
|
This act would generally bind a statement or claim,
|
||||||
|
such as your name, to your key.
|
||||||
|
</li><li>
|
||||||
|
"Root"
|
||||||
|
means CAcert's top level key,
|
||||||
|
used for signing certificates for Members.
|
||||||
|
In this document, the term includes any subroots.
|
||||||
|
</li><li>
|
||||||
|
"CAcert Official Document" ("COD" => COD3)
|
||||||
|
in a standard format for describing the details of
|
||||||
|
operation and governance essential to a certificate authority.
|
||||||
|
Changes are managed and controlled.
|
||||||
|
CODs define more technical terms.
|
||||||
|
See 4.2 for listing of relevant CODs.
|
||||||
|
</li><li>
|
||||||
|
"Certification Practice Statement" ("CPS" => COD6)
|
||||||
|
is the document that controls details
|
||||||
|
about operational matters within CAcert.
|
||||||
|
</li></ol>
|
||||||
|
|
||||||
|
|
||||||
|
<h3> <a name="1"> 1. </a> Agreement and Licence </h3>
|
||||||
|
|
||||||
|
<h4> <a name="1.1"> 1.1 </a> Agreement </h4>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
You and CAcert both agree to the terms and conditions
|
||||||
|
in this agreement.
|
||||||
|
Your agreement is given by any of
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ul><li>
|
||||||
|
your signature on a form to request assurance of identity
|
||||||
|
("CAP" form),
|
||||||
|
</li><li>
|
||||||
|
your request on the website
|
||||||
|
to join the Community and create an account,
|
||||||
|
</li><li>
|
||||||
|
your request for Organisation Assurance,
|
||||||
|
</li><li>
|
||||||
|
your request for issuing of certificates, or
|
||||||
|
</li><li>
|
||||||
|
if you USE, RELY, or OFFER
|
||||||
|
any certificate issued to you.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Your agreement
|
||||||
|
is effective from the date of the first event above
|
||||||
|
that makes this agreement known to you.
|
||||||
|
This Agreement
|
||||||
|
replaces and supercedes prior agreements,
|
||||||
|
including the NRP-DaL.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
|
||||||
|
<h4> <a name="1.2"> 1.2 </a> Licence </h4>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
As part of the Community, CAcert offers you these rights:
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ol><li>
|
||||||
|
You may USE any certificates issued by CAcert.
|
||||||
|
</li><li>
|
||||||
|
You may RELY on any certificate issued by CAcert,
|
||||||
|
as explained and limited by CPS (COD6).
|
||||||
|
</li><li>
|
||||||
|
You may OFFER certificates issued to you by CAcert
|
||||||
|
to Members for their RELIANCE.
|
||||||
|
</li><li>
|
||||||
|
You may OFFER certificates issued to you by CAcert
|
||||||
|
to NRPs for their USE, within the general principles
|
||||||
|
of the Community.
|
||||||
|
</li><li>
|
||||||
|
This Licence is free of cost,
|
||||||
|
non-exclusive, and non-transferrable.
|
||||||
|
</li></ol>
|
||||||
|
|
||||||
|
<h4> <a name="1.3"> 1.3 </a> Your Contributions </h4>
|
||||||
|
|
||||||
|
|
||||||
|
<p>
|
||||||
|
You agree to a non-exclusive non-restrictive non-revokable
|
||||||
|
transfer of Licence to CAcert for your contributions.
|
||||||
|
That is, if you post an idea or comment on a CAcert forum,
|
||||||
|
or email it to other Members,
|
||||||
|
your work can be used freely by the Community for
|
||||||
|
CAcert purposes, including placing under CAcert's licences
|
||||||
|
for wider publication.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
You retain authorship rights, and the rights to also transfer
|
||||||
|
non-exclusive rights to other parties.
|
||||||
|
That is, you can still use your
|
||||||
|
ideas and contributions outside the Community.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Note that the following exceptions override this clause:
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ol><li>
|
||||||
|
Contributions to controlled documents are subject to
|
||||||
|
Policy on Policy ("PoP" => COD1)
|
||||||
|
</li><li>
|
||||||
|
Source code is subject to an open source licence regime.
|
||||||
|
</li></ol>
|
||||||
|
|
||||||
|
<h4> <a name="1.4"> 1.4 </a> Privacy </h4>
|
||||||
|
|
||||||
|
|
||||||
|
<p>
|
||||||
|
You give rights to CAcert to store, verify and process
|
||||||
|
and publish your data in accordance with policies in force.
|
||||||
|
These rights include shipping the data to foreign countries
|
||||||
|
for system administration, support and processing purposes.
|
||||||
|
Such shipping will only be done among
|
||||||
|
CAcert Community administrators and Assurers.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Privacy is further covered in the Privacy Policy ("PP" => COD5).
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h3> <a name="2"> 2. </a> Your Risks, Liabilities and Obligations </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
As a Member, you have risks, liabilities
|
||||||
|
and obligations within this agreement.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h4> <a name="2.1"> 2.1 </a> Risks </h4>
|
||||||
|
|
||||||
|
<ol><li>
|
||||||
|
A certificate may prove unreliable.
|
||||||
|
</li><li>
|
||||||
|
Your account, keys or other security tools may be
|
||||||
|
lost or otherwise compromised.
|
||||||
|
</li><li>
|
||||||
|
You may find yourself subject to Arbitration
|
||||||
|
(DRP => COD7).
|
||||||
|
</li></ol>
|
||||||
|
|
||||||
|
<h4> <a name="2.2"> 2.2 </a> Liabilities </h4>
|
||||||
|
|
||||||
|
<ol><li>
|
||||||
|
You are liable for any penalties
|
||||||
|
as awarded against you by the Arbitrator.
|
||||||
|
</li><li>
|
||||||
|
Remedies are as defined in the DRP (COD7).
|
||||||
|
An Arbitrator's ruling may
|
||||||
|
include monetary amounts, awarded against you.
|
||||||
|
</li><li>
|
||||||
|
Your liability is limited to
|
||||||
|
a total maximum of
|
||||||
|
<b>1000 Euros</b>.
|
||||||
|
</li><li>
|
||||||
|
"Foreign Courts" may assert jurisdiction.
|
||||||
|
These include your local courts, and are outside our Arbitration.
|
||||||
|
Foreign Courts will generally refer to the Arbitration
|
||||||
|
Act of their country, which will generally refer
|
||||||
|
civil cases to Arbitration.
|
||||||
|
The Arbitration Act will not apply to criminal cases.
|
||||||
|
</li></ol>
|
||||||
|
|
||||||
|
<h4> <a name="2.3"> 2.3 </a> Obligations </h4>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
You are obliged
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ol><li>
|
||||||
|
to provide accurate information
|
||||||
|
as part of Assurance.
|
||||||
|
You give permission for verification of the information
|
||||||
|
using CAcert-approved methods.
|
||||||
|
</li><li>
|
||||||
|
to make no false representations.
|
||||||
|
</li><li>
|
||||||
|
to submit all your disputes to Arbitration
|
||||||
|
(DRP => COD7).
|
||||||
|
</li></ol>
|
||||||
|
|
||||||
|
<h4> <a name="2.4"> 2.4 </a> Principles </h4>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
As a Member of CAcert, you are a member of
|
||||||
|
the Community.
|
||||||
|
You are further obliged to
|
||||||
|
work within the spirit of the Principles
|
||||||
|
of the Community.
|
||||||
|
These are described in
|
||||||
|
<a href="http://svn.cacert.org/CAcert/principles.html">Principles of the Community</a>.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h4> <a name="2.5"> 2.5 </a> Security </h4>
|
||||||
|
<p>
|
||||||
|
CAcert exists to help you to secure yourself.
|
||||||
|
You are primarily responsible for your own security.
|
||||||
|
Your security obligations include
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ol><li>
|
||||||
|
to secure yourself and your computing platform (e.g., PC),
|
||||||
|
</li><li>
|
||||||
|
to keep your email account in good working order,
|
||||||
|
</li><li>
|
||||||
|
to secure your CAcert account
|
||||||
|
(e.g., credentials such as username, password),
|
||||||
|
</li><li>
|
||||||
|
to secure your private keys,
|
||||||
|
</li><li>
|
||||||
|
to review certificates for accuracy,
|
||||||
|
and
|
||||||
|
</li><li>
|
||||||
|
when in doubt, notify CAcert,
|
||||||
|
</li><li>
|
||||||
|
when in doubt, take other reasonable actions, such as
|
||||||
|
revoking certificates,
|
||||||
|
changing account credentials,
|
||||||
|
and/or generating new keys.
|
||||||
|
</li></ol>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Where, above, 'secure' means to protect to a reasonable
|
||||||
|
degree, in proportion with your risks and the risks of
|
||||||
|
others.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h3> <a name="3"> 3. </a> Law and Jurisdiction </h3>
|
||||||
|
|
||||||
|
<h4> <a name="3.1"> 3.1 </a> Governing Law </h4>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This agreement is governed under the law of
|
||||||
|
New South Wales, Australia,
|
||||||
|
being the home of the CAcert Inc. Association.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h4> <a name="3.2"> 3.2 </a> Arbitration as Forum of Dispute Resolution </h4>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
You agree, with CAcert and all of the Community,
|
||||||
|
that all disputes arising out
|
||||||
|
of or in connection to our use of CAcert services
|
||||||
|
shall be referred to and finally resolved
|
||||||
|
by Arbitration under the rules within the
|
||||||
|
Dispute Resolution Policy of CAcert
|
||||||
|
(DRP => COD7).
|
||||||
|
The rules select a single Arbitrator chosen by CAcert
|
||||||
|
from among senior Members in the Community.
|
||||||
|
The ruling of the Arbitrator is binding and
|
||||||
|
final on Members and CAcert alike.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
In general, the jurisdiction for resolution of disputes
|
||||||
|
is within CAcert's own forum of Arbitration,
|
||||||
|
as defined and controlled by its own rules (DRP => COD7).
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
We use Arbitration for many purposes beyond the strict
|
||||||
|
nature of disputes, such as governance and oversight.
|
||||||
|
A systems administrator may
|
||||||
|
need authorisation to conduct a non-routine action,
|
||||||
|
and Arbitration may provide that authorisation.
|
||||||
|
Thus, you may find yourself party to Arbitration
|
||||||
|
that is simply support actions, and you may file disputes in
|
||||||
|
order to initiate support actions.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h4> <a name="3.3"> 3.3 </a> Termination </h4>
|
||||||
|
<p>
|
||||||
|
You may terminate this agreement by resigning
|
||||||
|
from CAcert. You may do this at any time by
|
||||||
|
writing to CAcert's online support forum and
|
||||||
|
filing dispute to resign.
|
||||||
|
All services will be terminated, and your
|
||||||
|
certificates will be revoked.
|
||||||
|
However, some information will continue to
|
||||||
|
be held for certificate processing purposes.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The provisions on Arbitration survive any termination
|
||||||
|
by you by leaving CAcert.
|
||||||
|
That is, even if you resign from CAcert,
|
||||||
|
you are still bound by the DRP (COD7),
|
||||||
|
and the Arbitrator may reinstate any provision of this
|
||||||
|
agreement or bind you to a ruling.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Only the Arbitrator may terminate this agreement with you.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h4> <a name="3.4"> 3.4 </a> Changes of Agreement </h4>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
CAcert may from time to time vary the terms of this Agreement.
|
||||||
|
Changes will be done according to the documented CAcert policy
|
||||||
|
for changing policies, and is subject to scrutiny and feedback
|
||||||
|
by the Community.
|
||||||
|
Changes will be notified to you by email to your primary address.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
If you do not agree to the changes, you may terminate as above.
|
||||||
|
Continued use of the service shall be deemed to be agreement
|
||||||
|
by you.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h4> <a name="3.5"> 3.5 </a> Communication </h4>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Notifications to CAcert are to be sent by
|
||||||
|
email to the address
|
||||||
|
<b>support</b> <i>at</i> CAcert.org.
|
||||||
|
You should attach a digital signature,
|
||||||
|
but need not do so in the event of security
|
||||||
|
or similar urgency.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Notifications to you are sent
|
||||||
|
by CAcert to the primary email address
|
||||||
|
registered with your account.
|
||||||
|
You are responsible for keeping your email
|
||||||
|
account in good working order and able
|
||||||
|
to receive emails from CAcert.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Arbitration is generally conducted by email.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h3> <a name="4"> 4. </a> Miscellaneous </h3>
|
||||||
|
|
||||||
|
<h4> <a name="4.1"> 4.1 </a> Other Parties Within the Community </h4>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
As well as you and other Members in the Community,
|
||||||
|
CAcert forms agreements with third party
|
||||||
|
vendors and others.
|
||||||
|
Thus, such parties will also be in the Community.
|
||||||
|
Such agreements are also controlled by the same
|
||||||
|
policy process as this agreement, and they should
|
||||||
|
mirror and reinforce these terms.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
|
||||||
|
<h4> <a name="4.2"> 4.2 </a> References and Other Binding Documents </h4>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This agreement is CAcert Official Document 9 (COD9)
|
||||||
|
and is a controlled document.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
You are also bound by
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ol><li>
|
||||||
|
<a href="http://svn.cacert.org/CAcert/policy.htm">
|
||||||
|
Certification Practice Statement</a> (CPS => COD6).
|
||||||
|
</li><li>
|
||||||
|
<a href="http://svn.cacert.org/CAcert/dispute_resolution.html">
|
||||||
|
Dispute Resolution Policy</a> (DRP => COD7).
|
||||||
|
</li><li>
|
||||||
|
<a href="http://www.cacert.org/index.php?id=10">
|
||||||
|
Privacy Policy</a> (PP => COD5).
|
||||||
|
</li><li>
|
||||||
|
<a href="http://svn.cacert.org/CAcert/principles.html">
|
||||||
|
Principles of the Community</a>.
|
||||||
|
</li></ol>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Where documents are referred to as <i>=> COD x</i>,
|
||||||
|
they are controlled documents
|
||||||
|
under the control of Policy on Policies (COD1).
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This agreement and controlled documents above are primary,
|
||||||
|
and may not be replaced or waived except
|
||||||
|
by formal policy channels and by Arbitration.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h4> <a name="4.3"> 4.3 </a> Informative References </h4>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The governing documents are in English.
|
||||||
|
Documents may be translated for convenience.
|
||||||
|
Because we cannot control the legal effect of translations,
|
||||||
|
the English documents are the ruling ones.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
You are encouraged to be familiar with the
|
||||||
|
Assurer Handbook,
|
||||||
|
which provides a more readable introduction for much of
|
||||||
|
the information needed.
|
||||||
|
The Handbook is not however an agreement, and is overruled
|
||||||
|
by this agreement and others listed above.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h4> <a name="4.4"> 4.4 </a> Not Covered in this Agreement </h4>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<b>Intellectual Property.</b>
|
||||||
|
This Licence does not transfer any intellectual
|
||||||
|
property rights ("IPR") to you. CAcert asserts and
|
||||||
|
maintains its IPR over its roots, issued certificates,
|
||||||
|
brands, logos and other assets.
|
||||||
|
Note that the certificates issued to you
|
||||||
|
are CAcert's intellectual property
|
||||||
|
and you do not have rights other than those stated.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
@ -0,0 +1,639 @@
|
|||||||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||||
|
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Dispute Resulution Policy</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<table width="100%">
|
||||||
|
|
||||||
|
<tr>
|
||||||
|
<td> DRP </td>
|
||||||
|
<td> </td>
|
||||||
|
<td width="20%"> Teus Hagen </td>
|
||||||
|
</tr>
|
||||||
|
|
||||||
|
<tr>
|
||||||
|
<td> POLICY <a href="http://wiki.cacert.org/wiki/TopMinutes-20070917">m20070919.3</a> </td>
|
||||||
|
<td> </td>
|
||||||
|
<td>
|
||||||
|
$Date: 2008/01/18 22:56:31 $
|
||||||
|
<!--
|
||||||
|
to get this to work, we have to do this:
|
||||||
|
svn propset svn:keywords "Date" PolicyOnPolicy.html
|
||||||
|
except it does not work through the website.
|
||||||
|
-->
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
|
||||||
|
<tr>
|
||||||
|
<td> COD7 </td>
|
||||||
|
<td> </td>
|
||||||
|
<td> <!-- contributors --> </td>
|
||||||
|
</tr>
|
||||||
|
|
||||||
|
|
||||||
|
<tr> <!-- title only -->
|
||||||
|
<td> </td>
|
||||||
|
<td > <b>Dispute Resolution Policy</b> </td>
|
||||||
|
<td> </td>
|
||||||
|
</tr>
|
||||||
|
|
||||||
|
</table>
|
||||||
|
|
||||||
|
|
||||||
|
<h2> <a name="0"> 0. </a> Introduction</h2>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This is the Dispute Resolution Policy for CAcert.
|
||||||
|
Disputes arising out of
|
||||||
|
operations by CAcert and interactions between
|
||||||
|
users may be addressed through this policy.
|
||||||
|
This document also presents the rules for
|
||||||
|
resolution of disputes.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h3> <a name="0.1"> 0.1 </a> Nature of Disputes </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Disputes include:
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ul><li>
|
||||||
|
Requests for non-routine support actions.
|
||||||
|
CAcert support team has no authority to
|
||||||
|
act outside the normal support facilities made
|
||||||
|
available to Users;
|
||||||
|
</li><li>
|
||||||
|
Classical disputes where a User or another
|
||||||
|
assert claims and demand remedies;
|
||||||
|
</li><li>
|
||||||
|
Requests by external organisations, including
|
||||||
|
legal processes from foreign courts;
|
||||||
|
</li><li>
|
||||||
|
Events initiated for training purposes.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
<h2> <a name="1"> 1. </a> Filing</h2>
|
||||||
|
|
||||||
|
<h3> <a name="1.1"> 1.1 </a> Filing Party</h3>
|
||||||
|
<p>
|
||||||
|
Anyone may file a dispute.
|
||||||
|
In filing, they become <i>Claimants</i>.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h3> <a name="1.2">1.2 </a> Channel for Filing</h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Disputes are filed by being sent to the normal
|
||||||
|
support channel of CAcert,
|
||||||
|
and a fee may be payable.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Such fees as are imposed on filing will be specified
|
||||||
|
on the dispute resolution page of the website.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h3> <a name="1.3">1.3 </a> Case Manager</h3>
|
||||||
|
<p>
|
||||||
|
The Case Manager (CM) takes control of the filing.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ol><li>
|
||||||
|
CM makes an initial determination as
|
||||||
|
to whether this filing is a dispute
|
||||||
|
for resolution, or it is a request
|
||||||
|
for routine support.
|
||||||
|
</li><li>
|
||||||
|
CM logs the case and establishes such
|
||||||
|
documentation and communications support as is customary.
|
||||||
|
</li><li>
|
||||||
|
If any party acts immediately on the filing
|
||||||
|
(such as an urgent security action),
|
||||||
|
the CM names these parties to the case.
|
||||||
|
</li><li>
|
||||||
|
CM selects the Arbitrator.
|
||||||
|
</li></ol>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The personnel within the CAcert support team
|
||||||
|
are Case Managers, by default, or as directed
|
||||||
|
by the Dispute Resolution Officer.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h3> <a name="1.4">1.4 </a> Contents</h3>
|
||||||
|
<p>
|
||||||
|
The filing must specify:
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ul><li>
|
||||||
|
The filing party(s), being the <i>Claimant(s)</i>.
|
||||||
|
</li><li>
|
||||||
|
The party(s) to whom the complaint is addressed to,
|
||||||
|
being the <i>Respondent(s)</i>.
|
||||||
|
This will be CAcert in the
|
||||||
|
case of requests for support actions.
|
||||||
|
It may be a User (possibly unidentified) in the
|
||||||
|
case where one User has given rise to a complaint against another.
|
||||||
|
</li><li>
|
||||||
|
The <i>Complaint</i>.
|
||||||
|
For example, a trademark has been infringed,
|
||||||
|
privacy has been breached,
|
||||||
|
or a user has defrauded using a certificate.
|
||||||
|
</li><li>
|
||||||
|
The action(s) requested by the filing party
|
||||||
|
(technically, called the <i>relief</i>).
|
||||||
|
For example, to delete an account,
|
||||||
|
to revoke a certificate, or to stop a
|
||||||
|
trademark infringement.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
If the filing is inadequate for lack of information
|
||||||
|
or for format, the Case Manager
|
||||||
|
may refile with the additional information,
|
||||||
|
attaching the original messages.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h3> <a name="1.5">1.5 </a> The Arbitrator</h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The Case Manager selects the Arbitrator according
|
||||||
|
to the mechanism managed by the Dispute Resolution Officer
|
||||||
|
and approved from time to time.
|
||||||
|
This mechanism is to maintain a list of Arbitrators available for
|
||||||
|
dispute resolution.
|
||||||
|
Each selected Arbitrator has the right to decline the dispute,
|
||||||
|
and should decline a dispute with which there exists a conflict
|
||||||
|
of interest.
|
||||||
|
The reason for declining should be stated.
|
||||||
|
If no Arbitrator accepts the dispute, the case is
|
||||||
|
closed with status "declined."
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Arbitrators are experienced Assurers of CAcert.
|
||||||
|
They should be independent and impartial, including
|
||||||
|
of CAcert itself where it becomes a party.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h2> <a name="2"> 2. </a> The Arbitration</h2>
|
||||||
|
|
||||||
|
|
||||||
|
<h3> <a name="2.1">2.1 </a> Authority</h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The Board of CAcert and the Users vest in Arbitrators
|
||||||
|
full authority to hear disputes and deliver rulings
|
||||||
|
which are binding on CAcert and the Users.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
|
||||||
|
<h3> <a name="2.2">2.2 </a> Preliminaries</h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The Arbitrator conducts some preliminaries:
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ul><li>
|
||||||
|
The Arbitrator reviews the available documentation
|
||||||
|
and affirms the rules of dispute resolution.
|
||||||
|
Jurisdiction is established, see below.
|
||||||
|
</li><li>
|
||||||
|
The Arbitrator affirms the governing law (NSW, Australia).
|
||||||
|
The Arbitrator may select local law and local
|
||||||
|
procedures where Claimants and all Respondents
|
||||||
|
agree, are under such jurisdiction, and it is deemed
|
||||||
|
more appropriate.
|
||||||
|
However, this is strictly limited to those parties,
|
||||||
|
and especially, CAcert and other parties
|
||||||
|
remains under the governing law.
|
||||||
|
</li><li>
|
||||||
|
The Arbitrator reviews the Respondents and Claimants
|
||||||
|
with a view to dismissal or joining of additional parties.
|
||||||
|
E.g., support personel may be joined if emergency action was
|
||||||
|
taken.
|
||||||
|
</li><li>
|
||||||
|
Any parties that are not Users and are not bound
|
||||||
|
by the CPS are given the opportunity to enter into
|
||||||
|
CAcert and be bound by the CPS and these rules of arbitration.
|
||||||
|
If these Non-Related Persons (NRPs) remain outside,
|
||||||
|
their rights and remedies under CAcert's policies
|
||||||
|
and forum are strictly limited to that specified in the
|
||||||
|
Non-Related Persons -- Disclaimer and Licence.
|
||||||
|
NRPs may proceed with Arbitration subject to preliminary orders
|
||||||
|
of the Arbitrator.
|
||||||
|
</li><li>
|
||||||
|
Participating Users may not resign until the completion of the case.
|
||||||
|
</li><li>
|
||||||
|
The Arbitrator confirms that all parties accept
|
||||||
|
the forum of dispute resolution.
|
||||||
|
This is especially important where a User might be
|
||||||
|
in a country with no Arbitration Act in law, or
|
||||||
|
where there is reason to believe that a party might
|
||||||
|
go to an external court.
|
||||||
|
</li><li>
|
||||||
|
The Arbitrator confirms that parties are representing
|
||||||
|
themselves. Parties are entitled to be legally
|
||||||
|
represented, but are not encouraged to do so,
|
||||||
|
bearing in mind the volunteer nature of the
|
||||||
|
organisation and the size of the dispute.
|
||||||
|
If they do so they must declare such, including any
|
||||||
|
changes.
|
||||||
|
</li><li>
|
||||||
|
The Arbitrator may appoint experienced Assurers
|
||||||
|
to assist and represent parties, especially for NRPs.
|
||||||
|
The Case Manager must not to provide such assistance.
|
||||||
|
</li><li>
|
||||||
|
The Arbitrator is bound to maintain the balance
|
||||||
|
of legal fairness.
|
||||||
|
</li><li>
|
||||||
|
The Arbitrator may make any preliminary orders,
|
||||||
|
including protection orders and orders referring
|
||||||
|
to emergency actions already taken.
|
||||||
|
</li><li>
|
||||||
|
The Arbitrator may request any written pleadings,
|
||||||
|
counterclaim, and/or statements of defence.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
|
||||||
|
<h3> <a name="2.3">2.3 </a> Jurisdiction </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Jurisidiction - the right or power to hear and rule on
|
||||||
|
disputes - is initially established by clauses in the
|
||||||
|
User agreements for all CAcert Users.
|
||||||
|
The agreement must establish:
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ul><li>
|
||||||
|
That all Parties agree to binding Arbitration
|
||||||
|
in CAcert's forum of dispute resolution;
|
||||||
|
</li><li>
|
||||||
|
for all disputes relating to activities within
|
||||||
|
CAcert, issued certificates, roles and actions, etc;
|
||||||
|
</li><li>
|
||||||
|
as defined by these rules, including the selection
|
||||||
|
of a single Arbitrator;
|
||||||
|
</li><li>
|
||||||
|
under the Law of NSW, Australia; and
|
||||||
|
</li><li>
|
||||||
|
the Parties keep email accounts in good working order.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
An external court may have ("assert") jurisdiction to decide on
|
||||||
|
issues such as trademark, privacy, contract and fraud,
|
||||||
|
and may do so with legal remedies.
|
||||||
|
These are areas where jurisdiction may need
|
||||||
|
to be considered carefully:
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ul><li>
|
||||||
|
Where NRPs, being not members of CAcert and not
|
||||||
|
bound by agreement, are parties to the dispute.
|
||||||
|
E.g., intellectual property disputes may involve
|
||||||
|
NRPs and their trademarks;
|
||||||
|
</li><li>
|
||||||
|
criminal actions or actions likely to result in criminal
|
||||||
|
proceedings,
|
||||||
|
e.g., fraud;
|
||||||
|
</li><li>
|
||||||
|
Contracts between Users that were formed without
|
||||||
|
a clause to seek arbitration in the forum;
|
||||||
|
</li><li>
|
||||||
|
Areas where laws fall outside the Arbitration Act,
|
||||||
|
such as privacy;
|
||||||
|
</li><li>
|
||||||
|
Legal process (subpoenas, etc) delivered by
|
||||||
|
an external court of "competent jurisdiction."
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The Arbitrator must consider jurisdiction and rule on a
|
||||||
|
case by case basis whether jurisdiction is asserted,
|
||||||
|
either wholly or partially, or declines to hear the case.
|
||||||
|
In the event of asserting
|
||||||
|
jurisdiction, and a NRP later decides to pursue rights in
|
||||||
|
another forum, the Arbitrator should seek the agreement
|
||||||
|
of the NRP to file the ruling as part of the new case.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h3> <a name="2.4">2.4 </a> Basis in Law </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Each country generally has an Arbitration Act
|
||||||
|
that elevates Arbitration as a strong dispute
|
||||||
|
resolution forum.
|
||||||
|
The Act generally defers to Arbitration
|
||||||
|
if the parties have so agreed.
|
||||||
|
That is, as Users of CAcert, you agree to resolve
|
||||||
|
all disputes before CAcert's forum.
|
||||||
|
This is sometimes called <i>private law</i>
|
||||||
|
or <i>alternative dispute resolution</i>.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
As a matter of public policy, courts will generally
|
||||||
|
refer any case back to Arbitration.
|
||||||
|
Users should understand that they will have
|
||||||
|
strictly limited rights to ask the courts to
|
||||||
|
seek to have a case heard or to override a Ruling.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
|
||||||
|
<h3> <a name="2.5">2.5 </a> External Courts </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
When an external court claims and asserts its jurisdiction,
|
||||||
|
and issues a court order, subpoena or other service to CAcert,
|
||||||
|
the CM files the order as a dispute, with the external court
|
||||||
|
as <i>Claimant</i>.
|
||||||
|
The CM and other support staff are granted no authority to
|
||||||
|
act on the basis of any court order, and ordinarily
|
||||||
|
must await the order of the Arbitrator
|
||||||
|
(which might simply be a repeat of the external court order).
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The Arbitrator establishes the bona fides of the
|
||||||
|
court, and rules.
|
||||||
|
The Arbitrator may rule to reject the order,
|
||||||
|
for jurisdiction or other reasons.
|
||||||
|
By way of example, if all Parties are registered Users,
|
||||||
|
then jurisdiction more normally falls within the forum.
|
||||||
|
If the Arbitrator rules to reject,
|
||||||
|
he should do so only after consulting with CAcert counsel.
|
||||||
|
The Arbitrator's jurisidiction is ordinarily that of
|
||||||
|
dealing with the order, and
|
||||||
|
not that which the external court has claimed to.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
|
||||||
|
<h3> <a name="2.6">2.6 </a> Process</h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The Arbitrator follows the procedure:
|
||||||
|
</p>
|
||||||
|
|
||||||
|
|
||||||
|
<ol><li>
|
||||||
|
Establish the facts.
|
||||||
|
The Arbitrator collects the evidence from the parties.
|
||||||
|
The Arbitrator may order CAcert or Users under
|
||||||
|
jurisdiction to provide support or information.
|
||||||
|
The Arbitrator may use email, phone or face-to-face
|
||||||
|
meetings as proceedings.
|
||||||
|
</li><li>
|
||||||
|
Apply the Rules of Dispute Resolution,
|
||||||
|
the policies of CAcert and the governing law.
|
||||||
|
The Arbitrator may request that the parties
|
||||||
|
submit their views.
|
||||||
|
The Arbitrator also works to the mission of CAcert,
|
||||||
|
the benefit of all Users, and the community as a whole.
|
||||||
|
The Arbitrator may any assistance.
|
||||||
|
</li><li>
|
||||||
|
Makes a considered Ruling.
|
||||||
|
</li></ol>
|
||||||
|
|
||||||
|
<h2> <a name="3"> 3. </a> The Ruling</h2>
|
||||||
|
|
||||||
|
<h3> <a name="3.1">3.1 </a> The Contents </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The Arbitrator records:
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ol><li>
|
||||||
|
The Identification of the Parties,
|
||||||
|
</li><li>
|
||||||
|
The Facts,
|
||||||
|
</li><li>
|
||||||
|
The logic of the rules and law,
|
||||||
|
</li><li>
|
||||||
|
The directions and actions to be taken by each party
|
||||||
|
(the ruling).
|
||||||
|
</li><li>
|
||||||
|
The date and place that the ruling is rendered.
|
||||||
|
</li></ol>
|
||||||
|
|
||||||
|
|
||||||
|
<h3> <a name="3.2">3.2 </a> Process </h3>
|
||||||
|
<p>
|
||||||
|
Once the Ruling is delivered, the case is closed.
|
||||||
|
The Case Manager is responsible for recording the
|
||||||
|
Ruling, publishing it, and advising users.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Proceedings are ordinarily private.
|
||||||
|
The Ruling is ordinarily published,
|
||||||
|
within the bounds of the Privacy Policy.
|
||||||
|
The Ruling is written in English.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Only under exceptional circumstances can the
|
||||||
|
Arbitrator declare the Ruling private <i>under seal</i>.
|
||||||
|
Such a declaration must be reviewed in its entirety
|
||||||
|
by the Board,
|
||||||
|
and the Board must confirm or deny that declaration.
|
||||||
|
If it confirms, the existance of any Rulings under seal
|
||||||
|
must be published to the Users in a timely manner
|
||||||
|
(within days).
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h3> <a name="3.3">3.3 </a> Binding and Final </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The Ruling is binding and final on CAcert and all Users.
|
||||||
|
Ordinarily, all Users agree to be bound by this dispute
|
||||||
|
resolution policy. Users must declare in the Preliminaries
|
||||||
|
any default in agreement or binding.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
If a person who is not a User is a party to the dispute,
|
||||||
|
then the Ruling is not binding and final on that person,
|
||||||
|
but the Ruling must be presented in filing any dispute
|
||||||
|
in another forum such as the person's local courts.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h3> <a name="3.4">3.4 </a> Re-opening the Case or Appeal </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
In the case of clear injustices, egregious behaviour or
|
||||||
|
unconscionable Rulings, parties may seek to re-open the
|
||||||
|
case by filing a dispute. The new Arbitrator
|
||||||
|
reviews the new dispute,
|
||||||
|
re-examines and reviews the entire case, then rules on
|
||||||
|
whether the case may be re-opened or not.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
If the new Arbitrator rules the case be re-opened,
|
||||||
|
then it is referred to the Board of CAcert Inc.
|
||||||
|
The Board hears the case and delivers a final
|
||||||
|
and binding Ruling.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h3> <a name="3.5">3.5 </a> Liability </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
All liability of the Arbitrator for any act in
|
||||||
|
connection with deciding a dispute is excluded
|
||||||
|
by all parties, provided such act does not constitute
|
||||||
|
an intentional breach of duty.
|
||||||
|
All liability of the Arbitrators, CAcert, its officers and its
|
||||||
|
employees (including Case Manager)
|
||||||
|
for any other act or omission in connection with
|
||||||
|
arbitration proceedings is excluded, provided such acts do not
|
||||||
|
constitute an intentional or grossly negligent breach of duty.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The above provisions may only be overridden by
|
||||||
|
appeal process (by means of a new dispute causing
|
||||||
|
referral to the Board).
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h3> <a name="3.6">3.6 </a> Remedies </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The Arbitrator generally instructs using internal remedies,
|
||||||
|
that is ones that are within the general domain of CAcert,
|
||||||
|
but there are some external remedies at his disposal.
|
||||||
|
He may rule and instruct any of the parties on these issues.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ul><li>
|
||||||
|
"community service" typically including
|
||||||
|
<ul><li>
|
||||||
|
attend and assure people at trade shows / open source gatherings,
|
||||||
|
</li><li>
|
||||||
|
writing documentation
|
||||||
|
</li><li>
|
||||||
|
serve in role - support, dispute arbitration
|
||||||
|
</li></ul>
|
||||||
|
or others as decided.
|
||||||
|
|
||||||
|
</li><li>
|
||||||
|
Fined by loss of assurance points, which may result
|
||||||
|
in losing Assurer or Assured status.
|
||||||
|
|
||||||
|
</li><li>
|
||||||
|
Retraining in role.
|
||||||
|
|
||||||
|
</li><li>
|
||||||
|
Revoking of any certificates.
|
||||||
|
|
||||||
|
</li><li>
|
||||||
|
Monetary fine up to the liability cap established for
|
||||||
|
each party as described in the Registered User Agreement.
|
||||||
|
|
||||||
|
</li><li>
|
||||||
|
Exclusion from community.
|
||||||
|
|
||||||
|
</li><li>
|
||||||
|
Reporting to applicable authorities.
|
||||||
|
|
||||||
|
</li><li>
|
||||||
|
Changes to policies and procedures.
|
||||||
|
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The Arbitrator is not limited within the general domain
|
||||||
|
of CAcert, and may instruct novel remedies as seen fit.
|
||||||
|
Novel remedies outside the domain may be routinely
|
||||||
|
confirmed by the Board by way of appeals process,
|
||||||
|
in order to establish precedent.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h2> <a name="4"> 4. </a> Appendix</h2>
|
||||||
|
|
||||||
|
|
||||||
|
<h3> <a name="4.1">4.1 </a> The Advantages of this Forum </h3>
|
||||||
|
<p>
|
||||||
|
The advantage of this process for Users is:
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ul><li>
|
||||||
|
CAcert and Users operate across many jurisdictions.
|
||||||
|
Arbitration allows us to select a single set of
|
||||||
|
rules across all jurisdictions.
|
||||||
|
</li><li>
|
||||||
|
Arbitration allows CAcert to appropriately separate
|
||||||
|
out the routine support actions from difficult dispute
|
||||||
|
actions. Support personnel have no authority to
|
||||||
|
act, the appropriately selected Arbitrator has all
|
||||||
|
authority to act.
|
||||||
|
Good governance is thus maintained.
|
||||||
|
</li><li>
|
||||||
|
This forum allows CAcert Users to look after themselves
|
||||||
|
in a community, without exposing each other to potentially
|
||||||
|
disastrous results in strange courts from foreign lands.
|
||||||
|
</li><li>
|
||||||
|
By volunteering to resolve things "in-house" the costs
|
||||||
|
are reduced.
|
||||||
|
</li><li>
|
||||||
|
Even simple support issues such as password changing
|
||||||
|
can be improved by treating as a dispute. A clear
|
||||||
|
chain of request, analysis, ruling and action can be established.
|
||||||
|
</li><li>
|
||||||
|
CAcert Assurers can develop the understanding and the rules
|
||||||
|
for sorting out own problems far better than courts or
|
||||||
|
other external agencies.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
<h3> <a name="4.2">4.2 </a> The Disadvantages of this Forum </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Some disadvantages exist.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ul><li>
|
||||||
|
Users may have their rights trampled over.
|
||||||
|
In such a case, the community should strive to
|
||||||
|
re-open the case and refer it to the board.
|
||||||
|
</li><li>
|
||||||
|
Users may feel overwhelmed by the formality
|
||||||
|
of the process.
|
||||||
|
It is kept formal so as to establish good and proper
|
||||||
|
authority to act; otherwise, support and other
|
||||||
|
people in power may act without thought and with
|
||||||
|
damaging consequences.
|
||||||
|
</li><li>
|
||||||
|
A country may not have an Arbitration Act.
|
||||||
|
In that case, the parties should enter into
|
||||||
|
spirit of the forum.
|
||||||
|
If they choose to break that spirit,
|
||||||
|
they should also depart the community.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
<h3> <a name="4.3">4.3 </a> Process and Flow </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
To the extent reasonable, the Arbitrator conducts
|
||||||
|
the arbitration as with any legal proceedings.
|
||||||
|
This means that the process and style should follow
|
||||||
|
legal tradition.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
However, the Arbitrator is unlikely to be trained in
|
||||||
|
law. Hence, common sense must be applied, and the
|
||||||
|
Arbitrator has wide latitude to rule on any particular
|
||||||
|
motion, pleading, submission. The Arbitrator's ruling
|
||||||
|
is final within the arbitration.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Note also that many elements of legal proceedings are
|
||||||
|
deliberately left out of the rules.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
@ -0,0 +1,379 @@
|
|||||||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||||
|
|
||||||
|
<html>
|
||||||
|
<head><title>Organisation Assurance Policy</title></head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<table width="100%">
|
||||||
|
|
||||||
|
<tr>
|
||||||
|
<td> OAP </td>
|
||||||
|
<td> </td>
|
||||||
|
<td width="20%"> Jens </td>
|
||||||
|
</tr>
|
||||||
|
|
||||||
|
<tr>
|
||||||
|
<td> POLICY <a href="http://wiki.cacert.org/wiki/TopMinutes-20070917">m20070918.x</a> </td>
|
||||||
|
<td> </td>
|
||||||
|
<td>
|
||||||
|
$Date: 2008/01/18 22:56:31 $
|
||||||
|
<!--
|
||||||
|
to get this to work, we have to do this:
|
||||||
|
svn propset svn:keywords "Date" file.html
|
||||||
|
except it does not work through the website.
|
||||||
|
-->
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
|
||||||
|
<tr>
|
||||||
|
<td> COD11 </td>
|
||||||
|
<td> </td>
|
||||||
|
<td> </td>
|
||||||
|
</tr>
|
||||||
|
|
||||||
|
|
||||||
|
<tr>
|
||||||
|
<td> </td>
|
||||||
|
<td > <b>Organisation Assurance Policy</b> </td>
|
||||||
|
<td> </td>
|
||||||
|
</tr>
|
||||||
|
|
||||||
|
</table>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<h2> <a name="0"> 0. </a> Preliminaries </h2>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This policy describes how Organisation Assurers ("OAs")
|
||||||
|
conduct Assurances on Organisations.
|
||||||
|
It fits within the overall web-of-trust
|
||||||
|
or Assurance process of Cacert.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This policy is not a Controlled document, for purposes of
|
||||||
|
Configuration Control Specification ("CCS").
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h2> <a name="1"> 1. </a> Purpose </h2>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Organisations with assured status can issue certificates
|
||||||
|
directly with their own domains within.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The purpose and statement of the certificate remains
|
||||||
|
the same as with ordinary users (natural persons)
|
||||||
|
and as described in the CPS.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ul><li>
|
||||||
|
The organisation named within is identified.
|
||||||
|
</li><li>
|
||||||
|
The organisation has been verified according
|
||||||
|
to this policy.
|
||||||
|
</li><li>
|
||||||
|
The organisation is within the jurisdiction
|
||||||
|
and can be taken to Arbitration.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
|
||||||
|
<h2> <a name="2"> 2. </a> Roles and Structure </h2>
|
||||||
|
|
||||||
|
<h3> <a name="2.1"> 2.1 </a> Assurance Officer </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The Assurance Officer ("AO")
|
||||||
|
manages this policy and reports to the board.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The AO manages all OAs and is responsible for process,
|
||||||
|
the CAcert Organisation Assurance Programme form ("COAP"),
|
||||||
|
OA training and testing, manuals, quality control.
|
||||||
|
In these responsibilities, other Officers will assist.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h3> <a name="2.2"> 2.2 </a> Organisation Assurers </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ol type="a"> <li>
|
||||||
|
An OA must be an experienced Assurer
|
||||||
|
<ol type="i">
|
||||||
|
<li>Have 150 assurance points.</li>
|
||||||
|
<li>Be fully trained and tested on all general Assurance processes.</li>
|
||||||
|
</ol>
|
||||||
|
|
||||||
|
</li><li>
|
||||||
|
Must be trained as Organisation Assurer.
|
||||||
|
<ol type="i">
|
||||||
|
<li> Global knowledge: This policy. </li>
|
||||||
|
<li> Global knowledge: A OA manual covers how to do the process.</li>
|
||||||
|
<li> Local knowledge: legal forms of organisations within jurisdiction.</li>
|
||||||
|
<li> Basic governance. </li>
|
||||||
|
<li> Training may be done a variety of ways,
|
||||||
|
such as on-the-job, etc. </li>
|
||||||
|
</ol>
|
||||||
|
|
||||||
|
</li><li>
|
||||||
|
Must be tested.
|
||||||
|
<ol type="i">
|
||||||
|
<li> Global test: Covers this policy and the process. </li>
|
||||||
|
<li> Local knowledge: Subsidiary Policy to specify.</li>
|
||||||
|
<li> Tests to be created, approved, run, verified
|
||||||
|
by CAcert only (not outsourced). </li>
|
||||||
|
<li> Tests are conducted manually, not online/automatic. </li>
|
||||||
|
<li> Documentation to be retained. </li>
|
||||||
|
<li> Tests may include on-the-job components. </li>
|
||||||
|
</ol>
|
||||||
|
|
||||||
|
</li><li>
|
||||||
|
Must be approved.
|
||||||
|
<ol type="i">
|
||||||
|
<li> Two supervising OAs must sign-off on new OA,
|
||||||
|
as trained, tested and passed.
|
||||||
|
</li>
|
||||||
|
<li> AO must sign-off on a new OA,
|
||||||
|
as supervised, trained and tested.
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
</ol>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<h3> <a name="2.3"> 2.3 </a> Organisation Administrator </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The Administrator within each Organisation ("O-Admin")
|
||||||
|
is the one who handles the assurance requests
|
||||||
|
and the issuing of certificates.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ol type="a"> <li>
|
||||||
|
O-Admin must be Assurer
|
||||||
|
<ol type="i">
|
||||||
|
<li>Have 100 assurance points.</li>
|
||||||
|
<li>Fully trained and tested as Assurer.</li>
|
||||||
|
</ol>
|
||||||
|
|
||||||
|
</li><li>
|
||||||
|
Organisation is required to appoint O-Admin,
|
||||||
|
and appoint ones as required.
|
||||||
|
<ol type="i">
|
||||||
|
<li> On COAP Request Form.</li>
|
||||||
|
</ol>
|
||||||
|
|
||||||
|
</li><li>
|
||||||
|
O-Admin must work with an assigned OA.
|
||||||
|
<ol type="i">
|
||||||
|
<li> Have contact details.</li>
|
||||||
|
</ol>
|
||||||
|
</ol>
|
||||||
|
|
||||||
|
|
||||||
|
<h2> <a name="3"> 3. </a> Policies </h2>
|
||||||
|
|
||||||
|
<h3> <a name="3.1"> 3.1 </a> Policy </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
There is one policy being this present document,
|
||||||
|
and several subsidiary policies.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ol type="a">
|
||||||
|
<li> This policy authorises the creation of subsidiary policies. </li>
|
||||||
|
<li> This policy is international. </li>
|
||||||
|
<li> Subsidiary policies are implementations of the policy. </li>
|
||||||
|
<li> Organisations are assured under an appropriate subsidiary policy. </li>
|
||||||
|
</ol>
|
||||||
|
|
||||||
|
<h3> <a name="3.2"> 3.2 </a> Subsidiary Policies </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The nature of the Subsidiary Policies ("SubPols"):
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ol type="a"><li>
|
||||||
|
SubPols are purposed to check the organisation
|
||||||
|
under the rules of the jurisdiction that creates the
|
||||||
|
organisation. This does not evidence an intention
|
||||||
|
by CAcert to
|
||||||
|
enter into the local jurisdiction, nor an intention
|
||||||
|
to impose the rules of that jurisdiction over any other
|
||||||
|
organisation.
|
||||||
|
CAcert assurances are conducted under the jurisdiction
|
||||||
|
of CAcert.
|
||||||
|
</li><li>
|
||||||
|
For OAs,
|
||||||
|
SubPol specifies the <i>tests of local knowledge</i>
|
||||||
|
including the local organisational forms.
|
||||||
|
</li><li>
|
||||||
|
For assurances,
|
||||||
|
SubPol specifies the <i>local documentation forms</i>
|
||||||
|
which are acceptable under this SubPol to meet the
|
||||||
|
standard.
|
||||||
|
</li><li>
|
||||||
|
SubPols are subjected to the normal
|
||||||
|
policy approval process.
|
||||||
|
</li></ol>
|
||||||
|
|
||||||
|
<h3> <a name=""> </a> 3.3 Freedom to Assemble </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Subsidiary Policies are open, accessible and free to enter.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ol type="a"><li>
|
||||||
|
SubPols compete but are compatible.
|
||||||
|
</li><li>
|
||||||
|
No SubPol is a franchise.
|
||||||
|
</li><li>
|
||||||
|
Many will be on State or National lines,
|
||||||
|
reflecting the legal
|
||||||
|
tradition of organisations created
|
||||||
|
("incorporated") by states.
|
||||||
|
</li><li>
|
||||||
|
However, there is no need for strict national lines;
|
||||||
|
it is possible to have 2 SubPols in one country, or one
|
||||||
|
covering several countries with the same language
|
||||||
|
(e.g., Austria with Germany, England with Wales but not Scotland).
|
||||||
|
</li><li>
|
||||||
|
There could also be SubPols for special
|
||||||
|
organisations, one person organisations,
|
||||||
|
UN agencies, churches, etc.
|
||||||
|
</li><li>
|
||||||
|
Where it is appropriate to use the SubPol
|
||||||
|
in another situation (another country?), it
|
||||||
|
can be so approved.
|
||||||
|
(e.g., Austrian SubPol might be approved for Germany.)
|
||||||
|
The SubPol must record this approval.
|
||||||
|
</li></ol>
|
||||||
|
|
||||||
|
|
||||||
|
<h2> <a name="4"> 4. </a> Process </h2>
|
||||||
|
|
||||||
|
<h3> <a name="4.1"> 4.1 </a> Standard of Organisation Assurance </h3>
|
||||||
|
<p>
|
||||||
|
The essential standard of Organisation Assurance is:
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ol type="a"><li>
|
||||||
|
the organisation exists
|
||||||
|
</li><li>
|
||||||
|
the organisation name is correct and consistent:
|
||||||
|
<ol type="i">
|
||||||
|
<li>in official documents specified in SubPol.</li>
|
||||||
|
<li>on COAP form.</li>
|
||||||
|
<li>in CAcert database.</li>
|
||||||
|
<li>form or type of legal entity is consistent</li>
|
||||||
|
</ol>
|
||||||
|
</li><li>
|
||||||
|
signing rights:
|
||||||
|
requestor can sign on behalf of the organisation.
|
||||||
|
</li><li>
|
||||||
|
the organisation has agreed to the terms of the
|
||||||
|
Registered User Agreement,
|
||||||
|
and is therefore subject to Arbitration.
|
||||||
|
</li></ol>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Acceptable documents to meet above standard
|
||||||
|
are stated in the SubPol.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h3> <a name="4.2"> 4.2 </a> COAP </h3>
|
||||||
|
<p>
|
||||||
|
The COAP form documents the checks and the resultant
|
||||||
|
assurance results to meet the standard.
|
||||||
|
Additional information to be provided on form:
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ol type="a"><li>
|
||||||
|
CAcert account of O-Admin (email address?)
|
||||||
|
</li><li>
|
||||||
|
location:
|
||||||
|
<ol type="i">
|
||||||
|
<li>country (MUST).</li>
|
||||||
|
<li>city (MUST).</li>
|
||||||
|
<li>additional contact information (as required by SubPol).</li>
|
||||||
|
</ol>
|
||||||
|
</li><li>
|
||||||
|
administrator account names (1 or more)
|
||||||
|
</li><li>
|
||||||
|
domain name(s)
|
||||||
|
</li><li>
|
||||||
|
Agreement with registered user agreement.
|
||||||
|
Statement and initials box for organsation
|
||||||
|
and also for OA.
|
||||||
|
</li><li>
|
||||||
|
Date of completion of Assurance.
|
||||||
|
Records should be maintained for 7 years from
|
||||||
|
this date.
|
||||||
|
</li></ol>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The COAP should be in English. Where translations
|
||||||
|
are provided, they should be matched to the English,
|
||||||
|
and indication provided that the English is the
|
||||||
|
ruling language (due to Arbitration requirements).
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h3> <a name="4.3"> 4.3 </a> Jurisdiction </h3>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Organisation Assurances are carried out by
|
||||||
|
CAcert Inc under its Arbitration jurisdiction.
|
||||||
|
Actions carried out by OAs are under this regime.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<ol type="a"><li>
|
||||||
|
The organisation has agreed to the terms of the
|
||||||
|
Registered User Agreement,
|
||||||
|
</li><li>
|
||||||
|
The organisation, the Organisation Assurers, CAcert and
|
||||||
|
other related parties are bound into CAcert's jurisdiction
|
||||||
|
and dispute resolution.
|
||||||
|
</li><li>
|
||||||
|
The OA is responsible for ensuring that the
|
||||||
|
organisation reads, understands, intends and
|
||||||
|
agrees to the registered user agreement.
|
||||||
|
This OA responsibility should be recorded on COAP
|
||||||
|
(statement and initials box).
|
||||||
|
</li></ol>
|
||||||
|
|
||||||
|
<h2> <a name="5"> 5. </a> Exceptions </h2>
|
||||||
|
|
||||||
|
|
||||||
|
<ol type="a"><li>
|
||||||
|
<b> Conflicts of Interest.</b>
|
||||||
|
An OA must not assure an organisation in which
|
||||||
|
there is a close or direct relationship by, e.g.,
|
||||||
|
employment, family, financial interests.
|
||||||
|
Other conflicts of interest must be disclosed.
|
||||||
|
</li><li>
|
||||||
|
<b> Trusted Third Parties.</b>
|
||||||
|
TTPs are not generally approved to be part of
|
||||||
|
organisation assurance,
|
||||||
|
but may be approved by subsidiary policies according
|
||||||
|
to local needs.
|
||||||
|
</li><li>
|
||||||
|
<b>Exceptional Organisations.</b>
|
||||||
|
(e.g., Vatican, International Space Station, United Nations)
|
||||||
|
can be dealt with as a single-organisation
|
||||||
|
SubPol.
|
||||||
|
The OA creates the checks, documents them,
|
||||||
|
and subjects them to to normal policy approval.
|
||||||
|
</li><li>
|
||||||
|
<b>DBA.</b>
|
||||||
|
Alternative names for organisations
|
||||||
|
(DBA, "doing business as")
|
||||||
|
can be added as long as they are proven independently.
|
||||||
|
E.g., registration as DBA or holding of registered trade mark.
|
||||||
|
This means that the anglo law tradition of unregistered DBAs
|
||||||
|
is not accepted without further proof.
|
||||||
|
</li></ol>
|
||||||
|
|
Loading…
Reference in New Issue