"Rename _all_ Policies from .php to .html and fix all links (was: Rename PolicyOnPolicy.php to .html)"
This commit is contained in:
parent
ca85a98ce1
commit
e2de6e8f7e
39 changed files with 11395 additions and 7171 deletions
|
@ -47,7 +47,7 @@ google_color_border = "FFFFFF";
|
|||
<? if(array_key_exists('mconn',$_SESSION) && $_SESSION['mconn']) { ?>
|
||||
<a href="https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=1"><?=_("Join")?></a>
|
||||
<? } ?>
|
||||
<a href="/policy/CAcertCommunityAgreement.php"><?=_("Community Agreement")?></a>
|
||||
<a href="/policy/CAcertCommunityAgreement.html"><?=_("Community Agreement")?></a>
|
||||
<a href="/index.php?id=3"><?=_("Root Certificate")?></a>
|
||||
</div>
|
||||
<? if(array_key_exists('mconn',$_SESSION) && $_SESSION['mconn']) { ?>
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
|
||||
<p><?=sprintf(_("If you want to have free certificates issued to you, %s join the CAcert Community %s."),'<a href="https://www.cacert.org/index.php?id=1">', '</a>')?></p>
|
||||
|
||||
<p><?=sprintf(_("If you want to use certificates issued by CAcert, read the CAcert %s Root Distribution License %s."),'<a href="/policy/RootDistributionLicense.php">',"</a>")?>
|
||||
<p><?=sprintf(_("If you want to use certificates issued by CAcert, read the CAcert %s Root Distribution License %s."),'<a href="/policy/RootDistributionLicense.html">',"</a>")?>
|
||||
<?=sprintf(_("This license applies to using the CAcert %s root keys %s."),'<a href="/index.php?id=3">','</a>')?></p>
|
||||
|
||||
|
||||
|
@ -87,7 +87,7 @@
|
|||
|
||||
<p><?=sprintf(_("Have you passed the CAcert %s Assurer Challenge %s yet?"),'<a href="http://wiki.cacert.org/wiki/AssurerChallenge">','</a>')?></p>
|
||||
|
||||
<p><?=sprintf(_("Have you read the CAcert %sCommunity Agreement%s yet?"),'<a href="/policy/CAcertCommunityAgreement.php">','</a>')?></p>
|
||||
<p><?=sprintf(_("Have you read the CAcert %sCommunity Agreement%s yet?"),'<a href="/policy/CAcertCommunityAgreement.html">','</a>')?></p>
|
||||
|
||||
<p><?=sprintf(_("For general documentation and help, please visit the CAcert %sWiki Documentation site %s."),'<a href="http://wiki.CAcert.org">','</a>')?>
|
||||
<?=sprintf(_("For specific policies, see the CAcert %sApproved Policies page%s."),'<a href="/policy/">',"</a>")?></p>
|
||||
|
|
|
@ -165,7 +165,7 @@
|
|||
<td class="DataTD" colspan="3"><?=_("When you click on next, we will send a confirmation email to the email address you have entered above.")?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" colspan="3"><input type="checkbox" name="cca_agree" value="1" <?=array_key_exists('cca_agree',$_SESSION['signup'])? ($_SESSION['signup']['cca_agree'] == "1" ?"checked=\"checked\"":""):"" ?> ><?=_("I agree to the terms and conditions of the CAcert Community Agreement")?>: <a href="/policy/CAcertCommunityAgreement.php">http://www.cacert.org/policy/CAcertCommunityAgreement.php</a></td>
|
||||
<td class="DataTD" colspan="3"><input type="checkbox" name="cca_agree" value="1" <?=array_key_exists('cca_agree',$_SESSION['signup'])? ($_SESSION['signup']['cca_agree'] == "1" ?"checked=\"checked\"":""):"" ?> ><?=_("I agree to the terms and conditions of the CAcert Community Agreement")?>: <a href="/policy/CAcertCommunityAgreement.html">http://www.cacert.org/policy/CAcertCommunityAgreement.html</a></td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
|
|
|
@ -17,5 +17,5 @@
|
|||
*/
|
||||
|
||||
header('HTTP/1.0 301 Moved Permanently');
|
||||
header('Location: http://www.cacert.org/policy/CertificationPracticeStatement.php');
|
||||
header('Location: http://www.cacert.org/policy/CertificationPracticeStatement.html');
|
||||
exit();
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
*/ ?>
|
||||
|
||||
<p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.php'>","</a>")?></p>
|
||||
<p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.html'>","</a>")?></p>
|
||||
|
||||
<p>
|
||||
Class 1 <?=_("PKI Key")?><br>
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
*/ ?>
|
||||
|
||||
<p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.php'>","</a>")?></p>
|
||||
<p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.html'>","</a>")?></p>
|
||||
|
||||
<h3><?=_("Windows Installer") ?></h3>
|
||||
<ul class="no_indent">
|
||||
|
|
|
@ -82,7 +82,7 @@
|
|||
AssureTextLine("",_("Only tick the next box if the Assurance was face to face."));
|
||||
AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1);
|
||||
AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
|
||||
AssureTextLine(_("Policy"),"<a href=\"/policy/CAcertCommunityAgreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>");
|
||||
AssureTextLine(_("Policy"),"<a href=\"/policy/CAcertCommunityAgreement.html\" target=\"_blank\">"._("CAcert Community Agreement")."</a> - <a href=\"/policy/AssurancePolicy.html\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>");
|
||||
AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")");
|
||||
AssureFoot($id,_("I confirm this Assurance"));
|
||||
?>
|
||||
|
|
|
@ -4,4 +4,4 @@ errordocument 404 /error404.php
|
|||
errordocument 403 /error403.php
|
||||
errordocument 401 /error401.php
|
||||
|
||||
RedirectPermanent /cps.php http://www.cacert.org/policy/CertificationPracticeStatement.php
|
||||
RedirectPermanent /cps.php http://www.cacert.org/policy/CertificationPracticeStatement.html
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
loadem("index");
|
||||
showheader(_("Identity Verification Form (CAP) form"));
|
||||
Version: $Id: cap.html.php,v 1.2 2011/06/10 18:30:41 wytze Exp $
|
||||
Version: $Id: cap.html.php,v 1.3 2015/01/08 15:02:40 wytze Exp $
|
||||
*/
|
||||
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">', "\n";
|
||||
echo '<html>', "\n";
|
||||
|
@ -146,7 +146,7 @@
|
|||
echo '<tbody>', "\n";
|
||||
echo '<tr>', "\n";
|
||||
echo ' <td colspan="3">'._("Make sure you have read and agreed with the CAcert Community Agreement");
|
||||
echo '(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">CCA</a>)<br>', "\n";
|
||||
echo '(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">CCA</a>)<br>', "\n";
|
||||
echo '</td>', " \n", '</tr>', "\n";
|
||||
/*
|
||||
echo '</tbody>', "\n";
|
||||
|
@ -158,7 +158,7 @@
|
|||
echo '</td>', "\n".'</tr>', "\n";
|
||||
echo '<tr>', "\n". ' <td colspan="3"><input type="checkbox" checked name="checked" value="2"> ';
|
||||
echo _("I agree to the CAcert Community Agreement.").' (';
|
||||
echo '<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">CCA</a>)</dd>', "\n";
|
||||
echo '<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">CCA</a>)</dd>', "\n";
|
||||
echo '</td>', "\n".'</tr>', "\n";
|
||||
/*
|
||||
echo '</tbody>', "\n";
|
||||
|
|
|
@ -146,7 +146,7 @@
|
|||
$this->SetFont("Arial", "", "9");
|
||||
if($_SESSION['_config']['language'] == "ja")
|
||||
$this->SetFont('SJIS','',9);
|
||||
$this->MultiCell($this->w - 29, 3, recode($_SESSION['_config']['recode'], _("I agree to the CAcert Community Agreement.")." ( http://www.cacert.org/policy/CAcertCommunityAgreement.php )"));
|
||||
$this->MultiCell($this->w - 29, 3, recode($_SESSION['_config']['recode'], _("I agree to the CAcert Community Agreement.")." ( http://www.cacert.org/policy/CAcertCommunityAgreement.html )"));
|
||||
// new da end
|
||||
$this->SetXY(13, $top + 55); //45->55
|
||||
$this->Write(0, recode($_SESSION['_config']['recode'], _("Applicant's signature")).": __________________________________");
|
||||
|
|
|
@ -17,8 +17,8 @@
|
|||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
*/
|
||||
|
||||
// $Id: capnew.php,v 1.4 2012/01/24 14:26:05 root Exp $
|
||||
define('REV', '$Revision: 1.4 $');
|
||||
// $Id: capnew.php,v 1.5 2015/01/08 15:02:40 wytze Exp $
|
||||
define('REV', '$Revision: 1.5 $');
|
||||
|
||||
/*
|
||||
** Created from old cap.php 2003, which used the now obsoleted ftpdf package
|
||||
|
@ -235,7 +235,7 @@ if( defined( 'TEST' ) ) {
|
|||
//$_GET['orientation'] = 'portrait'; // default 2 pages, or portrait
|
||||
}
|
||||
$_GET['nocca'] = isset($_SERVER['CCA']) ? $_SERVER['CCA'] : '';
|
||||
//$_GET['policy1'] = 'policy/PolicyOnPolicy.php';
|
||||
//$_GET['policy1'] = 'policy/PolicyOnPolicy.html';
|
||||
if( isset($_SERVER['FORM']) AND $_SERVER['FORM'] == 'noform' )
|
||||
$_GET['noform'] = 'true';
|
||||
|
||||
|
@ -310,7 +310,7 @@ define('ARBIT', WIKI.'/ArbitrationForum');
|
|||
// CAcert Community Agreement
|
||||
define('CCA', 'CAcertCommunityAgreement'); // default policy to print
|
||||
define('POLICY','policy/'); // default polciy doc directory
|
||||
define('EXT','.php'); // default polciy doc extention, should be html
|
||||
define('EXT','.html'); // default polciy doc extention, should be html
|
||||
/* finger print CAcert Root Key */ // should obtain this automatically
|
||||
define('CLASS1_SHA1','135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33');
|
||||
define('CLASS3_SHA1','AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCE');
|
||||
|
@ -387,7 +387,7 @@ function utf8_is_ascii_ctrl($str) {
|
|||
// extend TCPF with custom functions
|
||||
class CAPPDF extends TCPDF {
|
||||
|
||||
// do cap form version numbering automatically '$Revision: 1.4 $'
|
||||
// do cap form version numbering automatically '$Revision: 1.5 $'
|
||||
/*public*/ function Version() {
|
||||
strtok(REV, ' ');
|
||||
return(strtok(' '));
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
Version: $Id: coap.html.php,v 1.2 2011/06/10 18:30:41 wytze Exp $
|
||||
Version: $Id: coap.html.php,v 1.3 2015/01/08 15:02:41 wytze Exp $
|
||||
*/
|
||||
?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
|
||||
|
@ -189,7 +189,7 @@ table#TAB1 td { border: 0 }
|
|||
<?php
|
||||
echo _("Make sure you have read and agreed with the CAcert Community Agreement");
|
||||
?>
|
||||
(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">CCA</a>)</i><br></td>
|
||||
(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">CCA</a>)</i><br></td>
|
||||
</tr>
|
||||
<tr><td colspan=2><p></td></tr>
|
||||
<tr>
|
||||
|
@ -210,7 +210,7 @@ table#TAB1 td { border: 0 }
|
|||
<?php
|
||||
echo ' '. _("I agree to the CAcert Community Agreement.").' (';
|
||||
?>
|
||||
<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">CCA</a>)</dd></td>
|
||||
<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">CCA</a>)</dd></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td colspan="2"><input type="checkbox" checked name="checked" value="2">
|
||||
|
|
|
@ -17,8 +17,8 @@
|
|||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
*/
|
||||
|
||||
// $Id: coapnew.php,v 1.4 2012/01/24 14:26:05 root Exp $
|
||||
define('REV', '$Revision: 1.4 $');
|
||||
// $Id: coapnew.php,v 1.5 2015/01/08 15:02:41 wytze Exp $
|
||||
define('REV', '$Revision: 1.5 $');
|
||||
|
||||
/*
|
||||
** Created from old cap.php 2003, which used the now obsoleted ftpdf package
|
||||
|
@ -345,7 +345,7 @@ define('ARBIT', WIKI."/ArbitrationForum");
|
|||
// CAcert Community Agreement
|
||||
define('CCA', "CAcertCommunityAgreement"); // default policy to print
|
||||
define('POLICY','policy/'); // default polciy doc directory
|
||||
define('EXT','.php'); // default polciy doc extention, should be html
|
||||
define('EXT','.html'); // default polciy doc extention, should be html
|
||||
/* finger print CAcert Root Key */ // should obtain this automatically
|
||||
define('CLASS1_SHA1','135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33');
|
||||
define('CLASS3_SHA1','AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCE');
|
||||
|
@ -422,7 +422,7 @@ function utf8_is_ascii_ctrl($str) {
|
|||
// extend TCPF with custom functions
|
||||
class COAPPDF extends TCPDF {
|
||||
|
||||
// do cap form version numbering automatically "$Revision: 1.4 $"
|
||||
// do cap form version numbering automatically "$Revision: 1.5 $"
|
||||
/*public*/ function Version() {
|
||||
strtok(REV, " ");
|
||||
return(strtok(" "));
|
||||
|
|
750
www/policy/AssurancePolicy.html
Normal file
750
www/policy/AssurancePolicy.html
Normal file
|
@ -0,0 +1,750 @@
|
|||
<!DOCTYPE html>
|
||||
<html><head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||
<title>Assurance Policy</title>
|
||||
|
||||
<!--meta name="CREATED" content="20080530;0" -->
|
||||
<!--meta name="CHANGEDBY" content="Teus Hagen" -->
|
||||
<!--meta name="CHANGED" content="20080709;12381800" -->
|
||||
<!--meta name="CREATEDBY" content="Ian Grigg" -->
|
||||
<!--meta name="CHANGEDBY" content="Teus Hagen" -->
|
||||
<!--meta name="CHANGEDBY" content="Robert Cruikshank" -->
|
||||
<!--meta name="CHANGEDBY" content="Teus Hagen" -->
|
||||
<style type="text/css">
|
||||
|
||||
P { color: #000000 }
|
||||
TD P { color: #000000 }
|
||||
H1 { color: #000000 }
|
||||
H2 { color: #000000 }
|
||||
DT { color: #000000; font-style: italic; }
|
||||
DD { color: #000000 }
|
||||
H3 { color: #000000 }
|
||||
TH P { color: #000000 }
|
||||
.r{ text-align: right; }
|
||||
.l{ text-align: left; }
|
||||
.c{ text-align : center; }
|
||||
.vTop{ vertical-align: top; }
|
||||
.size075{font-size: .75em;}
|
||||
.size1{font-size: 1.1em;}
|
||||
.size2{font-size: 1.5em;}
|
||||
.size3{font-size: 2em;}
|
||||
.parentC {margin-left:auto; margin-right:auto;}
|
||||
.padding5 td{padding: 5px;}
|
||||
.padding2 td{padding: 2px;}
|
||||
.margin0 {margin: 0px;}
|
||||
|
||||
</style></head>
|
||||
<body style="direction: ltr; color: rgb(0, 0, 0);" lang="en-GB">
|
||||
|
||||
<div class="comment">
|
||||
<table style="width: 100%;">
|
||||
|
||||
<tr>
|
||||
<td>
|
||||
Name: AP <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD13</a><br>
|
||||
Status: POLICY <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20090105.2">p20090105.2</a><br>
|
||||
Editor: <a style="color: steelblue" href="https://wiki.cacert.org/TeusHagen">Teus Hagen</a><br>
|
||||
Creation date: 2008-05-30<br>
|
||||
Last change by: Iang<br>
|
||||
Last change date: 2009-01-08<br>
|
||||
Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br>
|
||||
|
||||
</td>
|
||||
<td class="r vTop">
|
||||
<a href="https://www.cacert.org/policy/PolicyOnPolicy.html"><img src="images/cacert-policy.png" alt="AP Status - POLICY" height="31" width="88" style="border-style: none;"></a>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
|
||||
<h1>Assurance Policy for CAcert Community Members</h1>
|
||||
|
||||
<h2 id="s0">0. Preamble</h2>
|
||||
<h3 id="s0.1">0.1. Definition of Terms</h3>
|
||||
<dl>
|
||||
<dt>Member</dt>
|
||||
<dd> A Member is an individual who has agreed to the CAcert
|
||||
Community Agreement
|
||||
(<a href="https://www.cacert.org/policy/CAcertCommunityAgreement.html" target="_blank">CCA</a>)
|
||||
and has created successfully
|
||||
a CAcert login account on the CAcert web site. </dd>
|
||||
<dt>Assurance</dt>
|
||||
<dd> Assurance is the process by which a Member of CAcert
|
||||
Community (Assurer) identifies an individual (<span lang="en-US">Assuree</span>).
|
||||
</dd>
|
||||
<dt>Prospective Member</dt>
|
||||
<dd> An individual who participates in the process of Assurance,
|
||||
but has not yet created a CAcert login account. </dd>
|
||||
<dt>Name</dt>
|
||||
<dd> A Name is the full name of an individual.
|
||||
</dd>
|
||||
<dt>Secondary Distinguishing Feature</dt>
|
||||
<dd> An additional personal data item of the Member
|
||||
that assists discrimination from Members with similar full names.
|
||||
(Currently this is the Date of Birth (DoB).)
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<h3 id="s0.2">0.2. The CAcert Web of Trust</h3>
|
||||
<p>
|
||||
In face-to-face meetings,
|
||||
an Assurer allocates a number of Assurance Points
|
||||
to the Member being Assured.
|
||||
CAcert combines the Assurance Points
|
||||
into a global <i>Web-of-Trust</i> (or "WoT").
|
||||
</p>
|
||||
<p>
|
||||
CAcert explicitly chooses to meet its various goals by
|
||||
construction of a Web-of-Trust of all Members.
|
||||
</p>
|
||||
|
||||
<h3 id="s0.3">0.3. Related Documentation</h3>
|
||||
<p>
|
||||
Documentation on Assurance is split between this
|
||||
Assurance Policy (AP) and the
|
||||
<a href="https://wiki.cacert.org/AssuranceHandbook2" target="_blank">Assurance
|
||||
Handbook</a>. The policy is controlled by Configuration Control
|
||||
Specification
|
||||
(<a href="https://svn.cacert.org/CAcert/Policies/ConfigurationControlSpecification.html" target="_blank">CCS</a>)
|
||||
under Policy on Policy
|
||||
(<a href="https://www.cacert.org/policy/PolicyOnPolicy.html" target="_blank">PoP</a>)
|
||||
policy document regime. Because Assurance is an active area, much
|
||||
of the practice is handed over to the Assurance Handbook, which is
|
||||
not a controlled policy document, and can more easily respond to
|
||||
experience and circumstances. It is also more readable.
|
||||
</p>
|
||||
<p>
|
||||
See also Organisation Assurance Policy (<a href="https://www.cacert.org/policy/OrganisationAssurancePolicy.html" target="_blank">OAP</a>)
|
||||
and CAcert Policy Statement (<a href="https://www.cacert.org/policy/CertificationPracticeStatement.html" target="_blank">CPS</a>).
|
||||
</p>
|
||||
|
||||
<h2 id="s1">1. Assurance Purpose</h2>
|
||||
<p>The purpose of Assurance is to add confidence
|
||||
in the Assurance Statement made by the CAcert Community of a Member. </p>
|
||||
<p>With sufficient assurances, a Member may: (a) issue certificates
|
||||
with their assured Name included, (b) participate in assuring others,
|
||||
and (c) other related activities. The strength of these activities is
|
||||
based on the strength of the assurance. </p>
|
||||
|
||||
<h3 id="s1.1">1.1. The Assurance Statement</h3>
|
||||
<p>
|
||||
The Assurance Statement makes the following claims
|
||||
about a person:
|
||||
</p>
|
||||
<ol>
|
||||
<li>
|
||||
<p>The person is a bona fide Member. In other words, the
|
||||
person is a member of the CAcert Community as defined by the CAcert
|
||||
Community Agreement (<a href="https://www.cacert.org/policy/CAcertCommunityAgreement.html" target="_blank">CCA</a>); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>The Member has a (login) account with CAcert's on-line
|
||||
registration and service system; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>The Member can be determined from any CAcert certificate
|
||||
issued by the Account; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>The Member is bound into CAcert's Arbitration as defined
|
||||
by the CAcert Community Agreement; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Some personal details of the Member are known to CAcert:
|
||||
the individual Name(s), primary and other listed individual email
|
||||
address(es), secondary distinguishing feature (e.g. DoB). </p>
|
||||
</li>
|
||||
</ol>
|
||||
<p>The confidence level of the Assurance Statement is expressed by
|
||||
the Assurance Points. </p>
|
||||
<h3 id="s1.2">1.2. Relying Party Statement</h3>
|
||||
<p>The primary goal of the Assurance Statement is for the express
|
||||
purpose of certificates to meet the needs of the <em>Relying Party
|
||||
Statement</em>, which latter is found in the Certification Practice
|
||||
Statement (<a href="https://www.cacert.org/policy/CertificationPracticeStatement.html" target="_blank">CPS</a>).
|
||||
</p>
|
||||
<p>When a certificate is issued, some of the Assurance Statement may
|
||||
be incorporated, e.g. Name. Other parts may be implied, e.g.
|
||||
Membership, exact account and status. They all are part of the
|
||||
<em>Relying Party Statement</em>. In short, this means that other
|
||||
Members of the Community may rely on the information verified by
|
||||
Assurance and found in the certificate.</p>
|
||||
<p>In particular, certificates are sometimes considered to provide
|
||||
reliable indications of e.g. the Member's Name and email address. The
|
||||
nature of Assurance, the number of Assurance Points, and other
|
||||
policies and processes should be understood as limitations on any
|
||||
reliance. </p>
|
||||
<h2 id="s2">2. The Member</h2>
|
||||
<h3 id="s2.1">2.1. The Member's Name </h3>
|
||||
<p>
|
||||
At least one individual Name is recorded in the Member's
|
||||
CAcert login account. The general standard of a Name is:
|
||||
</p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>
|
||||
The Name should be recorded as written in a
|
||||
government-issued photo identity document (ID).
|
||||
</p>
|
||||
</li>
|
||||
<li>
|
||||
<p>
|
||||
The Name should be recorded as completely as possible.
|
||||
That is, including all middle names, any titles and extensions,
|
||||
without abbreviations, and without transliteration of characters.
|
||||
</p>
|
||||
</li>
|
||||
<li>
|
||||
<p>The Name is recorded as a string of characters,
|
||||
encoded in unicode
|
||||
transformation format.</p>
|
||||
</li>
|
||||
</ul>
|
||||
<h3 id="s2.2">2.2. Multiple Names and variations</h3>
|
||||
<p>
|
||||
In order to handle the contradictions in the above general standard,
|
||||
a Member may record multiple Names or multiple variations of a Name
|
||||
in her CAcert online Account.
|
||||
Examples of variations include married names,
|
||||
variations of initials of first or middle names,
|
||||
abbreviations of a first name,
|
||||
different language or country variations,
|
||||
and transliterations of characters in a name.
|
||||
</p>
|
||||
|
||||
<h3 id="s2.3">2.3. Status and Capabilities</h3>
|
||||
<p>
|
||||
A Name which has reached
|
||||
the level of 50 Assurance Points is defined as an Assured
|
||||
Name. An Assured Name can be used in a certificate issued by CAcert.
|
||||
A Member with at least one Assured Name has reached the Assured
|
||||
Member status.
|
||||
Additional capabilities are described in Table 1.
|
||||
</p>
|
||||
|
||||
<blockquote>
|
||||
<p class="l size075"><em>Table 1:
|
||||
Assurance Capability</em></p>
|
||||
<table class="padding5 margin0" border="1">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="width: 10%;">
|
||||
<p class="l"><em>Minimum Assurance Points</em></p>
|
||||
</td>
|
||||
<td style="width: 15%;">
|
||||
<p class="l"><em>Capability</em></p>
|
||||
</td>
|
||||
<td style="width: 15%;">
|
||||
<p class="l"><em>Status</em></p>
|
||||
</td>
|
||||
<td style="width: 60%;">
|
||||
<p class="l"><em>Comment</em></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="vTop">
|
||||
<td>
|
||||
<p class="c">0</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="l">Request Assurance</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="l">Prospective Member</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="l">Individual taking part of an
|
||||
Assurance, who does not have created a CAcert login account (yet). The
|
||||
allocation of Assurance Points is awaiting login account creation.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="vTop">
|
||||
<td>
|
||||
<p class="c">0</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="l">Request unnamed certificates</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="l">Member</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="l">Although the Member's details are
|
||||
recorded in the account, they are not highly assured.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="vTop">
|
||||
<td>
|
||||
<p class="c">50</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="l">Request named certificates</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="l">Assured Member</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="l">Statements of Assurance: the Name is
|
||||
assured to 50 Assurance Points or more</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="vTop">
|
||||
<td>
|
||||
<p class="c">100</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="l">Become an Assurer</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="l">Prospective Assurer</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="l">Assured to 100 Assurance Points (or
|
||||
more) on at least one Name, and passing the Assurer Challenge.</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</blockquote>
|
||||
|
||||
|
||||
<p>
|
||||
A Member may check the status of another Member, especially
|
||||
for an assurance process.
|
||||
Status may be implied from information in a certificate.
|
||||
The number of Assurance Points for each Member is not published.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The CAcert Policy Statement
|
||||
(<a href="https://www.cacert.org/policy/CertificationPracticeStatement.html" target="_blank">CPS</a>)
|
||||
and other policies may list other capabilities that rely on Assurance
|
||||
Points.
|
||||
</p>
|
||||
|
||||
<h2 id="s3">3. The Assurer</h2>
|
||||
<p>An Assurer is a Member with the following: </p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>Is assured to a minimum of 100 Assurance Points; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Has passed the CAcert Assurer Challenge. </p>
|
||||
</li>
|
||||
</ul>
|
||||
<p>The Assurer Challenge is administered by the Education Team on
|
||||
behalf of the Assurance Officer. </p>
|
||||
<h3 id="s3.1">3.1. The Obligations of the Assurer</h3>
|
||||
<p>The Assurer is obliged to: </p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>Follow this Assurance Policy; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Follow any additional rules of detail laid out by the
|
||||
CAcert Assurance Officer; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Be guided by the CAcert <a href="https://wiki.cacert.org/AssuranceHandbook2" target="_blank">Assurance Handbook</a> in their
|
||||
judgement; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Make a good faith effort at identifying and verifying
|
||||
Members; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Maintain the documentation on each Assurance; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Deliver documentation to Arbitration, or as otherwise
|
||||
directed by the Arbitrator; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Keep up-to-date with developments within the CAcert
|
||||
Community. </p>
|
||||
</li>
|
||||
</ul>
|
||||
<h2 id="s4">4. The Assurance</h2>
|
||||
<h3 id="s4.1">4.1. The Assurance Process</h3>
|
||||
<p>The Assurer conducts the process of Assurance with each
|
||||
Member. </p>
|
||||
<p>The process consists of: </p>
|
||||
<ol>
|
||||
<li>
|
||||
<p>Voluntary agreement by both Assurer and Member or
|
||||
Prospective Member to conduct the Assurance; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Personal meeting of Assurer and Member or Prospective
|
||||
Member; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Recording of essential details on CAcert Assurance
|
||||
Programme form; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Examination of Identity documents by Assurer and
|
||||
verification of recorded details (the Name(s) and Secondary
|
||||
Distinguishing Feature, e.g., DoB); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Allocation of Assurance Points by Assurer; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Optional: supervision of reciprocal Assurance made by
|
||||
Assuree (Mutual Assurance); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Safekeeping of the CAcert Assurance Programme (<a href="https://www.cacert.org/cap.php" target="_blank">CAP</a>)
|
||||
forms by Assurer. </p>
|
||||
</li>
|
||||
</ol>
|
||||
<h3 id="s4.2">4.2. Mutual Assurance</h3>
|
||||
<p>Mutual Assurance follows the principle of reciprocity. This
|
||||
means
|
||||
that the Assurance may be two-way, and that each member participating
|
||||
in the Assurance procedure should be able to show evidence of their
|
||||
identity to the other. </p>
|
||||
<p>In the event that an Assurer is assured by a Member who is not
|
||||
certified as an Assurer, the Assurer supervises the Assurance
|
||||
procedure and process, and is responsible for the results. </p>
|
||||
<p>Reciprocity maintains a balance between the (new) member and
|
||||
the
|
||||
Assurer, and reduces any sense of power. It is also an important aid
|
||||
to the assurance training for future Assurers. </p>
|
||||
|
||||
<h3 id="s4.3">4.3. Assurance Points</h3>
|
||||
<p>The Assurance applies Assurance Points to each Member which
|
||||
measure the increase of confidence in the Statement (above).
|
||||
Assurance Points should not be interpreted for any other purpose.
|
||||
Note that, even though they are sometimes referred to as <em>Web-of-Trust</em>
|
||||
(Assurance) Points, or <em>Trust</em> Points, the meaning
|
||||
of the word
|
||||
'Trust' is not well defined. </p>
|
||||
<p><em>Assurance Points Allocation</em><br>
|
||||
An Assurer can allocate a
|
||||
number of Assurance Points to the Member according to the Assurer's
|
||||
experience (Experience Point system, see below). The allocation of
|
||||
the maximum means that the Assurer is 100% confident in the
|
||||
information presented: </p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>Detail on form, system, documents, person in accordance; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Sufficient quality identity documents have been checked; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Assurer's familiarity with identity documents; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>The Assurance Statement is confirmed. </p>
|
||||
</li>
|
||||
</ul>
|
||||
<p>
|
||||
Any lesser confidence should result in less Assurance Points for a
|
||||
Name. If the Assurer has no confidence in the information presented,
|
||||
then <em>zero</em> Assurance Points may be allocated by the Assurer.
|
||||
For example, this may happen if the identity documents are totally
|
||||
unfamiliar to the Assurer. The number of Assurance Points from <em>zero</em>
|
||||
to <em>maximum</em> is guided by the Assurance Handbook
|
||||
and the judgement of the Assurer.
|
||||
If there is negative confidence the Assurer should consider
|
||||
filing a dispute.
|
||||
</p>
|
||||
<p>Multiple Names should be allocated Assurance Points
|
||||
independently within a single Assurance. </p>
|
||||
<p>
|
||||
A Member who is not an Assurer may award an Assurer in a
|
||||
reciprocal process a maximum of 2 Assurance Points, according to
|
||||
her judgement. The Assurer should strive to have the Member allocate
|
||||
according to the Member's judgement, and stay on the cautious side;
|
||||
the Member new to the assurance process
|
||||
should allocate <em>zero</em> Assurance Points
|
||||
until she gains some confidence in what is happening.
|
||||
</p>
|
||||
<p>
|
||||
In general, for a Member to reach 50 Assurance Points, the Member must
|
||||
have participated in at least two assurances, and
|
||||
at least one Name will have been assured to that level.
|
||||
</p>
|
||||
<p>
|
||||
To reach 100 Assurance
|
||||
Points, at least one Name of the Assured Member must have been
|
||||
assured at least three times.
|
||||
</p>
|
||||
<p>
|
||||
The maximum number of Assurance
|
||||
Points which can be allocated for an Assurance under this policy
|
||||
and under any act under any
|
||||
Subsidiary Policy (below) is 50 Assurance Points.
|
||||
</p>
|
||||
|
||||
<h3 id="s4.4">4.4. Experience Points</h3>
|
||||
<p>The maximum number of Assurance Points that may be awarded by
|
||||
an
|
||||
Assurer is determined by the Experience Points of the Assurer. </p>
|
||||
<blockquote>
|
||||
<p class="l size075" ><em>Table 2:
|
||||
Maximum of Assurance Points </em>
|
||||
</p>
|
||||
<table class="padding margin0" border="1" style="width: 15%;">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>
|
||||
<p><em>Assurer's Experience Points</em></p>
|
||||
</td>
|
||||
<td>
|
||||
<p><em>Allocatable Assurance Points</em></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<p class="c">0</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="c">10</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<p class="c">10</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="c">15</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<p class="c">20</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="c">20</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<p class="c">30</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="c">25</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<p class="c">40</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="c">30</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<p class="c">>=50</p>
|
||||
</td>
|
||||
<td>
|
||||
<p class="c">35</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</blockquote>
|
||||
<p>An Assurer is given a maximum of 2 Experience Points for every
|
||||
completed Assurance. On reaching Assurer status, the Experience
|
||||
Points start at 0 (zero). </p>
|
||||
<p>Less Experience Points (1) may be given for mass Assurance
|
||||
events,
|
||||
where each Assurance is quicker. </p>
|
||||
<p>Additional Experience Points may be granted temporarily or
|
||||
permanently to an Assurer by CAcert Inc.'s Committee (board), on
|
||||
recommendation from the Assurance Officer. </p>
|
||||
<p>Experience Points are not to be confused with Assurance
|
||||
Points. </p>
|
||||
<h3 id="s4.5">4.5. CAcert Assurance Programme (CAP) form</h3>
|
||||
<p>The CAcert Assurance Programme (<a href="https://www.cacert.org/cap.php" target="_blank">CAP</a>)
|
||||
form requests the following details of each Member or Prospective
|
||||
Member: </p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>Name(s), as recorded in the on-line account; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Primary email address, as recorded in the on-line account;
|
||||
</p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Secondary Distinguishing Feature, as recorded in the
|
||||
on-line account (normally, date of birth); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Statement of agreement with the CAcert Community
|
||||
Agreement; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Permission to the Assurer to conduct the Assurance
|
||||
(required for privacy reasons); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Date and signature of the Assuree. </p>
|
||||
</li>
|
||||
</ul>
|
||||
<p>The CAP form requests the following details of the Assurer: </p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>At least one Name as recorded in the on-line account of
|
||||
the Assurer; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Assurance Points for each Name in the identity
|
||||
document(s); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Statement of Assurance; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Optional: If the Assurance is reciprocal, then the
|
||||
Assurer's email address and Secondary Distinguishing Feature are
|
||||
required as well; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Date, location of Assurance and signature of Assurer. </p>
|
||||
</li>
|
||||
</ul>
|
||||
<p>The CAP forms are to be kept at least for 7 years by the
|
||||
Assurer. </p>
|
||||
<h2 id="s5">5. The Assurance Officer</h2>
|
||||
<p>The Committee (board) of CAcert Inc. appoints an Assurance
|
||||
Officer
|
||||
with the following responsibilities: </p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>Reporting to the Committee and advising on all matters to
|
||||
do with Assurance; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Training and testing of Assurers, in association with the
|
||||
Education Team; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Updating this Assurance Policy, under the process
|
||||
established by Policy on Policy (<a href="https://www.cacert.org/policy/PolicyOnPolicy.html" target="_blank">PoP</a>); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Management of all Subsidiary Policies (see below) for
|
||||
Assurances, under Policy on Policy; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Managing and creating rules of detail or procedure where
|
||||
inappropriate for policies; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Incorporating rulings from Arbitration into policies,
|
||||
procedures or guidelines; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Assisting the Arbitrator in any requests; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Managing the Assurer Handbook; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Maintaining a sufficient strength in the Assurance process
|
||||
(web-of-trust) to meet the agreed needs of the Community. </p>
|
||||
</li>
|
||||
</ul>
|
||||
<h2 id="s6">6. Subsidiary Policies</h2>
|
||||
<p>The Assurance Officer manages various exceptions and additional
|
||||
processes. Each must be covered by an approved Subsidiary Policy
|
||||
(refer to <a href="https://www.cacert.org/policy/PolicyOnPolicy.html" target="_blank">Policy on Policy</a> => CAcert Official Document COD1).
|
||||
Subsidiary Policies specify any additional tests of knowledge
|
||||
required and variations to process and documentation, within the
|
||||
general standard stated here. </p>
|
||||
<h3 id="s6.1">6.1. Standard</h3>
|
||||
<p>Each Subsidiary Policy must augment and improve the general
|
||||
standards in this Assurance Policy. It is the responsibility of each
|
||||
Subsidiary Policy to describe how it maintains and improves the
|
||||
specific and overall goals. It must describe exceptions and potential
|
||||
areas of risk. </p>
|
||||
|
||||
<h3 id="s6.2">6.2. High Risk Applications</h3>
|
||||
<p>In addition to the Assurance or Experience Points ratings set
|
||||
here and in other subsidiary policies, the Assurance Officer or policies can
|
||||
designate certain applications as high risk. If so, additional
|
||||
measures may be added to the Assurance process that specifically
|
||||
address the risks.</p>
|
||||
<p>Additional measures may include:
|
||||
</p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>Additional information can be required in process of assurance: </p>
|
||||
<ul>
|
||||
<li>unique numbers of identity documents,</li>
|
||||
<li>photocopy of identity documents,</li>
|
||||
<li>photo of User,</li>
|
||||
<li>address of User.</li>
|
||||
</ul>
|
||||
<p>Additional Information is to be kept by Assurer, attached to
|
||||
CAcert Assurance Programme (<a href="https://www.cacert.org/cap.php" target="_blank">CAP</a>)
|
||||
form. Assurance Points allocation by this assurance is unchanged.
|
||||
User's CAcert login account should be annotated to record type of
|
||||
additional information;</p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Arbitration: </p>
|
||||
<ul>
|
||||
<li> Member to participate in Arbitration. This confirms
|
||||
their acceptance of the forum as well as trains in the process and
|
||||
import,
|
||||
</li>
|
||||
<li> Member to file Arbitration to present case. This
|
||||
allows Arbitrator as final authority;
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<p>Additional training; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Member to be Assurer (at least 100 Assurance Points and
|
||||
passed Assurer Challenge); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Member agrees to additional specific agreement(s); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Additional checking/auditing of systems data by CAcert
|
||||
support administrators. </p>
|
||||
</li>
|
||||
</ul>
|
||||
<p>Applications that might attract additional measures include
|
||||
code-signing certificates and administration roles. </p>
|
||||
<h2 id="s7">7. Privacy</h2>
|
||||
<p>CAcert is a "privacy" organisation, and takes the
|
||||
privacy of its Members seriously. The process maintains the security
|
||||
and privacy of both parties. </p>
|
||||
<p>Information is collected primarily to make claims within the
|
||||
certificates requested by users and to contact the Members. It is
|
||||
used secondarily for training, testing, administration and other
|
||||
internal purposes. </p>
|
||||
<p>The Member's information can be accessed under these
|
||||
circumstances: </p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>Under Arbitrator ruling, in a duly filed dispute (<a href="https://www.cacert.org/policy/DisputeResolutionPolicy.html" target="_blank">Dispute Resolution Policy</a>
|
||||
=> COD7); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>An Assurer in the process of an Assurance, as permitted on
|
||||
the CAcert Assurance Programme (<a href="https://www.cacert.org/cap.php" target="_blank">CAP</a>)
|
||||
form; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>CAcert support administration and CAcert systems
|
||||
administration when operating under the authority of Arbitrator or
|
||||
under CAcert policy. </p>
|
||||
</li>
|
||||
</ul>
|
||||
<p><a href="http://validator.w3.org/check?uri=referer"><img src="images/valid-html50-blue.png" alt="Valid HTML 5" height="31" width="88"></a></p>
|
||||
</body></html>
|
||||
|
|
@ -1,723 +1,4 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
||||
<html><head>
|
||||
<title>Assurance Policy</title>
|
||||
|
||||
<meta name="CREATED" content="20080530;0">
|
||||
<meta name="CHANGEDBY" content="Teus Hagen">
|
||||
<meta name="CHANGED" content="20080709;12381800">
|
||||
<meta name="CREATEDBY" content="Ian Grigg">
|
||||
<meta name="CHANGEDBY" content="Teus Hagen">
|
||||
<meta name="CHANGEDBY" content="Robert Cruikshank">
|
||||
<meta name="CHANGEDBY" content="Teus Hagen">
|
||||
<style type="text/css">
|
||||
<!--
|
||||
P { color: #000000 }
|
||||
TD P { color: #000000 }
|
||||
H1 { color: #000000 }
|
||||
H2 { color: #000000 }
|
||||
DT { color: #000000 }
|
||||
DD { color: #000000 }
|
||||
H3 { color: #000000 }
|
||||
TH P { color: #000000 }
|
||||
-->
|
||||
</style></head>
|
||||
<body style="direction: ltr; color: rgb(0, 0, 0);" lang="en-GB">
|
||||
<h1>Assurance Policy for CAcert Community Members</h1>
|
||||
<p><a href="PolicyOnPolicy.php"><img src="/images/cacert-policy.png" id="graphics1" alt="CAcert Policy Status == POLICY" align="bottom" border="0" height="33" width="90"></a>
|
||||
<br>
|
||||
Editor: Teus Hagen<br>
|
||||
Creation date: 2008-05-30<br>
|
||||
Last change by: Iang<br>
|
||||
Last change date: 2009-01-08<br>
|
||||
Status: POLICY p20090105.2
|
||||
</p>
|
||||
|
||||
<h2><a name="0">0.</a> Preamble</h2>
|
||||
<h3><a name="0.1">0.1.</a> Definition of Terms</h3>
|
||||
<dl>
|
||||
<dt><i>Member</i> </dt>
|
||||
<dd> A Member is an individual who has agreed to the CAcert
|
||||
Community Agreement
|
||||
(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php" target="_blank">CCA</a>)
|
||||
and has created successfully
|
||||
a CAcert login account on the CAcert web site. </dd>
|
||||
<dt> <i>Assurance</i> </dt>
|
||||
<dd> Assurance is the process by which a Member of CAcert
|
||||
Community (Assurer) identifies an individual (<span lang="en-US">Assuree</span>).
|
||||
</dd>
|
||||
<dt> <i>Prospective Member</i> </dt>
|
||||
<dd> An individual who participates in the process of Assurance,
|
||||
but has not yet created a CAcert login account. </dd>
|
||||
<dt> <i>Name</i> </dt>
|
||||
<dd> A Name is the full name of an individual.
|
||||
</dd>
|
||||
<dt> <i>Secondary Distinguishing Feature</i>
|
||||
</dt>
|
||||
<dd> An additional personal data item of the Member
|
||||
that assists discrimination from Members with similar full names.
|
||||
(Currently this is the Date of Birth (DoB).)
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<h3><a name="0.2">0.2.</a> The CAcert Web of Trust</h3>
|
||||
<p>
|
||||
In face-to-face meetings,
|
||||
an Assurer allocates a number of Assurance Points
|
||||
to the Member being Assured.
|
||||
CAcert combines the Assurance Points
|
||||
into a global <i>Web-of-Trust</i> (or "WoT").
|
||||
</p>
|
||||
<p>
|
||||
CAcert explicitly chooses to meet its various goals by
|
||||
construction of a Web-of-Trust of all Members.
|
||||
</p>
|
||||
|
||||
<h3><a name="0.3">0.3.</a> Related Documentation</h3>
|
||||
<p>
|
||||
Documentation on Assurance is split between this
|
||||
Assurance Policy (AP) and the
|
||||
<a href="http://wiki.cacert.org/wiki/AssuranceHandbook2" target="_blank">Assurance
|
||||
Handbook</a>. The policy is controlled by Configuration Control
|
||||
Specification
|
||||
(<a href="http://wiki.cacert.org/wiki/PolicyDrafts/ConfigurationControlSpecification" target="_blank">CCS</a>)
|
||||
under Policy on Policy
|
||||
(<a href="http://www.cacert.org/policy/PolicyOnPolicy.php" target="_blank">PoP</a>)
|
||||
policy document regime. Because Assurance is an active area, much
|
||||
of the practice is handed over to the Assurance Handbook, which is
|
||||
not a controlled policy document, and can more easily respond to
|
||||
experience and circumstances. It is also more readable.
|
||||
</p>
|
||||
<p>
|
||||
See also Organisation Assurance Policy (<a href="http://www.cacert.org/policy/OrganisationAssurancePolicy.php" target="_blank">OAP</a>)
|
||||
and CAcert Policy Statement (<a href="http://www.cacert.org/policy/CertificationPracticeStatement.php" target="_blank">CPS</a>).
|
||||
</p>
|
||||
|
||||
<h2><a name="1">1.</a> Assurance Purpose</h2>
|
||||
<p>The purpose of Assurance is to add confidence
|
||||
in the Assurance Statement made by the CAcert Community of a Member. </p>
|
||||
<p>With sufficient assurances, a Member may: (a) issue certificates
|
||||
with their assured Name included, (b) participate in assuring others,
|
||||
and (c) other related activities. The strength of these activities is
|
||||
based on the strength of the assurance. </p>
|
||||
|
||||
<h3><a name="1.1">1.1.</a>The Assurance Statement</h3>
|
||||
<p>
|
||||
The Assurance Statement makes the following claims
|
||||
about a person:
|
||||
</p>
|
||||
<ol>
|
||||
<li>
|
||||
<p>The person is a bona fide Member. In other words, the
|
||||
person is a member of the CAcert Community as defined by the CAcert
|
||||
Community Agreement (<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php" target="_blank">CCA</a>); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>The Member has a (login) account with CAcert's on-line
|
||||
registration and service system; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>The Member can be determined from any CAcert certificate
|
||||
issued by the Account; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>The Member is bound into CAcert's Arbitration as defined
|
||||
by the CAcert Community Agreement; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Some personal details of the Member are known to CAcert:
|
||||
the individual Name(s), primary and other listed individual email
|
||||
address(es), secondary distinguishing feature (e.g. DoB). </p>
|
||||
</li>
|
||||
</ol>
|
||||
<p>The confidence level of the Assurance Statement is expressed by
|
||||
the Assurance Points. </p>
|
||||
<h3><a name="1.2">1.2.</a>Relying Party Statement</h3>
|
||||
<p>The primary goal of the Assurance Statement is for the express
|
||||
purpose of certificates to meet the needs of the <i>Relying Party
|
||||
Statement</i>, which latter is found in the Certification Practice
|
||||
Statement (<a href="http://www.cacert.org/policy/CertificationPracticeStatement.php" target="_blank">CPS</a>).
|
||||
</p>
|
||||
<p>When a certificate is issued, some of the Assurance Statement may
|
||||
be incorporated, e.g. Name. Other parts may be implied, e.g.
|
||||
Membership, exact account and status. They all are part of the
|
||||
<i>Relying Party Statement</i>. In short, this means that other
|
||||
Members of the Community may rely on the information verified by
|
||||
Assurance and found in the certificate.</p>
|
||||
<p>In particular, certificates are sometimes considered to provide
|
||||
reliable indications of e.g. the Member's Name and email address. The
|
||||
nature of Assurance, the number of Assurance Points, and other
|
||||
policies and processes should be understood as limitations on any
|
||||
reliance. </p>
|
||||
<h2><a name="2">2.</a> The Member</h2>
|
||||
<h3><a name="2.1">2.1.</a> The Member's Name </h3>
|
||||
<p>
|
||||
At least one individual Name is recorded in the Member's
|
||||
CAcert login account. The general standard of a Name is:
|
||||
</p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>
|
||||
The Name should be recorded as written in a
|
||||
government-issued photo identity document (ID).
|
||||
</p>
|
||||
</li>
|
||||
<li>
|
||||
<p>
|
||||
The Name should be recorded as completely as possible.
|
||||
That is, including all middle names, any titles and extensions,
|
||||
without abbreviations, and without transliteration of characters.
|
||||
</p>
|
||||
</li>
|
||||
<li>
|
||||
<p>The Name is recorded as a string of characters,
|
||||
encoded in <span lang="en-US">unicode</span>
|
||||
transformation format.</p>
|
||||
</li>
|
||||
</ul>
|
||||
<h3><a name="2.2">2.2.</a> Multiple Names and variations</h3>
|
||||
<p>
|
||||
In order to handle the contradictions in the above general standard,
|
||||
a Member may record multiple Names or multiple variations of a Name
|
||||
in her CAcert online Account.
|
||||
Examples of variations include married names,
|
||||
variations of initials of first or middle names,
|
||||
abbreviations of a first name,
|
||||
different language or country variations,
|
||||
and transliterations of characters in a name.
|
||||
</p>
|
||||
|
||||
<h3><a name="2.3">2.3.</a> Status and Capabilities</h3>
|
||||
<p>
|
||||
A Name which has reached
|
||||
the level of 50 Assurance Points is defined as an Assured
|
||||
Name. An Assured Name can be used in a certificate issued by CAcert.
|
||||
A Member with at least one Assured Name has reached the Assured
|
||||
Member status.
|
||||
Additional capabilities are described in Table 1.
|
||||
</p>
|
||||
|
||||
<blockquote>
|
||||
<p align="left"><font size="2"><i>Table 1:
|
||||
Assurance Capability</i></font></p>
|
||||
<table border="1" cellpadding="5" cellspacing="0">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td width="10%">
|
||||
<p align="left"><i>Minimum Assurance Points</i></p>
|
||||
</td>
|
||||
<td width="15%">
|
||||
<p align="left"><i>Capability</i></p>
|
||||
</td>
|
||||
<td width="15%">
|
||||
<p align="left"><i>Status</i></p>
|
||||
</td>
|
||||
<td width="60%">
|
||||
<p align="left"><i>Comment</i></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr valign="top">
|
||||
<td>
|
||||
<p align="center">0</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="left">Request Assurance</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="left">Prospective Member</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="left">Individual taking part of an
|
||||
Assurance, who does not have created a CAcert login account (yet). The
|
||||
allocation of Assurance Points is awaiting login account creation.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr valign="top">
|
||||
<td>
|
||||
<p align="center">0</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="left">Request unnamed certificates</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="left">Member</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="left">Although the Member's details are
|
||||
recorded in the account, they are not highly assured.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr valign="top">
|
||||
<td>
|
||||
<p align="center">50</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="left">Request named certificates</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="left">Assured Member</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="left">Statements of Assurance: the Name is
|
||||
assured to 50 Assurance Points or more</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr valign="top">
|
||||
<td>
|
||||
<p align="center">100</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="left">Become an Assurer</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="left">Prospective Assurer</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="left">Assured to 100 Assurance Points (or
|
||||
more) on at least one Name, and passing the Assurer Challenge.</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</blockquote>
|
||||
|
||||
|
||||
<p>
|
||||
A Member may check the status of another Member, especially
|
||||
for an assurance process.
|
||||
Status may be implied from information in a certificate.
|
||||
The number of Assurance Points for each Member is not published.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The CAcert Policy Statement
|
||||
(<a href="http://www.cacert.org/policy/CertificationPracticeStatement.php" target="_blank">CPS</a>)
|
||||
and other policies may list other capabilities that rely on Assurance
|
||||
Points.
|
||||
</p>
|
||||
|
||||
<h2><a name="3">3.</a> The Assurer</h2>
|
||||
<p>An Assurer is a Member with the following: </p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>Is assured to a minimum of 100 Assurance Points; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Has passed the CAcert Assurer Challenge. </p>
|
||||
</li>
|
||||
</ul>
|
||||
<p>The Assurer Challenge is administered by the Education Team on
|
||||
behalf of the Assurance Officer. </p>
|
||||
<h3><a name="3.1">3.1.</a> The Obligations of the Assurer</h3>
|
||||
<p>The Assurer is obliged to: </p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>Follow this Assurance Policy; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Follow any additional rules of detail laid out by the
|
||||
CAcert Assurance Officer; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Be guided by the CAcert <a href="http://wiki.cacert.org/wiki/AssuranceHandbook2" target="_blank">Assurance Handbook</a> in their
|
||||
judgement; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Make a good faith effort at identifying and verifying
|
||||
Members; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Maintain the documentation on each Assurance; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Deliver documentation to Arbitration, or as otherwise
|
||||
directed by the Arbitrator; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Keep up-to-date with developments within the CAcert
|
||||
Community. </p>
|
||||
</li>
|
||||
</ul>
|
||||
<h2><a name="4">4.</a> The Assurance</h2>
|
||||
<h3><a name="4.1">4.1.</a> The Assurance Process</h3>
|
||||
<p>The Assurer conducts the process of Assurance with each
|
||||
Member. </p>
|
||||
<p>The process consists of: </p>
|
||||
<ol>
|
||||
<li>
|
||||
<p>Voluntary agreement by both Assurer and Member or
|
||||
Prospective Member to conduct the Assurance; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Personal meeting of Assurer and Member or Prospective
|
||||
Member; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Recording of essential details on CAcert Assurance
|
||||
Programme form; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Examination of Identity documents by Assurer and
|
||||
verification of recorded details (the Name(s) and Secondary
|
||||
Distinguishing Feature, e.g., DoB); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Allocation of Assurance Points by Assurer; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Optional: supervision of reciprocal Assurance made by
|
||||
Assuree (Mutual Assurance); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Safekeeping of the CAcert Assurance Programme (<a href="http://www.cacert.org/cap.php" target="_blank">CAP</a>)
|
||||
forms by Assurer. </p>
|
||||
</li>
|
||||
</ol>
|
||||
<h3><a name="4.2">4.2.</a> Mutual Assurance</h3>
|
||||
<p>Mutual Assurance follows the principle of reciprocity. This
|
||||
means
|
||||
that the Assurance may be two-way, and that each member participating
|
||||
in the Assurance procedure should be able to show evidence of their
|
||||
identity to the other. </p>
|
||||
<p>In the event that an Assurer is assured by a Member who is not
|
||||
certified as an Assurer, the Assurer supervises the Assurance
|
||||
procedure and process, and is responsible for the results. </p>
|
||||
<p>Reciprocity maintains a balance between the (new) member and
|
||||
the
|
||||
Assurer, and reduces any sense of power. It is also an important aid
|
||||
to the assurance training for future Assurers. </p>
|
||||
|
||||
<h3><a name="4.3">4.3.</a> Assurance Points</h3>
|
||||
<p>The Assurance applies Assurance Points to each Member which
|
||||
measure the increase of confidence in the Statement (above).
|
||||
Assurance Points should not be interpreted for any other purpose.
|
||||
Note that, even though they are sometimes referred to as <i>Web-of-Trust</i>
|
||||
(Assurance) Points, or <i>Trust</i> Points, the meaning
|
||||
of the word
|
||||
'Trust' is not well defined. </p>
|
||||
<p><i>Assurance Points Allocation</i><br>
|
||||
An Assurer can allocate a
|
||||
number of Assurance Points to the Member according to the Assurer's
|
||||
experience (Experience Point system, see below). The allocation of
|
||||
the maximum means that the Assurer is 100% confident in the
|
||||
information presented: </p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>Detail on form, system, documents, person in accordance; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Sufficient quality identity documents have been checked; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Assurer's familiarity with identity documents; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>The Assurance Statement is confirmed. </p>
|
||||
</li>
|
||||
</ul>
|
||||
<p>
|
||||
Any lesser confidence should result in less Assurance Points for a
|
||||
Name. If the Assurer has no confidence in the information presented,
|
||||
then <i>zero</i> Assurance Points may be allocated by the Assurer.
|
||||
For example, this may happen if the identity documents are totally
|
||||
unfamiliar to the Assurer. The number of Assurance Points from <i>zero</i>
|
||||
to <i>maximum</i> is guided by the Assurance Handbook
|
||||
and the judgement of the Assurer.
|
||||
If there is negative confidence the Assurer should consider
|
||||
filing a dispute.
|
||||
</p>
|
||||
<p>Multiple Names should be allocated Assurance Points
|
||||
independently within a single Assurance. </p>
|
||||
<p>
|
||||
A Member who is not an Assurer may award an Assurer in a
|
||||
reciprocal process a maximum of 2 Assurance Points, according to
|
||||
her judgement. The Assurer should strive to have the Member allocate
|
||||
according to the Member's judgement, and stay on the cautious side;
|
||||
the Member new to the assurance process
|
||||
should allocate <i>zero</i> Assurance Points
|
||||
until she gains some confidence in what is happening.
|
||||
</p>
|
||||
<p>
|
||||
In general, for a Member to reach 50 Assurance Points, the Member must
|
||||
have participated in at least two assurances, and
|
||||
at least one Name will have been assured to that level.
|
||||
</p>
|
||||
<p>
|
||||
To reach 100 Assurance
|
||||
Points, at least one Name of the Assured Member must have been
|
||||
assured at least three times.
|
||||
</p>
|
||||
<p>
|
||||
The maximum number of Assurance
|
||||
Points which can be allocated for an Assurance under this policy
|
||||
and under any act under any
|
||||
Subsidiary Policy (below) is 50 Assurance Points.
|
||||
</p>
|
||||
|
||||
<h3><a name="4.4">4.4.</a> Experience Points</h3>
|
||||
<p>The maximum number of Assurance Points that may be awarded by
|
||||
an
|
||||
Assurer is determined by the Experience Points of the Assurer. </p>
|
||||
<blockquote>
|
||||
<p align="left"><font size="2"><i>Table 2:
|
||||
Maximum of Assurance Points </i></font>
|
||||
</p>
|
||||
<table border="1" cellpadding="2" cellspacing="0" width="15%">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>
|
||||
<p><i>Assurer's Experience Points</i></p>
|
||||
</td>
|
||||
<td>
|
||||
<p><i>Allocatable Assurance Points</i></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<p align="center">0</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="center">10</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<p align="center">10</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="center">15</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<p align="center">20</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="center">20</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<p align="center">30</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="center">25</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<p align="center">40</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="center">30</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<p align="center">>=50</p>
|
||||
</td>
|
||||
<td>
|
||||
<p align="center">35</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</blockquote>
|
||||
<p>An Assurer is given a maximum of 2 Experience Points for every
|
||||
completed Assurance. On reaching Assurer status, the Experience
|
||||
Points start at 0 (zero). </p>
|
||||
<p>Less Experience Points (1) may be given for mass Assurance
|
||||
events,
|
||||
where each Assurance is quicker. </p>
|
||||
<p>Additional Experience Points may be granted temporarily or
|
||||
permanently to an Assurer by CAcert Inc.'s Committee (board), on
|
||||
recommendation from the Assurance Officer. </p>
|
||||
<p>Experience Points are not to be confused with Assurance
|
||||
Points. </p>
|
||||
<h3><a name="4.5">4.5.</a> CAcert Assurance Programme (CAP) form</h3>
|
||||
<p>The CAcert Assurance Programme (<a href="http://www.cacert.org/cap.php" target="_blank">CAP</a>)
|
||||
form requests the following details of each Member or Prospective
|
||||
Member: </p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>Name(s), as recorded in the on-line account; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Primary email address, as recorded in the on-line account;
|
||||
</p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Secondary Distinguishing Feature, as recorded in the
|
||||
on-line account (normally, date of birth); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Statement of agreement with the CAcert Community
|
||||
Agreement; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Permission to the Assurer to conduct the Assurance
|
||||
(required for privacy reasons); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Date and signature of the Assuree. </p>
|
||||
</li>
|
||||
</ul>
|
||||
<p>The CAP form requests the following details of the Assurer: </p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>At least one Name as recorded in the on-line account of
|
||||
the Assurer; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Assurance Points for each Name in the identity
|
||||
document(s); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Statement of Assurance; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Optional: If the Assurance is reciprocal, then the
|
||||
Assurer's email address and Secondary Distinguishing Feature are
|
||||
required as well; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Date, location of Assurance and signature of Assurer. </p>
|
||||
</li>
|
||||
</ul>
|
||||
<p>The CAP forms are to be kept at least for 7 years by the
|
||||
Assurer. </p>
|
||||
<h2><a name="5">5.</a> The Assurance Officer</h2>
|
||||
<p>The Committee (board) of CAcert Inc. appoints an Assurance
|
||||
Officer
|
||||
with the following responsibilities: </p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>Reporting to the Committee and advising on all matters to
|
||||
do with Assurance; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Training and testing of Assurers, in association with the
|
||||
Education Team; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Updating this Assurance Policy, under the process
|
||||
established by Policy on Policy (<a href="https://www.cacert.org/policy/PolicyOnPolicy.php" target="_blank">PoP</a>); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Management of all Subsidiary Policies (see below) for
|
||||
Assurances, under Policy on Policy; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Managing and creating rules of detail or procedure where
|
||||
inappropriate for policies; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Incorporating rulings from Arbitration into policies,
|
||||
procedures or guidelines; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Assisting the Arbitrator in any requests; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Managing the Assurer Handbook; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Maintaining a sufficient strength in the Assurance process
|
||||
(web-of-trust) to meet the agreed needs of the Community. </p>
|
||||
</li>
|
||||
</ul>
|
||||
<h2><a name="6">6.</a> Subsidiary Policies</h2>
|
||||
<p>The Assurance Officer manages various exceptions and additional
|
||||
processes. Each must be covered by an approved Subsidiary Policy
|
||||
(refer to Policy on Policy => CAcert Official Document COD1).
|
||||
Subsidiary Policies specify any additional tests of knowledge
|
||||
required and variations to process and documentation, within the
|
||||
general standard stated here. </p>
|
||||
<h3><a name="6.1">6.1.</a> Standard</h3>
|
||||
<p>Each Subsidiary Policy must augment and improve the general
|
||||
standards in this Assurance Policy. It is the responsibility of each
|
||||
Subsidiary Policy to describe how it maintains and improves the
|
||||
specific and overall goals. It must describe exceptions and potential
|
||||
areas of risk. </p>
|
||||
|
||||
<h3><a name="6.2">6.2.</a> High Risk Applications</h3>
|
||||
<p>In addition to the Assurance or Experience Points ratings set
|
||||
here and in other subsidiary policies, the Assurance Officer or policies can
|
||||
designate certain applications as high risk. If so, additional
|
||||
measures may be added to the Assurance process that specifically
|
||||
address the risks.</p>
|
||||
<p>Additional measures may include:
|
||||
</p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>Additional information can be required in process of assurance: </p>
|
||||
<ul>
|
||||
<li>unique numbers of identity documents,</li>
|
||||
<li>photocopy of identity documents,</li>
|
||||
<li>photo of User,</li>
|
||||
<li>address of User.</li>
|
||||
</ul>
|
||||
<p>Additional Information is to be kept by Assurer, attached to
|
||||
CAcert Assurance Programme (<a href="http://www.cacert.org/cap.php" target="_blank">CAP</a>)
|
||||
form. Assurance Points allocation by this assurance is unchanged.
|
||||
User's CAcert login account should be annotated to record type of
|
||||
additional information;</p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Arbitration: </p>
|
||||
<ul>
|
||||
<li> Member to participate in Arbitration. This confirms
|
||||
their acceptance of the forum as well as trains in the process and
|
||||
import,
|
||||
</li>
|
||||
<li> Member to file Arbitration to present case. This
|
||||
allows Arbitrator as final authority;
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<p>Additional training; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Member to be Assurer (at least 100 Assurance Points and
|
||||
passed Assurer Challenge); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Member agrees to additional specific agreement(s); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Additional checking/auditing of systems data by CAcert
|
||||
support administrators. </p>
|
||||
</li>
|
||||
</ul>
|
||||
<p>Applications that might attract additional measures include
|
||||
code-signing certificates and administration roles. </p>
|
||||
<h2><a name="7">7.</a> Privacy</h2>
|
||||
<p>CAcert is a "privacy" organisation, and takes the
|
||||
privacy of its Members seriously. The process maintains the security
|
||||
and privacy of both parties. </p>
|
||||
<p>Information is collected primarily to make claims within the
|
||||
certificates requested by users and to contact the Members. It is
|
||||
used secondarily for training, testing, administration and other
|
||||
internal purposes. </p>
|
||||
<p>The Member's information can be accessed under these
|
||||
circumstances: </p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>Under Arbitrator ruling, in a duly filed dispute (<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php" target="_blank">Dispute Resolution Policy</a>
|
||||
=> COD7); </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>An Assurer in the process of an Assurance, as permitted on
|
||||
the CAcert Assurance Programme (<a href="http://www.cacert.org/cap.php" target="_blank">CAP</a>)
|
||||
form; </p>
|
||||
</li>
|
||||
<li>
|
||||
<p>CAcert support administration and CAcert systems
|
||||
administration when operating under the authority of Arbitrator or
|
||||
under CAcert policy. </p>
|
||||
</li>
|
||||
</ul>
|
||||
<p><a href="http://validator.w3.org/check?uri=referer"><img src="/images/valid-xhtml11-blue" id="graphics2" alt="Valid XHTML 1.1" align="bottom" border="0" height="33" width="90"></a>
|
||||
</p>
|
||||
</body></html>
|
||||
|
||||
<?php
|
||||
header('HTTP/1.0 301 Moved Permanently');
|
||||
header('Location: AssurancePolicy.html');
|
||||
exit();
|
531
www/policy/CAcertCommunityAgreement.html
Normal file
531
www/policy/CAcertCommunityAgreement.html
Normal file
|
@ -0,0 +1,531 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" lang="en">
|
||||
<title>CAcert Community Agreement</title>
|
||||
<style>
|
||||
.r{
|
||||
text-align: right;
|
||||
}
|
||||
.vTop{
|
||||
vertical-align: top;
|
||||
}
|
||||
dt{
|
||||
font-style: italic;
|
||||
}
|
||||
</style>
|
||||
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div class="comment">
|
||||
<table style="width: 100%;">
|
||||
|
||||
<tr>
|
||||
<td>
|
||||
Name: CCA <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD9</a><br />
|
||||
Status: POLICY <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20080109">p20080109</a><br />
|
||||
Editor: <a style="color: steelblue" href="https://wiki.cacert.org/Iang">Iang</a><br />
|
||||
Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br />
|
||||
|
||||
</td>
|
||||
<td class="vTop r">
|
||||
<a href="https://www.cacert.org/policy/PolicyOnPolicy.html"><img src="images/cacert-policy.png" alt="CCA Status - POLICY" height="31" width="88" style="border-style: none;" /></a>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
<h2> CAcert Community Agreement </h2>
|
||||
|
||||
|
||||
|
||||
<h3 id="s0"> 0. Introduction </h3>
|
||||
|
||||
<p>
|
||||
This agreement is between
|
||||
you, being a registered member ("Member")
|
||||
within CAcert's community at large ("Community")
|
||||
and CAcert Incorporated ("CAcert"),
|
||||
being an operator of services to the Community.
|
||||
</p>
|
||||
|
||||
<h4 id="s0.1"> 0.1 Terms </h4>
|
||||
<dl>
|
||||
<dt>"CAcert"</dt><dd>
|
||||
means CAcert Inc.,
|
||||
a non-profit Association of Members incorporated in
|
||||
New South Wales, Australia.
|
||||
Note that Association Members are distinct from
|
||||
the Members defined here.</dd>
|
||||
<dt>"Member"</dt><dd>
|
||||
means you, a registered participant within CAcert's Community,
|
||||
with an account on the website and the
|
||||
facility to request certificates.
|
||||
Members may be individuals ("natural persons")
|
||||
or organisations ("legal persons").</dd>
|
||||
<dt>"Organisation"</dt><dd>
|
||||
is defined under the Organisation Assurance programme,
|
||||
and generally includes corporations and other entities
|
||||
that become Members and become Assured.</dd>
|
||||
<dt>"Community"</dt><dd>
|
||||
means all of the Members
|
||||
that are registered by this agreement
|
||||
and other parties by other agreements,
|
||||
all being under CAcert's Arbitration.</dd>
|
||||
<dt>"Non-Related Person" ("NRP")</dt><dd>
|
||||
being someone who is not a
|
||||
Member, is not part of the Community,
|
||||
and has not registered their agreement.
|
||||
Such people are offered the NRP-DaL
|
||||
another agreement allowing the USE of certificates.</dd>
|
||||
<dt>"Non-Related Persons - Disclaimer and Licence" ("NRP-DaL")</dt><dd>
|
||||
another agreement that is offered to persons outside the
|
||||
Community.</dd>
|
||||
<dt>"Arbitration"</dt><dd>
|
||||
is the Community's forum for
|
||||
resolving disputes, or jurisdiction.</dd>
|
||||
<dt>"Dispute Resolution Policy" ("DRP" => COD7)</dt><dd>
|
||||
is the policy and
|
||||
rules for resolving disputes.</dd>
|
||||
<dt>"USE"</dt><dd>
|
||||
means the act by your software
|
||||
to conduct its tasks, incorporating
|
||||
the certificates according to software procedures.</dd>
|
||||
<dt>"RELY"</dt><dd>
|
||||
means your human act in taking on a
|
||||
risk and liability on the basis of the claim(s)
|
||||
bound within a certificate.</dd>
|
||||
<dt>"OFFER"</dt><dd>
|
||||
means the your act
|
||||
of making available your certificate to another person.
|
||||
Generally, you install and configure your software
|
||||
to act as your agent and facilite this and other tasks.
|
||||
OFFER does not imply suggestion of reliance.</dd>
|
||||
<dt>"Issue"</dt><dd>
|
||||
means creation of a certificate by CAcert.
|
||||
To create a certificate,
|
||||
CAcert affixes a digital signature from the root
|
||||
onto a public key and other information.
|
||||
This act would generally bind a statement or claim,
|
||||
such as your name, to your key.</dd>
|
||||
<dt>"Root"</dt><dd>
|
||||
means CAcert's top level key,
|
||||
used for signing certificates for Members.
|
||||
In this document, the term includes any subroots.</dd>
|
||||
<dt>"CAcert Official Document" ("COD" => COD3)</dt><dd>
|
||||
in a standard format for describing the details of
|
||||
operation and governance essential to a certificate authority.
|
||||
Changes are managed and controlled.
|
||||
CODs define more technical terms.
|
||||
See 4.2 for listing of relevant CODs.</dd>
|
||||
<dt>"Certification Practice Statement" ("CPS" => COD6)</dt><dd>
|
||||
is the document that controls details
|
||||
about operational matters within CAcert.</dd>
|
||||
</dl>
|
||||
|
||||
|
||||
<h3 id="s1"> 1. Agreement and Licence </h3>
|
||||
|
||||
<h4 id="s1.1"> 1.1 Agreement </h4>
|
||||
|
||||
<p>
|
||||
You and CAcert both agree to the terms and conditions
|
||||
in this agreement.
|
||||
Your agreement is given by any of
|
||||
</p>
|
||||
|
||||
<ul><li>
|
||||
your signature on a form to request assurance of identity
|
||||
("CAP" form),
|
||||
</li><li>
|
||||
your request on the website
|
||||
to join the Community and create an account,
|
||||
</li><li>
|
||||
your request for Organisation Assurance,
|
||||
</li><li>
|
||||
your request for issuing of certificates, or
|
||||
</li><li>
|
||||
if you USE, RELY, or OFFER
|
||||
any certificate issued to you.
|
||||
</li></ul>
|
||||
|
||||
<p>
|
||||
Your agreement
|
||||
is effective from the date of the first event above
|
||||
that makes this agreement known to you.
|
||||
This Agreement
|
||||
replaces and supercedes prior agreements,
|
||||
including the NRP-DaL.
|
||||
</p>
|
||||
|
||||
|
||||
<h4 id="s1.2"> 1.2 Licence </h4>
|
||||
|
||||
<p>
|
||||
As part of the Community, CAcert offers you these rights:
|
||||
</p>
|
||||
|
||||
<ol><li>
|
||||
You may USE any certificates issued by CAcert.
|
||||
</li><li>
|
||||
You may RELY on any certificate issued by CAcert,
|
||||
as explained and limited by CPS (COD6).
|
||||
</li><li>
|
||||
You may OFFER certificates issued to you by CAcert
|
||||
to Members for their RELIANCE.
|
||||
</li><li>
|
||||
You may OFFER certificates issued to you by CAcert
|
||||
to NRPs for their USE, within the general principles
|
||||
of the Community.
|
||||
</li><li>
|
||||
This Licence is free of cost,
|
||||
non-exclusive, and non-transferrable.
|
||||
</li></ol>
|
||||
|
||||
<h4 id="s1.3"> 1.3 Your Contributions </h4>
|
||||
|
||||
|
||||
<p>
|
||||
You agree to a non-exclusive non-restrictive non-revokable
|
||||
transfer of Licence to CAcert for your contributions.
|
||||
That is, if you post an idea or comment on a CAcert forum,
|
||||
or email it to other Members,
|
||||
your work can be used freely by the Community for
|
||||
CAcert purposes, including placing under CAcert's licences
|
||||
for wider publication.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
You retain authorship rights, and the rights to also transfer
|
||||
non-exclusive rights to other parties.
|
||||
That is, you can still use your
|
||||
ideas and contributions outside the Community.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Note that the following exceptions override this clause:
|
||||
</p>
|
||||
|
||||
<ol><li>
|
||||
Contributions to controlled documents are subject to
|
||||
Policy on Policy ("PoP" => COD1)
|
||||
</li><li>
|
||||
Source code is subject to an open source licence regime.
|
||||
</li></ol>
|
||||
|
||||
<h4 id="s1.4"> 1.4 Privacy </h4>
|
||||
|
||||
|
||||
<p>
|
||||
You give rights to CAcert to store, verify and process
|
||||
and publish your data in accordance with policies in force.
|
||||
These rights include shipping the data to foreign countries
|
||||
for system administration, support and processing purposes.
|
||||
Such shipping will only be done among
|
||||
CAcert Community administrators and Assurers.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Privacy is further covered in the Privacy Policy ("PP" => COD5).
|
||||
</p>
|
||||
|
||||
<h3 id="s2"> 2. Your Risks, Liabilities and Obligations </h3>
|
||||
|
||||
<p>
|
||||
As a Member, you have risks, liabilities
|
||||
and obligations within this agreement.
|
||||
</p>
|
||||
|
||||
<h4 id="s2.1"> 2.1 Risks </h4>
|
||||
|
||||
<ol><li>
|
||||
A certificate may prove unreliable.
|
||||
</li><li>
|
||||
Your account, keys or other security tools may be
|
||||
lost or otherwise compromised.
|
||||
</li><li>
|
||||
You may find yourself subject to Arbitration
|
||||
(DRP => COD7).
|
||||
</li></ol>
|
||||
|
||||
<h4 id="s2.2"> 2.2 Liabilities </h4>
|
||||
|
||||
<ol><li>
|
||||
You are liable for any penalties
|
||||
as awarded against you by the Arbitrator.
|
||||
</li><li>
|
||||
Remedies are as defined in the DRP (COD7).
|
||||
An Arbitrator's ruling may
|
||||
include monetary amounts, awarded against you.
|
||||
</li><li>
|
||||
Your liability is limited to
|
||||
a total maximum of
|
||||
<b>1000 Euros</b>.
|
||||
</li><li>
|
||||
"Foreign Courts" may assert jurisdiction.
|
||||
These include your local courts, and are outside our Arbitration.
|
||||
Foreign Courts will generally refer to the Arbitration
|
||||
Act of their country, which will generally refer
|
||||
civil cases to Arbitration.
|
||||
The Arbitration Act will not apply to criminal cases.
|
||||
</li></ol>
|
||||
|
||||
<h4 id="s2.3"> 2.3 Obligations </h4>
|
||||
|
||||
<p>
|
||||
You are obliged
|
||||
</p>
|
||||
|
||||
<ol><li>
|
||||
to provide accurate information
|
||||
as part of Assurance.
|
||||
You give permission for verification of the information
|
||||
using CAcert-approved methods.
|
||||
</li><li>
|
||||
to make no false representations.
|
||||
</li><li>
|
||||
to submit all your disputes to Arbitration
|
||||
(DRP => COD7).
|
||||
</li></ol>
|
||||
|
||||
<h4 id="s2.4"> 2.4 Principles </h4>
|
||||
|
||||
<p>
|
||||
As a Member of CAcert, you are a member of
|
||||
the Community.
|
||||
You are further obliged to
|
||||
work within the spirit of the Principles
|
||||
of the Community.
|
||||
These are described in
|
||||
<a href="https://svn.cacert.org/CAcert/principles.html">Principles of the Community</a>.
|
||||
</p>
|
||||
|
||||
<h4 id="s2.5"> 2.5 Security </h4>
|
||||
<p>
|
||||
CAcert exists to help you to secure yourself.
|
||||
You are primarily responsible for your own security.
|
||||
Your security obligations include
|
||||
</p>
|
||||
|
||||
<ol><li>
|
||||
to secure yourself and your computing platform (e.g., PC),
|
||||
</li><li>
|
||||
to keep your email account in good working order,
|
||||
</li><li>
|
||||
to secure your CAcert account
|
||||
(e.g., credentials such as username, password),
|
||||
</li><li>
|
||||
to secure your private keys,
|
||||
</li><li>
|
||||
to review certificates for accuracy,
|
||||
and
|
||||
</li><li>
|
||||
when in doubt, notify CAcert,
|
||||
</li><li>
|
||||
when in doubt, take other reasonable actions, such as
|
||||
revoking certificates,
|
||||
changing account credentials,
|
||||
and/or generating new keys.
|
||||
</li></ol>
|
||||
|
||||
<p>
|
||||
Where, above, 'secure' means to protect to a reasonable
|
||||
degree, in proportion with your risks and the risks of
|
||||
others.
|
||||
</p>
|
||||
|
||||
<h3 id="s3"> 3. Law and Jurisdiction </h3>
|
||||
|
||||
<h4 id="s3.1"> 3.1 Governing Law </h4>
|
||||
|
||||
<p>
|
||||
This agreement is governed under the law of
|
||||
New South Wales, Australia,
|
||||
being the home of the CAcert Inc. Association.
|
||||
</p>
|
||||
|
||||
<h4 id="s3.2"> 3.2 Arbitration as Forum of Dispute Resolution </h4>
|
||||
|
||||
<p>
|
||||
You agree, with CAcert and all of the Community,
|
||||
that all disputes arising out
|
||||
of or in connection to our use of CAcert services
|
||||
shall be referred to and finally resolved
|
||||
by Arbitration under the rules within the
|
||||
Dispute Resolution Policy of CAcert
|
||||
(DRP => COD7).
|
||||
The rules select a single Arbitrator chosen by CAcert
|
||||
from among senior Members in the Community.
|
||||
The ruling of the Arbitrator is binding and
|
||||
final on Members and CAcert alike.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
In general, the jurisdiction for resolution of disputes
|
||||
is within CAcert's own forum of Arbitration,
|
||||
as defined and controlled by its own rules (DRP => COD7).
|
||||
</p>
|
||||
|
||||
<p>
|
||||
We use Arbitration for many purposes beyond the strict
|
||||
nature of disputes, such as governance and oversight.
|
||||
A systems administrator may
|
||||
need authorisation to conduct a non-routine action,
|
||||
and Arbitration may provide that authorisation.
|
||||
Thus, you may find yourself party to Arbitration
|
||||
that is simply support actions, and you may file disputes in
|
||||
order to initiate support actions.
|
||||
</p>
|
||||
|
||||
<h4 id="s3.3"> 3.3 Termination </h4>
|
||||
<p>
|
||||
You may terminate this agreement by resigning
|
||||
from CAcert. You may do this at any time by
|
||||
writing to CAcert's online support forum and
|
||||
filing dispute to resign.
|
||||
All services will be terminated, and your
|
||||
certificates will be revoked.
|
||||
However, some information will continue to
|
||||
be held for certificate processing purposes.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The provisions on Arbitration survive any termination
|
||||
by you by leaving CAcert.
|
||||
That is, even if you resign from CAcert,
|
||||
you are still bound by the DRP (COD7),
|
||||
and the Arbitrator may reinstate any provision of this
|
||||
agreement or bind you to a ruling.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Only the Arbitrator may terminate this agreement with you.
|
||||
</p>
|
||||
|
||||
<h4 id="s3.4"> 3.4 Changes of Agreement </h4>
|
||||
|
||||
<p>
|
||||
CAcert may from time to time vary the terms of this Agreement.
|
||||
Changes will be done according to the documented CAcert policy
|
||||
for changing policies, and is subject to scrutiny and feedback
|
||||
by the Community.
|
||||
Changes will be notified to you by email to your primary address.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
If you do not agree to the changes, you may terminate as above.
|
||||
Continued use of the service shall be deemed to be agreement
|
||||
by you.
|
||||
</p>
|
||||
|
||||
<h4 id="s3.5"> 3.5 Communication </h4>
|
||||
|
||||
<p>
|
||||
Notifications to CAcert are to be sent by
|
||||
email to the address
|
||||
<b>support</b> <i>at</i> CAcert.org.
|
||||
You should attach a digital signature,
|
||||
but need not do so in the event of security
|
||||
or similar urgency.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Notifications to you are sent
|
||||
by CAcert to the primary email address
|
||||
registered with your account.
|
||||
You are responsible for keeping your email
|
||||
account in good working order and able
|
||||
to receive emails from CAcert.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Arbitration is generally conducted by email.
|
||||
</p>
|
||||
|
||||
<h3 id="s4"> 4. Miscellaneous </h3>
|
||||
|
||||
<h4 id="s4.1"> 4.1 Other Parties Within the Community </h4>
|
||||
|
||||
<p>
|
||||
As well as you and other Members in the Community,
|
||||
CAcert forms agreements with third party
|
||||
vendors and others.
|
||||
Thus, such parties will also be in the Community.
|
||||
Such agreements are also controlled by the same
|
||||
policy process as this agreement, and they should
|
||||
mirror and reinforce these terms.
|
||||
</p>
|
||||
|
||||
|
||||
<h4 id="s4.2"> 4.2 References and Other Binding Documents </h4>
|
||||
|
||||
<p>
|
||||
This agreement is CAcert Official Document 9 (COD9)
|
||||
and is a controlled document.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
You are also bound by
|
||||
</p>
|
||||
|
||||
<ol><li>
|
||||
<a href="https://www.cacert.org/policy/CertificationPracticeStatement.html">
|
||||
Certification Practice Statement</a> (CPS => COD6).
|
||||
</li><li>
|
||||
<a href="https://www.cacert.org/policy/DisputeResolutionPolicy.html">
|
||||
Dispute Resolution Policy</a> (DRP => COD7).
|
||||
</li><li>
|
||||
<a href="https://www.cacert.org/policy/PrivacyPolicy.html">
|
||||
Privacy Policy</a> (PP => COD5).
|
||||
</li><li>
|
||||
<a href="https://svn.cacert.org/CAcert/principles.html">
|
||||
Principles of the Community</a>.
|
||||
</li></ol>
|
||||
|
||||
<p>
|
||||
Where documents are referred to as <i>=> COD x</i>,
|
||||
they are controlled documents
|
||||
under the control of Policy on Policies (COD1).
|
||||
</p>
|
||||
|
||||
<p>
|
||||
This agreement and controlled documents above are primary,
|
||||
and may not be replaced or waived except
|
||||
by formal policy channels and by Arbitration.
|
||||
</p>
|
||||
|
||||
<h4 id="s4.3"> 4.3 Informative References </h4>
|
||||
|
||||
<p>
|
||||
The governing documents are in English.
|
||||
Documents may be translated for convenience.
|
||||
Because we cannot control the legal effect of translations,
|
||||
the English documents are the ruling ones.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
You are encouraged to be familiar with the
|
||||
Assurer Handbook,
|
||||
which provides a more readable introduction for much of
|
||||
the information needed.
|
||||
The Handbook is not however an agreement, and is overruled
|
||||
by this agreement and others listed above.
|
||||
</p>
|
||||
|
||||
<h4 id="s4.4"> 4.4 Not Covered in this Agreement </h4>
|
||||
|
||||
<p>
|
||||
<b>Intellectual Property.</b>
|
||||
This Licence does not transfer any intellectual
|
||||
property rights ("IPR") to you. CAcert asserts and
|
||||
maintains its IPR over its roots, issued certificates,
|
||||
brands, logos and other assets.
|
||||
Note that the certificates issued to you
|
||||
are CAcert's intellectual property
|
||||
and you do not have rights other than those stated.
|
||||
</p>
|
||||
<p><a href="http://validator.w3.org/check?uri=referer"><img src="images/valid-html50-blue.png" alt="Valid HTML 5" height="31" width="88"></a></p>
|
||||
</body>
|
||||
</html>
|
|
@ -1,593 +1,4 @@
|
|||
<?='<?xml version="1.0" encoding="utf-8"?>'?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
||||
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" />
|
||||
<title> CAcert Community Agreement </title>
|
||||
<style type="text/css">
|
||||
<!--
|
||||
.comment {
|
||||
color : steelblue;
|
||||
}
|
||||
.first-does-not-work {
|
||||
color : red;
|
||||
}
|
||||
.q {
|
||||
color : green;
|
||||
font-weight: bold;
|
||||
text-align: center;
|
||||
font-style:italic;
|
||||
}
|
||||
.change {
|
||||
color : blue;
|
||||
font-weight: bold;
|
||||
}
|
||||
.change2 {
|
||||
color : blue;
|
||||
font-weight: bold;
|
||||
}
|
||||
.change3 {
|
||||
color : blue;
|
||||
font-weight: bold;
|
||||
}
|
||||
.change4 {
|
||||
color : blue;
|
||||
font-weight: bold;
|
||||
}
|
||||
.change5 {
|
||||
color : blue;
|
||||
font-weight: bold;
|
||||
}
|
||||
.change6 {
|
||||
color : blue;
|
||||
font-weight: bold;
|
||||
}
|
||||
.change7 {
|
||||
color : blue ;
|
||||
font-weight: bold;
|
||||
}
|
||||
.change8 {
|
||||
color : blue;
|
||||
font-weight: bold;
|
||||
}
|
||||
.change9 {
|
||||
color : blue;
|
||||
font-weight: bold;
|
||||
}
|
||||
.change10 {
|
||||
color : blue;
|
||||
font-weight: bold;
|
||||
}
|
||||
.change11 {
|
||||
color : blue;
|
||||
font-weight: bold;
|
||||
}
|
||||
.change12 {
|
||||
color : blue;
|
||||
font-weight: bold;
|
||||
}
|
||||
.change13 {
|
||||
color : blue;
|
||||
font-weight: bold;
|
||||
}
|
||||
.strike {
|
||||
color : blue;
|
||||
text-decoration:line-through;
|
||||
}
|
||||
.strike2 {
|
||||
color : blue;
|
||||
text-decoration:line-through;
|
||||
}
|
||||
.strike4 {
|
||||
color : blue;
|
||||
text-decoration:line-through;
|
||||
}
|
||||
.strike5 {
|
||||
color : blue;
|
||||
text-decoration:line-through;
|
||||
}
|
||||
.strike6 {
|
||||
color : blue;
|
||||
text-decoration:line-through;
|
||||
}
|
||||
.strike7 {
|
||||
color : blue;
|
||||
text-decoration:line-through;
|
||||
}
|
||||
.strike8 {
|
||||
color : blue;
|
||||
text-decoration:line-through;
|
||||
}
|
||||
.strike9 {
|
||||
color : blue;
|
||||
text-decoration:line-through;
|
||||
}
|
||||
.strike10 {
|
||||
color : blue;
|
||||
text-decoration:line-through;
|
||||
}
|
||||
.strike11 {
|
||||
color : blue;
|
||||
text-decoration:line-through;
|
||||
}
|
||||
.strike12 {
|
||||
color : blue;
|
||||
text-decoration:line-through;
|
||||
}
|
||||
.strike13 {
|
||||
color : blue;
|
||||
text-decoration:line-through;
|
||||
}
|
||||
-->
|
||||
</style>
|
||||
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div class="comment">
|
||||
<table width="100%">
|
||||
|
||||
<tr>
|
||||
<td rowspan="2">
|
||||
Name: CCA <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD9</a><br />
|
||||
Status: POLICY <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20080109.1_CCA_to_POLICY_status">p20080109.1</a><br />
|
||||
<span class="draftadd">DRAFT <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20140709_CCA_update_to_DRAFT">p20140709</a></span> <br />
|
||||
Editor: <a style="color: steelblue" href="https://wiki.cacert.org/Community/HomePagesMembers/BenediktHeintel">Benedikt</a><br />
|
||||
Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy">CC-by-sa+DRP</a><br />
|
||||
|
||||
</td>
|
||||
<td valign="top" align="right">
|
||||
<a href="https://www.cacert.org/policy/PolicyOnPolicy.php"><img src="images/cacert-policy.png" alt="CCA Status - POLICY" height="31" width="88" style="border-style: none;" /></a>
|
||||
|
||||
<!-- XXXXXXXXXXXXXX delete this going to POLICY -->
|
||||
<br />
|
||||
<a href="https://www.cacert.org/policy/PolicyOnPolicy.php"><img src="images/cacert-draft.png" alt="CCA Status - DRAFT" height="31" width="88" style="border-style: none;" /></a>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
<h2>CAcert Community Agreement</h2>
|
||||
|
||||
<h3><a name="0">0.</a> Introduction</h3>
|
||||
|
||||
<p>This agreement is between you, being a registered member ("Member") within
|
||||
CAcert's community at large ("Community") and CAcert Incorporated ("CAcert"),
|
||||
being an operator of services to the Community.</p>
|
||||
|
||||
<h4><a name="0.1">0.1</a> Terms</h4>
|
||||
|
||||
<ol>
|
||||
<li>"CAcert" means CAcert Inc., a non-profit Association of Members
|
||||
incorporated in New South Wales, Australia. Note that Association Members
|
||||
are distinct from the Members defined here.</li>
|
||||
|
||||
<li>"Member" means you, a registered participant within CAcert's Community,
|
||||
with an account on the website and the facility to request certificates.
|
||||
Members may be individuals ("natural persons") or organisations ("legal
|
||||
persons").</li>
|
||||
|
||||
<li>"Organisation" is defined under the Organisation Assurance programme,
|
||||
and generally includes corporations and other entities that become Members
|
||||
and become Assured.</li>
|
||||
|
||||
<li>"Community" means all of the Members that are registered by this
|
||||
agreement and other parties by other agreements, all being under CAcert's
|
||||
Arbitration.</li>
|
||||
|
||||
<li>"Non-Related Person" ("NRP"), being someone who is not a Member, is not
|
||||
part of the Community, and has not registered their agreement. <span class=
|
||||
"strike7">Such people are offered the NRP-DaL another agreement allowing
|
||||
the USE of certificates.</span></li>
|
||||
|
||||
<li><span class="strike7">"Non-Related Persons - Disclaimer and Licence"
|
||||
("NRP-DaL"), another agreement that is offered to persons outside the
|
||||
Community.</span><span class="change7">(withdrawn)</span></li>
|
||||
|
||||
<li>"Arbitration" is the Community's forum for resolving disputes, or
|
||||
jurisdiction.</li>
|
||||
|
||||
<li>"Dispute Resolution Policy" ("DRP" => COD7) is the policy and rules
|
||||
for resolving disputes.</li>
|
||||
|
||||
<li>"USE" means the act by your software to conduct its tasks,
|
||||
incorporating the certificates according to software procedures.</li>
|
||||
|
||||
<li>"RELY" means your human act in taking on a risk and liability on the
|
||||
basis of the claim(s) bound within a certificate.</li>
|
||||
|
||||
<li>"OFFER" means the your act of making available your certificate to
|
||||
another person. Generally, you install and configure your software to act
|
||||
as your agent and facilite this and other tasks. OFFER does not imply
|
||||
suggestion of reliance.</li>
|
||||
|
||||
<li>"Issue" means creation of a certificate by CAcert. To create a
|
||||
certificate, CAcert affixes a digital signature from the root onto a public
|
||||
key and other information. This act would generally bind a statement or
|
||||
claim, such as your name, to your key.</li>
|
||||
|
||||
<li>"Root" means CAcert's top level key, used for signing certificates for
|
||||
Members. In this document, the term includes any subroots.</li>
|
||||
|
||||
<li>"CAcert Official Document" ("COD" <span class="strike4">=>
|
||||
COD3</span>) <span class="strike4">in a standard format for describing the
|
||||
details of operation and governance essential to a certificate authority.
|
||||
Changes are managed and controlled. CODs define more technical terms. See
|
||||
4.2 for listing of relevant CODs.</span> <span class="change4">is an
|
||||
official managed and controlled document (e. g. a Policy) of
|
||||
CAcert.</span></li>
|
||||
|
||||
<li>"Certification Practice Statement" ("CPS" => COD6) is the document
|
||||
that controls details about operational matters within CAcert.</li>
|
||||
</ol>
|
||||
|
||||
<h3><a name="1">1.</a> Agreement and Licence</h3>
|
||||
|
||||
<h4><a name="1.1">1.1</a> Agreement</h4>
|
||||
|
||||
<p>You <span class="strike">and CAcert both</span> agree to the terms and
|
||||
conditions in this agreement. Your agreement is given by <span class=
|
||||
"change2">but not limited to</span> <span class="strike2">any of</span></p>
|
||||
|
||||
<ul>
|
||||
<li>your signature on a form to request assurance of identity ("CAP"
|
||||
form),</li>
|
||||
|
||||
<li>your request on the website to join the Community and create an
|
||||
account,</li>
|
||||
|
||||
<li>your request for Organisation Assurance,</li>
|
||||
|
||||
<li>your request for issuing of certificates, or</li>
|
||||
|
||||
<li>if you USE, RELY, or OFFER any certificate issued to you.</li>
|
||||
</ul>
|
||||
|
||||
<p>Your agreement is effective from the date of the first event above that
|
||||
makes this agreement known to you. This Agreement replaces and <span class=
|
||||
"strike2">supercedes prior agreements, including the NRP-DaL.</span>
|
||||
<span class="change2">supersedes any prior agreements.</span></p>
|
||||
|
||||
<h4><a name="1.2">1.2</a> Licence</h4>
|
||||
|
||||
<p>As part of the Community, CAcert offers you these rights:</p>
|
||||
|
||||
<ol>
|
||||
<li>You may USE any certificates issued by CAcert.</li>
|
||||
|
||||
<li>You may RELY on any certificate issued by CAcert, as explained and
|
||||
limited by CPS (COD6).</li>
|
||||
|
||||
<li>You may OFFER certificates issued to you by CAcert to Members for their
|
||||
RELIANCE.</li>
|
||||
|
||||
<li>You may OFFER certificates issued to you by CAcert to NRPs for their
|
||||
USE, within the general principles of the Community.</li>
|
||||
|
||||
<li>This Licence is free of cost, non-exclusive, and
|
||||
non-transferrable.</li>
|
||||
</ol>
|
||||
|
||||
<h4><a name="1.3">1.3</a> Your Contributions</h4>
|
||||
|
||||
<p>You agree to a non-exclusive non-restrictive non-revokable transfer of
|
||||
Licence to CAcert for your contributions. That is, if you post an idea or
|
||||
comment on a CAcert forum, or email it to other Members, your work can be
|
||||
used freely by the Community for CAcert purposes, including placing under
|
||||
CAcert's licences for wider publication.</p>
|
||||
|
||||
<p>You retain authorship rights, and the rights to also transfer
|
||||
non-exclusive rights to other parties. That is, you can still use your ideas
|
||||
and contributions outside the Community.</p>
|
||||
|
||||
<p>Note that the following exceptions override this clause:</p>
|
||||
|
||||
<ol>
|
||||
<li>Contributions to controlled documents are subject to Policy on Policy
|
||||
("PoP" => COD1)</li>
|
||||
|
||||
<li>Source code is subject to an open source licence regime.</li>
|
||||
|
||||
<li><span class="change">Personal data</span></li>
|
||||
|
||||
<li><span class="change">Postings under competing licenses if clearly
|
||||
stated when posted</span></li>
|
||||
</ol>
|
||||
|
||||
<h4><a name="1.4">1.4</a> Privacy</h4>
|
||||
|
||||
<p>You give rights to CAcert to store, verify and
|
||||
process and publish your data in accordance with policies in force. These
|
||||
rights include shipping the data to foreign countries for system
|
||||
administration, support and processing purposes. Such shipping will only be
|
||||
done among CAcert Community administrators and Assurers.</p>
|
||||
|
||||
<p>Privacy is further covered in the Privacy Policy ("PP" => COD5).</p>
|
||||
|
||||
<h3><a name="2">2.</a> Your Risks, Liabilities and Obligations</h3>
|
||||
|
||||
<p>As a Member, you have risks, liabilities and obligations within this agreement.</p>
|
||||
|
||||
<h4><a name="2.1">2.1</a> Risks</h4>
|
||||
|
||||
<ol>
|
||||
<li>A certificate may prove unreliable.</li>
|
||||
|
||||
<li>Your account, keys or other security tools may be
|
||||
lost or otherwise compromised.</li>
|
||||
|
||||
<li>You may find yourself subject to Arbitration (DRP
|
||||
=> COD7).</li>
|
||||
</ol>
|
||||
|
||||
<h4><a name="2.2">2.2</a> Liabilities</h4>
|
||||
|
||||
<ol>
|
||||
<li>You are liable for any penalties as awarded
|
||||
against you by the Arbitrator.</li>
|
||||
|
||||
<li>Remedies are as defined in the DRP (COD7). An
|
||||
Arbitrator's ruling may include monetary amounts, awarded against
|
||||
you.</li>
|
||||
|
||||
<li>Your liability is limited to a total maximum of
|
||||
<b>1000 Euros</b>.</li>
|
||||
|
||||
<li>"Foreign Courts" may assert jurisdiction. These
|
||||
include your local courts, and are outside our Arbitration. Foreign Courts
|
||||
will generally refer to the Arbitration Act of their country, which will
|
||||
generally refer civil cases to Arbitration. The Arbitration Act will not
|
||||
apply to criminal cases.</li>
|
||||
</ol>
|
||||
|
||||
<h4><a name="2.3">2.3</a> Obligations</h4>
|
||||
|
||||
<p>You are obliged</p>
|
||||
|
||||
<ol>
|
||||
<li>to provide accurate information as part of
|
||||
Assurance. You give permission for verification of the information using
|
||||
CAcert-approved methods.</li>
|
||||
|
||||
<li>to make no false representations.</li>
|
||||
|
||||
<li>to submit all your disputes to Arbitration (DRP
|
||||
=> COD7).</li>
|
||||
|
||||
<li><span class="change">to assist the Arbitrator by truthfully providing
|
||||
information, or with any other reasonable request.</span></li>
|
||||
|
||||
<li><span class="change7">to not share your CAcert account.</span></li>
|
||||
</ol>
|
||||
|
||||
<h4><a name="2.4">2.4</a> Principles</h4>
|
||||
|
||||
<p>As a Member of CAcert, you are a member of the Community. You are further
|
||||
obliged to work within the spirit of the Principles of the Community. These
|
||||
are described in <a href=
|
||||
"http://svn.cacert.org/CAcert/principles.html">Principles of the
|
||||
Community</a>.</p>
|
||||
|
||||
<h4><a name="2.5">2.5</a> Security</h4>
|
||||
|
||||
<p>CAcert exists to help you to secure yourself. You are primarily
|
||||
responsible for your own security. Your security obligations include</p>
|
||||
|
||||
<ol>
|
||||
<li>to secure yourself and your computing platform (e. g. PC),</li>
|
||||
|
||||
<li>to keep your email account in good working order,</li>
|
||||
|
||||
<li>to secure your CAcert account (e. g., credentials such as username,
|
||||
password),</li>
|
||||
|
||||
<li>to secure your private keys, <span class="change8">ensuring that they
|
||||
are only used as indicated by the certificate, or by wider agreement with
|
||||
others,</span></li>
|
||||
|
||||
<li>to review certificates for accuracy, and</li>
|
||||
|
||||
<li>when in doubt, notify CAcert,</li>
|
||||
|
||||
<li>when in doubt, take other reasonable actions, such as revoking
|
||||
certificates, changing account credentials, and/or generating new
|
||||
keys.</li>
|
||||
</ol>
|
||||
|
||||
<p>Where, above, 'secure' means to protect to a reasonable degree, in
|
||||
proportion with your risks and the risks of others.</p>
|
||||
|
||||
<h3><a name="3">3.</a> Law and Jurisdiction</h3>
|
||||
|
||||
<h4><a name="3.1">3.1</a> Governing Law</h4>
|
||||
|
||||
<p>This agreement is governed under the law of New South Wales, Australia,
|
||||
being the home of the CAcert Inc. Association.</p>
|
||||
|
||||
<h4><a name="3.2">3.2</a> Arbitration as Forum of Dispute Resolution</h4>
|
||||
|
||||
<p>You agree, with CAcert and all of the Community, that all disputes arising
|
||||
out of or in connection to our use of CAcert services shall be referred to
|
||||
and finally resolved by Arbitration under the rules within the Dispute
|
||||
Resolution Policy of CAcert (DRP => COD7). The rules select a single
|
||||
Arbitrator chosen by CAcert from among senior Members in the Community. The
|
||||
ruling of the Arbitrator is binding and final on Members and CAcert
|
||||
alike.</p>
|
||||
|
||||
<p>In general, the jurisdiction for resolution of disputes is within CAcert's
|
||||
own forum of Arbitration, as defined and controlled by its own rules (DRP
|
||||
=> COD7).</p>
|
||||
|
||||
<p>We use Arbitration for many purposes beyond the strict nature of disputes,
|
||||
such as governance and oversight. A systems administrator may need
|
||||
authorisation to conduct a non-routine action, and Arbitration may provide
|
||||
that authorisation. Thus, you may find yourself party to Arbitration that is
|
||||
simply support actions, and you may file disputes in order to initiate
|
||||
support actions.</p>
|
||||
|
||||
<h4><a name="3.3">3.3</a> Termination</h4>
|
||||
|
||||
<p><span class="strike12">You may terminate this agreement by resigning from
|
||||
CAcert. You may do this at any time by writing to CAcert's online support
|
||||
forum and filing dispute to resign. All services will be terminated, and your
|
||||
certificates will be revoked. However, some information will continue to be
|
||||
held for certificate processing purposes.</span></p>
|
||||
|
||||
<p><span class="strike12">The provisions on Arbitration survive any
|
||||
termination by you by leaving CAcert. That is, even if you resign from
|
||||
CAcert, you are still bound by the DRP (COD7), and the Arbitrator may
|
||||
reinstate any provision of this agreement or bind you to a ruling.</span></p>
|
||||
|
||||
<p><span class="strike12">Only the Arbitrator may terminate this agreement
|
||||
with you.</span></p>
|
||||
|
||||
<p><span class="change12">The CAcert Community Agreement is
|
||||
terminated</span></p>
|
||||
|
||||
<ol>
|
||||
<li><span class="change12">based on a Policy Group decision following (PoP
|
||||
=> COD1). This terminates the Agreement with every member.</span></li>
|
||||
|
||||
<li><span class="change12">with a ruling of the Arbitrator or the
|
||||
completion of a termination process defined by an Arbitrator ruling (DRP
|
||||
=> COD7).</span></li>
|
||||
|
||||
<li><span class="change12">by the end of existence of a member (i.e. death
|
||||
in the case of individuals).</span></li>
|
||||
</ol>
|
||||
|
||||
<p><span class="change12">A member may declare the wish to resign from CAcert
|
||||
at any time by writing to <em>support AT cacert.org</em>. This triggers a
|
||||
process for termination of this agreement with the member.</span></p>
|
||||
|
||||
<h4><span class="change12"><a name="3.3">3.3a</a> Consequences of
|
||||
Termination</span></h4>
|
||||
|
||||
<p><span class="change12">The termination discontinues the right to USE,
|
||||
OFFER and CREATE personal certificates in any account of the former member.
|
||||
Those certificates will be revoked and all services to the former member will
|
||||
be terminated as soon as possible. However, some information will continue to
|
||||
be held for certificate processing purposes.</span></p>
|
||||
|
||||
<p><span class="change12">The provisions on Arbitration for the time of
|
||||
membership survive any termination. Former members are still bound by the DRP
|
||||
(COD7), and the Arbitrator may reinstate any provision of this agreement or
|
||||
bind them to a ruling.</span></p>
|
||||
|
||||
<p><span class="change12">As far as Organisations are concerned details are
|
||||
also defined in the Organisation Assurance Policy (OAP =>
|
||||
COD11).</span></p>
|
||||
|
||||
<p><span class="change12">Every member learning about the death of a member
|
||||
or termination of existence of a member should notify <em>support AT
|
||||
cacert.org</em>.</span></p>
|
||||
|
||||
<h4><a name="3.4">3.4</a> Changes of Agreement</h4>
|
||||
|
||||
<p>CAcert may from time to time vary the terms of this Agreement. Changes
|
||||
will be done according to the documented CAcert policy for changing policies,
|
||||
and is subject to scrutiny and feedback by the Community. Changes will be
|
||||
notified to you by email to your primary address.</p>
|
||||
|
||||
<p>If you do not agree to the changes, you may terminate as above. Continued
|
||||
use of the service shall be deemed to be agreement by you.</p>
|
||||
|
||||
<h4><a name="3.5">3.5</a> Communication</h4>
|
||||
|
||||
<p><span class="change6">You are responsible for keeping your primary email
|
||||
account in good working order and able to receive emails from
|
||||
CAcert.</span></p>
|
||||
|
||||
<p>Notifications to CAcert are to be sent by email to the address <em>support
|
||||
AT cacert.org</em>. You should attach a digital signature<span class=
|
||||
"strike6">, but need not do so in the event of security or similar
|
||||
urgency</span>.</p>
|
||||
|
||||
<p><span class="strike6">Notifications to you are sent by CAcert to the
|
||||
primary email address registered with your account. You are responsible for
|
||||
keeping your email account in good working order and able to receive emails
|
||||
from CAcert.</span></p>
|
||||
|
||||
<p><span class="strike6">Arbitration is generally conducted by
|
||||
email.</span></p>
|
||||
|
||||
<h3><a name="4">4.</a> Miscellaneous</h3>
|
||||
|
||||
<h4><a name="4.1">4.1</a> <span class="strike10">Other Parties Within the
|
||||
Community</span> <span class="change10">(withdrawn)</span></h4>
|
||||
|
||||
<p class="strike10">As well as you and other Members in the Community, CAcert
|
||||
forms agreements with third party vendors and others. Thus, such parties will
|
||||
also be in the Community. Such agreements are also controlled by the same
|
||||
policy process as this agreement, and they should mirror and reinforce these
|
||||
terms.</p>
|
||||
|
||||
<h4><a name="4.2">4.2</a> References and Other Binding Documents</h4>
|
||||
|
||||
<p class="strike11">This agreement is CAcert Official Document 9 (COD9) and
|
||||
is a controlled document.</p>
|
||||
|
||||
<p>You are also bound by <span class="change11">the Policies of the Community
|
||||
under the control of Policy on Policy ("PoP" => COD1) and listed in
|
||||
<a href=
|
||||
"https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">Controlled
|
||||
Document List</a>.</span></p>
|
||||
|
||||
<ol>
|
||||
<li><span class="strike11"><a href=
|
||||
"http://www.cacert.org/policy/CertificationPracticeStatement.php">Certification
|
||||
Practice Statement</a> (CPS => COD6).</span></li>
|
||||
|
||||
<li><span class="strike11"><a href=
|
||||
"http://www.cacert.org/policy/DisputeResolutionPolicy.php">Dispute
|
||||
Resolution Policy</a> (DRP => COD7).</span></li>
|
||||
|
||||
<li><span class="strike11"><a href="PrivacyPolicy.html">Privacy Policy</a>
|
||||
(PP => COD5).</span></li>
|
||||
|
||||
<li><span class="strike11"><a href=
|
||||
"http://svn.cacert.org/CAcert/principles.html">Principles of the
|
||||
Community</a>.</span></li>
|
||||
</ol>
|
||||
|
||||
<p class="strike11">Where documents are referred to as <i>=> COD x</i>,
|
||||
they are controlled documents under the control of Policy on Policies
|
||||
(COD1).</p>
|
||||
|
||||
<p class="strike11">This agreement and controlled documents above are
|
||||
primary, and may not be replaced or waived except by formal policy channels
|
||||
and by Arbitration.</p>
|
||||
|
||||
<p class="change11">Controlled documents are primary, and may not be replaced
|
||||
or waived except by formal policy channels and Arbitration.</p>
|
||||
|
||||
<p class="change11">This agreement is controlled document COD9.</p>
|
||||
|
||||
<h4><a name="4.3">4.3</a> Informative References</h4>
|
||||
|
||||
<p>The governing documents are in English. Documents may be translated for
|
||||
convenience. Because we cannot control the legal effect of translations, the
|
||||
English documents are the ruling ones.</p>
|
||||
|
||||
<p class="strike9">You are encouraged to be familiar with the Assurer
|
||||
Handbook, which provides a more readable introduction for much of the
|
||||
information needed. The Handbook is not however an agreement, and is
|
||||
overruled by this agreement and others listed above.</p>
|
||||
|
||||
<p class="change9">Beside this Agreement and the Policies, there are other
|
||||
documents, i. e. Policy Guides, Manuals and Handbooks, supporting and
|
||||
explaining this Agreement and the Policies. These documents are not binding
|
||||
and in doubt this Agreement and the Policies are valid.</p>
|
||||
|
||||
<h4><a name="4.4">4.4</a> <span class="strike9">Not Covered in this
|
||||
Agreement</span> <span class="change9">(withdrawn)</span></h4>
|
||||
|
||||
<p class="strike9"><b>Intellectual Property.</b> This Licence does not
|
||||
transfer any intellectual property rights ("IPR") to you. CAcert asserts and
|
||||
maintains its IPR over its roots, issued certificates, brands, logos and
|
||||
other assets. Note that the certificates issued to you are CAcert's
|
||||
intellectual property and you do not have rights other than those stated.</p>
|
||||
</body>
|
||||
</html>
|
||||
<?php
|
||||
header('HTTP/1.0 301 Moved Permanently');
|
||||
header('Location: CAcertCommunityAgreement.html');
|
||||
exit();
|
||||
|
|
4698
www/policy/CertificationPracticeStatement.html
Normal file
4698
www/policy/CertificationPracticeStatement.html
Normal file
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
277
www/policy/ConfigurationControlSpecification.html
Normal file
277
www/policy/ConfigurationControlSpecification.html
Normal file
|
@ -0,0 +1,277 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" lang="en">
|
||||
<title>Configuration-Control Specification</title>
|
||||
<style type="text/css">
|
||||
<!--
|
||||
body {
|
||||
font-family : verdana, helvetica, arial, sans-serif;
|
||||
}
|
||||
th {
|
||||
text-align : left;
|
||||
}
|
||||
.comment {
|
||||
color : steelblue;
|
||||
}
|
||||
.q {
|
||||
color : green;
|
||||
font-weight: bold;
|
||||
text-align: center;
|
||||
font-style:italic;
|
||||
}
|
||||
a:hover {
|
||||
color : gray;
|
||||
}
|
||||
-->
|
||||
</style>
|
||||
</head>
|
||||
<body lang="en-GB">
|
||||
<h1> Configuration-Control Specification </h1>
|
||||
<!-- Absolute URL because the policies are located absolutely. -->
|
||||
<div class="comment">
|
||||
<table width="100%">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td rowspan="2">
|
||||
Name: CCS <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD2</a>
|
||||
<br>
|
||||
Creation Date : 20091214
|
||||
<br>
|
||||
Editor: Iang
|
||||
<br>
|
||||
Status: POLICY <a href="https://wiki.cacert.org/PolicyDecisions#p20140731">p20140731</a>
|
||||
<br>
|
||||
Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy">CC-by-sa+DRP</a>
|
||||
|
||||
</td>
|
||||
<td align="right" valign="top">
|
||||
<a href="https://www.cacert.org/policy/PolicyOnPolicy.php">
|
||||
<img src="images/cacert-policy.png" alt="CCA Status - POLICY" style="border-style: none;" height="31" width="88">
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
|
||||
<h3 id="g0.0.1">Introduction </h3>
|
||||
|
||||
<!-- This section from A.1.a through A.1.c -->
|
||||
|
||||
<p>
|
||||
The Configuration-Control Specification (CCS COD2) controls and tracks
|
||||
those documents, processes and assets which are critical to the
|
||||
business, security and governance of the CAcert operations.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
This document is the procedure for CCS.
|
||||
This document itself is a component of the CCS,
|
||||
see §2.
|
||||
<!-- A.1.c The configuration-control specification controls its own revision process. -->
|
||||
All other documentation and process specified within
|
||||
is derivative and is ruled by the CCS.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
CCS is formated, inspired and designed to meet the needs of
|
||||
David Ross Criteria -
|
||||
<a href="http://rossde.com/CA_review/">Certificate Authority Review Checklist</a>
|
||||
- section A.1 (DRC-A.1)
|
||||
CCS may be seen as the index to systems audit under DRC.
|
||||
</p>
|
||||
|
||||
<h3 id="g0.0.2">Documents </h3>
|
||||
|
||||
<!-- A.1.c-h: The configuration-control specification controls the revision process for the CCS,CP,CPS,PP,SP,R/L/O -->
|
||||
|
||||
<h4 id="g0.0.2.1">Controlled Document List </h4>
|
||||
|
||||
<p>
|
||||
This CCS creates a
|
||||
Controlled Document List (CDL)
|
||||
of Primary or "root" documents known as Policies.
|
||||
Primary documents may authorise other secondary documents
|
||||
into the CDL, or "practices" outside the list.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The Controlled Document List
|
||||
contains numbers, locations and status
|
||||
of all controlled documents.
|
||||
The list is part of this CCS.
|
||||
</p>
|
||||
|
||||
<!-- See A.1.k, logging of documents. -->
|
||||
|
||||
<h4 id="g0.0.2.2">Change </h4>
|
||||
|
||||
|
||||
<p>
|
||||
Change to the documents
|
||||
is as specified by
|
||||
Policy on Policy (PoP).
|
||||
Policy Officer is to manage the
|
||||
<a href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">CDL</a>.
|
||||
</p>
|
||||
|
||||
<h4 id="g0.0.2.3">Control </h4>
|
||||
|
||||
<p>
|
||||
CAcert policies are required to be owned / transferred to CAcert. See PoP 6.2.
|
||||
</p>
|
||||
|
||||
<h3 id="g0.0.3">Hardware </h3>
|
||||
|
||||
<!-- This section from A.1.j -->
|
||||
|
||||
<h4 id="g0.0.3.1">Controlled Hardware List </h4>
|
||||
|
||||
<p>
|
||||
Critical systems are defined by Security Policy.
|
||||
</p>
|
||||
|
||||
<h4 id="g0.0.3.2">Change </h4>
|
||||
|
||||
<p> See Security Policy. </p>
|
||||
|
||||
<h4 id="g0.0.3.3">Control </h4>
|
||||
|
||||
<p>
|
||||
Security Policy places executive responsibility for Hardware with the Board of CAcert Inc.
|
||||
Access is delegated to Access Engineers (SP 2) and Systems Administrators (SP 3).
|
||||
Legal ownership may be delegated by agreement to other organisations (SP 9.4).
|
||||
</p>
|
||||
|
||||
<h3 id="g0.0.4">Software </h3>
|
||||
<!-- A.1.i: The configuration-control specification controls changes to software involved in: certs; data; comms to public -->
|
||||
<h4 id="g0.0.4.1">Controlled Software List </h4>
|
||||
|
||||
<p>
|
||||
Critical software is defined by Security Policy.
|
||||
</p>
|
||||
|
||||
<!--
|
||||
|
||||
<ul class="q">
|
||||
|
||||
<li> Following are questions for exec + audit, not policy.
|
||||
|
||||
<li>One thing that is not so well covered by CAcert is the last bullet point of A.1.i</li>
|
||||
|
||||
<li>"communicating with subscribers and with the general public."</li>
|
||||
|
||||
<li>website is under SP; maillists,blogs,etc are not.</li>
|
||||
|
||||
<li>as community has deliberately gone this direction, I suggest we argue it that way.</li>
|
||||
|
||||
<li> What is far more problematic is the failure to do CCA & Challenge notification.</li>
|
||||
|
||||
<li> What about translingo and voting? </li>
|
||||
|
||||
<li> See <a href="https://lists.cacert.org/wws/arc/cacert-sysadm/2010-02/msg00008.html">thread</a> </li>
|
||||
</ul>
|
||||
-->
|
||||
|
||||
<h4 id="g0.0.4.2">Change </h4>
|
||||
|
||||
<p> See Security Policy. </p>
|
||||
|
||||
<h4 id="g0.0.4.3">Control </h4>
|
||||
|
||||
<p>
|
||||
CAcert owns its code, or requires control over open source code in use
|
||||
by means of an approved free and open licence.
|
||||
Such code must be identified and managed by Software Assessment.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Developers transfer full rights to CAcert
|
||||
(in a similar fashion to documents),
|
||||
or organise their contributions under a
|
||||
proper free and open source code regime,
|
||||
as approved by Board.
|
||||
Where code is published
|
||||
(beyond scope of this document)
|
||||
care must be taken not to infringe licence conditions.
|
||||
For example, mingling issues with GPL.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The Software Assessment Team Leader
|
||||
maintains a registry of assignments
|
||||
of title or full licence,
|
||||
and a registry of software under approved open source licences.
|
||||
</p>
|
||||
|
||||
<h3 id="g0.0.5">Certificates </h3>
|
||||
|
||||
<!-- This section from A.1.b -->
|
||||
|
||||
<p> This section applies to Root and Sub-root certificates, not to End-entity (subscriber, member) certificates. </p>
|
||||
|
||||
<h4 id="g0.0.5.1">Certificates List </h4>
|
||||
|
||||
<p> Certificates (Root and sub-root) are to be listed in the CPS. </p>
|
||||
|
||||
<h4 id="g0.0.5.2">Changes </h4>
|
||||
|
||||
<p>
|
||||
Creation and handling of Certificates
|
||||
is controlled by Security Policy.
|
||||
Usage of Certificates
|
||||
is controlled by Certification Practice Statement.
|
||||
</p>
|
||||
|
||||
<h4 id="g0.0.5.3">Archive </h4>
|
||||
|
||||
<p> See Security Policy. </p>
|
||||
|
||||
<h3 id="g0.0.6">Logs </h3>
|
||||
|
||||
<!-- This section from A.1.k -->
|
||||
|
||||
<h4 id="g0.0.6.1">Controlled Logs List </h4>
|
||||
|
||||
<p> Logs are defined by Security Policy. </p>
|
||||
|
||||
<h4 id="g0.0.6.2">Changes </h4>
|
||||
|
||||
<p> Changes to Hardware, Software and Root Certificates are logged according to Security Policy. </p>
|
||||
|
||||
<h4 id="g0.0.6.3">Archive </h4>
|
||||
|
||||
<p> See Security Policy. </p>
|
||||
|
||||
<h3 id="g0.0.7">Data </h3>
|
||||
|
||||
<!-- This section from A.1.i-j, bullets 2,3 -->
|
||||
|
||||
<h4 id="g0.0.7.1">Types of Data </h4>
|
||||
|
||||
<p>
|
||||
Types of critical member data is defined by Assurance Policy.
|
||||
</p>
|
||||
|
||||
<h4 id="g0.0.7.2">Changes </h4>
|
||||
|
||||
<p>
|
||||
Changes and access to critical member data
|
||||
is as defined under Assurance Policy,
|
||||
CAcert Community Agreement and
|
||||
Dispute Resolution Policy.
|
||||
Implementation of
|
||||
collection and storage of critical member data
|
||||
(user interface software and databases)
|
||||
is defined by Security Policy.
|
||||
</p>
|
||||
|
||||
<h4 id="g0.0.7.3">Archive </h4>
|
||||
|
||||
<p>
|
||||
Data retention is controlled by Security Policy and CAcert Community Agreement.
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
780
www/policy/DisputeResolutionPolicy.html
Normal file
780
www/policy/DisputeResolutionPolicy.html
Normal file
|
@ -0,0 +1,780 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" lang="en">
|
||||
<title>Dispute Resulution Policy</title>
|
||||
<style type="text/css">
|
||||
<!--
|
||||
.comment {
|
||||
color : steelblue;
|
||||
}
|
||||
-->
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
|
||||
|
||||
<div class="comment">
|
||||
<table width="100%">
|
||||
|
||||
<tbody>
|
||||
<tr>
|
||||
<td rowspan="2">
|
||||
Name: DRP <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD7</a>
|
||||
<br>
|
||||
Status: POLICY <a href="https://wiki.cacert.org/PolicyDecisions#p20140731">p20140731</a>
|
||||
<br>
|
||||
Created: m20070919.3
|
||||
<br>
|
||||
Changed: p20110108, p20121213, p20130116
|
||||
|
||||
<br>
|
||||
Editor: <a style="color: steelblue" href="https://wiki.cacert.org/TeusHagen">Teus Hagen
|
||||
</a>
|
||||
<br>
|
||||
Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy"> CC-by-sa+DRP </a>
|
||||
</td>
|
||||
<td align="right" valign="top">
|
||||
<a href="https://www.cacert.org/policy/PolicyOnPolicy.php">
|
||||
<a href="https://www.cacert.org/policy/PolicyOnPolicy.php">
|
||||
<img src="images/cacert-policy.png" alt="DRP Status - POLICY" style="border-style: none;" height="31" width="88">
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
|
||||
<h1> Dispute Resolution Policy </h1>
|
||||
|
||||
<h2 id="g0.1">0. Introduction</h2>
|
||||
|
||||
<p>
|
||||
This is the Dispute Resolution Policy
|
||||
for the CAcert Community, consisting of CAcert Inc and Members who agree to the CAcert Community Agreement (CCA).
|
||||
Disputes arising out of
|
||||
operations by CAcert
|
||||
Inc
|
||||
and interactions between
|
||||
Members
|
||||
may be addressed through this policy.
|
||||
This document also presents the rules for
|
||||
resolution of disputes.
|
||||
</p>
|
||||
|
||||
<h3 id="g0.1.1">0.1. Nature of Disputes </h3>
|
||||
|
||||
<p>
|
||||
Disputes include:
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
Requests for non-routine support actions.
|
||||
CAcert support team has no authority to
|
||||
act outside the normal support facilities made
|
||||
available to
|
||||
Members;
|
||||
</li>
|
||||
<li>
|
||||
Classical disputes where a Member or another
|
||||
assert claims and demand remedies;
|
||||
</li>
|
||||
<li>
|
||||
Requests by external organisations, including
|
||||
legal processes from foreign courts;
|
||||
</li>
|
||||
<li>
|
||||
Events initiated for training purposes.
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h2 id="g0.2">1. Filing</h2>
|
||||
|
||||
<h3 id="g0.2.1">1.1. Filing Party</h3>
|
||||
<p>
|
||||
Anyone may file a dispute.
|
||||
In filing, they become <i>Claimants</i>.
|
||||
</p>
|
||||
|
||||
<h3 id="g0.2.2">1.2. Channel for Filing</h3>
|
||||
|
||||
<p>
|
||||
Disputes are filed by being sent to the normal
|
||||
support channel of CAcert,
|
||||
and a fee may be payable.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Such fees as are imposed on filing will be specified
|
||||
on the dispute resolution page of the website.
|
||||
</p>
|
||||
|
||||
<h3 id="g0.2.3">1.3. Case Manager</h3>
|
||||
<p>
|
||||
The Case Manager (CM) takes control of the filing.
|
||||
</p>
|
||||
|
||||
<ol>
|
||||
<li>
|
||||
CM makes an initial determination as
|
||||
to whether this filing is a dispute
|
||||
for resolution, or it is a request
|
||||
for routine support.
|
||||
</li>
|
||||
<li>
|
||||
CM logs the case and establishes such
|
||||
documentation and communications support as is customary.
|
||||
</li>
|
||||
<li>
|
||||
If any party acts immediately on the filing
|
||||
(such as an urgent security action),
|
||||
the CM names these parties to the case.
|
||||
</li>
|
||||
<li>
|
||||
CM selects the Arbitrator.
|
||||
</li>
|
||||
</ol>
|
||||
|
||||
<p>
|
||||
The personnel within the CAcert support team
|
||||
are Case Managers, by default, or as directed
|
||||
by the Dispute Resolution Officer (DRO).
|
||||
</p>
|
||||
|
||||
<h3 id="g0.2.4">1.4. Contents</h3>
|
||||
<p>
|
||||
The filing must specify:
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
The filing party(s), being the <i>Claimant(s)</i>.
|
||||
</li>
|
||||
<li>
|
||||
The party(s) to whom the complaint is addressed to,
|
||||
being the <i>Respondent(s)</i>.
|
||||
This will be CAcert in the
|
||||
case of requests for support actions.
|
||||
It may be a Member (possibly unidentified) in the
|
||||
case where one Member has given rise to a complaint against another.
|
||||
</li>
|
||||
<li>
|
||||
The <i>Complaint</i>.
|
||||
For example, a trademark has been infringed,
|
||||
privacy has been breached,
|
||||
or a Member has defrauded using a certificate.
|
||||
</li>
|
||||
<li>
|
||||
The action(s) requested by the filing party
|
||||
(technically, called the <i>relief</i>).
|
||||
For example, to delete an account,
|
||||
to revoke a certificate, or to stop a
|
||||
trademark infringement.
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<p>
|
||||
If the filing is inadequate for lack of information
|
||||
or for format, the Case Manager
|
||||
may refile with the additional information,
|
||||
attaching the original messages.
|
||||
</p>
|
||||
|
||||
<h3 id="g0.2.5">1.5. The Arbitrator</h3>
|
||||
|
||||
<p>
|
||||
The Case Manager selects the Arbitrator according
|
||||
to the mechanism managed by the
|
||||
DRO
|
||||
and approved from time to time.
|
||||
This mechanism is to maintain a list of Arbitrators available for
|
||||
dispute resolution.
|
||||
Each selected Arbitrator has the right to decline the dispute,
|
||||
and should decline a dispute with which there exists a conflict
|
||||
of interest.
|
||||
The reason for declining should be stated.
|
||||
If no Arbitrator accepts the dispute, the case is
|
||||
closed with status "declined."
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Arbitrators are experienced Assurers.
|
||||
They should be independent and impartial, including
|
||||
of CAcert Inc. itself where it becomes a party.
|
||||
</p>
|
||||
|
||||
<h2 id="g0.3">2. The Arbitration</h2>
|
||||
|
||||
|
||||
<h3 id="g0.3.1">2.1. Authority</h3>
|
||||
|
||||
<p>
|
||||
The Board of CAcert Inc. and the
|
||||
Members of the Community
|
||||
vest in Arbitrators
|
||||
full authority to hear disputes and deliver rulings
|
||||
which are binding on CAcert Inc. and the
|
||||
Members.
|
||||
</p>
|
||||
|
||||
|
||||
<h3 id="g0.3.2">2.2. Preliminaries</h3>
|
||||
|
||||
<p>
|
||||
The Arbitrator conducts some preliminaries:
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
The Arbitrator reviews the available documentation
|
||||
and affirms the rules of dispute resolution.
|
||||
Jurisdiction is established, see below.
|
||||
</li>
|
||||
<li>
|
||||
The Arbitrator affirms the governing law (NSW, Australia).
|
||||
The Arbitrator may select local law and local
|
||||
procedures where Claimants and all Respondents
|
||||
agree, are under such jurisdiction, and it is deemed
|
||||
more appropriate.
|
||||
However, this is strictly limited to those parties,
|
||||
and especially, CAcert Inc. and other parties
|
||||
remain under the governing law.
|
||||
</li>
|
||||
<li>
|
||||
The Arbitrator reviews the Respondents and Claimants
|
||||
with a view to dismissal or joining of additional parties.
|
||||
E.g., support personnel may be joined if emergency action was
|
||||
taken.
|
||||
</li>
|
||||
<li>
|
||||
Any parties that are not
|
||||
Members
|
||||
and are not bound by the
|
||||
CCA
|
||||
are given the opportunity to enter into
|
||||
CAcert and be bound by the
|
||||
CCA
|
||||
and these rules of arbitration.
|
||||
If
|
||||
these Non-Related Persons (NRPs)
|
||||
remain outside,
|
||||
their rights and remedies under CAcert's policies
|
||||
and forum are strictly limited to
|
||||
those
|
||||
specified in the
|
||||
Root Distribution License.
|
||||
NRPs
|
||||
may proceed with Arbitration subject to preliminary orders
|
||||
of the Arbitrator.
|
||||
</li>
|
||||
<li>
|
||||
Participating
|
||||
Members
|
||||
may not resign
|
||||
from the Community
|
||||
until the completion of the case.
|
||||
</li>
|
||||
<li>
|
||||
The Arbitrator confirms that all parties accept
|
||||
the forum of dispute resolution.
|
||||
This is especially important where a
|
||||
Member
|
||||
might be
|
||||
in a country with no Arbitration Act in law, or
|
||||
where there is reason to believe that a party might
|
||||
go to an external court.
|
||||
</li>
|
||||
<li>
|
||||
The Arbitrator confirms that parties are representing
|
||||
themselves. Parties are entitled to be legally
|
||||
represented, but are not encouraged to do so,
|
||||
bearing in mind the volunteer nature of the
|
||||
organisation and the size of the dispute.
|
||||
If they do so,
|
||||
they must declare such, including any changes.
|
||||
</li>
|
||||
<li>
|
||||
The Arbitrator may appoint experienced Assurers
|
||||
to assist and represent parties, especially for NRPs.
|
||||
The Case Manager must not provide such assistance.
|
||||
</li>
|
||||
<li>
|
||||
The Arbitrator is bound to maintain the balance
|
||||
of legal fairness.
|
||||
</li>
|
||||
<li>
|
||||
The Arbitrator may make any preliminary orders,
|
||||
including protection orders and orders referring
|
||||
to emergency actions already taken.
|
||||
</li>
|
||||
<li>
|
||||
The Arbitrator may request any written pleadings,
|
||||
counterclaims, and/or statements of defence.
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
|
||||
<h3 id="g0.3.3">2.3. Jurisdiction </h3>
|
||||
|
||||
<p>
|
||||
Jurisdiction - the right or power to hear and rule on
|
||||
disputes - is initially established by clauses in the
|
||||
CAcert Community Agreement.
|
||||
The agreement must establish:
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
That all Parties agree to binding Arbitration
|
||||
in CAcert's forum of dispute resolution;
|
||||
</li>
|
||||
<li>
|
||||
for all disputes relating to activities within
|
||||
CAcert, issued certificates, roles and actions, etc;
|
||||
</li>
|
||||
<li>
|
||||
as defined by these rules, including the selection
|
||||
of a single Arbitrator;
|
||||
</li>
|
||||
<li>
|
||||
under the Law of NSW, Australia; and
|
||||
</li>
|
||||
<li>
|
||||
the Parties keep email accounts in good working order.
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<p>
|
||||
An external court may have ("assert") jurisdiction to decide on
|
||||
issues such as trademark, privacy, contract and fraud,
|
||||
and may do so with legal remedies.
|
||||
These are areas where jurisdiction may need
|
||||
to be considered carefully:
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
Where NRPs, being not Members of CAcert and not
|
||||
bound by agreement, are parties to the dispute.
|
||||
E.g., intellectual property disputes may involve
|
||||
NRPs and their trademarks;
|
||||
</li>
|
||||
<li>
|
||||
criminal actions or actions likely to result in criminal
|
||||
proceedings,
|
||||
e.g., fraud;
|
||||
</li>
|
||||
<li>
|
||||
Contracts between
|
||||
Members
|
||||
that were formed without
|
||||
a clause to seek arbitration in the forum;
|
||||
</li>
|
||||
<li>
|
||||
Areas where laws fall outside the Arbitration Act,
|
||||
such as privacy;
|
||||
</li>
|
||||
<li>
|
||||
Legal process (subpoenas, etc) delivered by
|
||||
an external court of "competent jurisdiction."
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<p>
|
||||
The Arbitrator must consider jurisdiction and rule on a
|
||||
case by case basis whether jurisdiction is asserted,
|
||||
either wholly or partially, or declines to hear the case.
|
||||
In the event of asserting
|
||||
jurisdiction, and a NRP later decides to pursue rights in
|
||||
another forum, the Arbitrator should seek the agreement
|
||||
of the NRP to file the ruling as part of the new case.
|
||||
</p>
|
||||
|
||||
<h3 id="g0.3.4">2.4. Basis in Law </h3>
|
||||
|
||||
<p>
|
||||
Each country generally has an Arbitration Act
|
||||
that elevates Arbitration as a strong dispute
|
||||
resolution forum.
|
||||
The Act generally defers to Arbitration
|
||||
if the parties have so agreed.
|
||||
That is, as
|
||||
Members
|
||||
,
|
||||
you agree to resolve
|
||||
all disputes before CAcert's forum.
|
||||
This is sometimes called <i>private law</i>
|
||||
or <i>alternative dispute resolution</i>.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
As a matter of public policy, courts will generally
|
||||
refer any case back to Arbitration.
|
||||
Members
|
||||
should understand that they will have
|
||||
strictly limited rights to ask the courts to
|
||||
seek to have a case heard or to override a Ruling.
|
||||
</p>
|
||||
|
||||
|
||||
<h3 id="g0.3.5">2.5. External Courts </h3>
|
||||
|
||||
<p>
|
||||
When an external court claims and asserts its jurisdiction,
|
||||
and issues a court order, subpoena or other service to CAcert,
|
||||
the CM files the order as a dispute, with the external court
|
||||
as <i>Claimant</i>.
|
||||
The CM and other support staff are granted no authority to
|
||||
act on the basis of any court order, and ordinarily
|
||||
must await the order of the Arbitrator
|
||||
(which might simply be a repeat of the external court order).
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The Arbitrator establishes the bona fides of the
|
||||
court, and rules.
|
||||
The Arbitrator may rule to reject the order,
|
||||
for jurisdiction or other reasons.
|
||||
By way of example, if all Parties are
|
||||
Members,
|
||||
then jurisdiction more normally falls within the forum.
|
||||
If the Arbitrator rules to reject,
|
||||
he should do so only after consulting with CAcert Inc. counsel.
|
||||
The Arbitrator's jurisidiction is ordinarily that of
|
||||
dealing with the order, and
|
||||
not that which the external court has claimed to.
|
||||
</p>
|
||||
|
||||
|
||||
<h3 id="g0.3.6">2.6. Process</h3>
|
||||
|
||||
<p>
|
||||
The Arbitrator follows the procedure:
|
||||
</p>
|
||||
|
||||
|
||||
<ol>
|
||||
<li>
|
||||
Establish the facts.
|
||||
The Arbitrator collects the evidence from the parties.
|
||||
The Arbitrator may order CAcert Inc. or
|
||||
Members
|
||||
under jurisdiction to provide support or information.
|
||||
The Arbitrator may use email, phone or face-to-face
|
||||
meetings as proceedings.
|
||||
</li>
|
||||
<li>
|
||||
Apply the Rules of Dispute Resolution,
|
||||
the policies of CAcert and the governing law.
|
||||
The Arbitrator may request that the parties
|
||||
submit their views.
|
||||
The Arbitrator also works to the mission of CAcert,
|
||||
the benefit of all
|
||||
Members
|
||||
, and the community as a whole.
|
||||
The Arbitrator may
|
||||
seek
|
||||
any assistance.
|
||||
</li>
|
||||
<li>
|
||||
Makes a considered Ruling.
|
||||
</li>
|
||||
</ol>
|
||||
|
||||
<h2 id="g0.4">3. The Ruling</h2>
|
||||
|
||||
<h3 id="g0.4.1">3.1. The Contents </h3>
|
||||
|
||||
<p>
|
||||
The Arbitrator records:
|
||||
</p>
|
||||
|
||||
<ol>
|
||||
<li>
|
||||
The Identification of the Parties,
|
||||
</li>
|
||||
<li>
|
||||
The Facts,
|
||||
</li>
|
||||
<li>
|
||||
The logic of the rules and law,
|
||||
</li>
|
||||
<li>
|
||||
The directions and actions to be taken by each party
|
||||
(the ruling).
|
||||
</li>
|
||||
<li>
|
||||
The date and place that the ruling is rendered.
|
||||
</li>
|
||||
</ol>
|
||||
|
||||
|
||||
<h3 id="g0.4.2">3.2. Process </h3>
|
||||
<p>
|
||||
Once the Ruling is delivered, the case is closed.
|
||||
The Case Manager is responsible for recording the
|
||||
Ruling, publishing it, and advising Members.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Proceedings are ordinarily private.
|
||||
The Ruling is ordinarily published,
|
||||
within the bounds of the Privacy Policy.
|
||||
The Ruling is written in English.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Only under exceptional circumstances can the
|
||||
Arbitrator declare the Ruling private <i>under seal</i>.
|
||||
Such a declaration must be reviewed in its entirety
|
||||
by the Board,
|
||||
and the Board must confirm or deny that declaration.
|
||||
If it confirms, the existence of any Rulings under seal
|
||||
must be published to the
|
||||
Members
|
||||
in a timely manner
|
||||
(within days).
|
||||
</p>
|
||||
|
||||
<h3 id="g0.4.3">3.3. Binding and Final </h3>
|
||||
|
||||
<p>
|
||||
The Ruling is
|
||||
ordinarily final and binding
|
||||
on CAcert Inc.and all
|
||||
Members
|
||||
.
|
||||
Ordinarily, all
|
||||
Members
|
||||
agree to be bound by this dispute
|
||||
resolution policy.
|
||||
Members
|
||||
must declare in the Preliminaries
|
||||
any default in agreement or binding.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
If a person who is not a
|
||||
Member
|
||||
is a party to the dispute,
|
||||
then the Ruling is not binding and final on that person,
|
||||
but the Ruling must be presented in filing any dispute
|
||||
in another forum such as the person's local courts.
|
||||
</p>
|
||||
|
||||
<h3 id="g0.4.4">3.4. Review for Appeal</h3>
|
||||
|
||||
<p>
|
||||
In the eventof clear injustices, egregious behaviour or
|
||||
unconscionable Rulings,
|
||||
a review may be requested by filing a dispute.
|
||||
The new Arbitrator reviews the new dispute,
|
||||
re-examines and reviews the entire case, then rules on
|
||||
whether the case may be re-opened or not.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
If the Review Arbitrator rules the case be re-opened,
|
||||
then the Review Arbitrator refers the case to an Appeal Panel of 3.
|
||||
The Appeal Panel is led by a Senior Arbitrator,
|
||||
and is formed according to procedures established
|
||||
by the DRO from time to time.
|
||||
The Appeal Panel hears the case and delivers a final and binding Ruling.
|
||||
</p>
|
||||
|
||||
<h3 id="g0.4.5">3.5. Liability </h3>
|
||||
|
||||
<p>
|
||||
All liability of the Arbitrator for any act in
|
||||
connection with deciding a dispute is excluded
|
||||
by all parties, provided such act does not constitute
|
||||
an intentional breach of duty.
|
||||
All liability of the Arbitrators, CAcert Inc., its officers and its
|
||||
employees (including Case Manager)
|
||||
for any other act or omission in connection with
|
||||
arbitration proceedings is excluded, provided such acts do not
|
||||
constitute an intentional or grossly negligent breach of duty.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The above provisions may only be overridden by
|
||||
appeal process
|
||||
(by means of a new dispute causing referral to the Board).
|
||||
|
||||
</p>
|
||||
|
||||
<h3 id="g0.4.6">3.6. Remedies </h3>
|
||||
|
||||
<p>
|
||||
The Arbitrator generally instructs using internal remedies,
|
||||
that is ones that are within the general domain of
|
||||
the Community,
|
||||
but there are some external remedies at his disposal.
|
||||
He may rule and instruct any of the parties on these issues.
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
"community service" typically including
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
attend and assure people at trade shows / open source gatherings,
|
||||
</li>
|
||||
<li>
|
||||
writing documentation
|
||||
</li>
|
||||
<li>
|
||||
serve in a role - support, dispute arbitration
|
||||
</li>
|
||||
</ul>
|
||||
or others as decided.
|
||||
|
||||
</li>
|
||||
<li>
|
||||
Fined by loss of assurance points, which may result
|
||||
in losing Assurer or Assured status.
|
||||
|
||||
</li>
|
||||
<li>
|
||||
Retraining in role.
|
||||
|
||||
</li>
|
||||
<li>
|
||||
Revoking of any certificates.
|
||||
|
||||
</li>
|
||||
<li>
|
||||
Monetary fine up to the liability cap established for
|
||||
each party as described in the
|
||||
CAcert Community Agreement.
|
||||
|
||||
</li>
|
||||
<li>
|
||||
Exclusion from community.
|
||||
|
||||
</li>
|
||||
<li>
|
||||
Reporting to applicable authorities.
|
||||
|
||||
</li>
|
||||
<li>
|
||||
Changes to policies and procedures.
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<p>
|
||||
The Arbitrator is not limited within the general domain
|
||||
of CAcert, and may instruct novel remedies as seen fit.
|
||||
Novel remedies outside the domain may be routinely
|
||||
confirmed by the Board by way of appeal process,
|
||||
in order to establish precedent.
|
||||
|
||||
</p>
|
||||
|
||||
<h2 id="g0.5">4. Appendix</h2>
|
||||
|
||||
|
||||
<h3 id="g0.5.1">4.1. The Advantages of this Forum </h3>
|
||||
<p>
|
||||
The advantage of this process for
|
||||
Members
|
||||
is:
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
CAcert and Members operate across many jurisdictions.
|
||||
Arbitration allows us to select a single set of
|
||||
rules across all jurisdictions.
|
||||
</li>
|
||||
<li>
|
||||
Arbitration allows CAcert to appropriately separate
|
||||
out the routine support actions from difficult dispute
|
||||
actions. Support personnel have no authority to
|
||||
act, the appropriately selected Arbitrator has all
|
||||
authority to act.
|
||||
Good governance is thus maintained.
|
||||
</li>
|
||||
<li>
|
||||
This forum allows CAcert Members to look after themselves
|
||||
in a community, without exposing each other to potentially
|
||||
disastrous results in strange courts from foreign lands.
|
||||
</li>
|
||||
<li>
|
||||
By volunteering to resolve things "in-house" the costs
|
||||
are reduced.
|
||||
</li>
|
||||
<li>
|
||||
Even simple support issues such as password changing
|
||||
can be improved by treating as a dispute. A clear
|
||||
chain of request, analysis, ruling and action can be established.
|
||||
</li>
|
||||
<li>
|
||||
CAcert Assurers can develop the understanding and the rules
|
||||
for sorting out own problems far better than courts or
|
||||
other external agencies.
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h3 id="g0.5.2">4.2. The Disadvantages of this Forum </h3>
|
||||
|
||||
<p>
|
||||
Some disadvantages exist.
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
Membersmay have their rights trampled over.
|
||||
In such a case, the community should strive to
|
||||
re-open the case
|
||||
and refer it to the board.
|
||||
|
||||
|
||||
</li>
|
||||
<li>
|
||||
Members may feel overwhelmed by the formality
|
||||
of the process.
|
||||
It is kept formal so as to establish good and proper
|
||||
authority to act; otherwise, support and other
|
||||
people in power may act without thought and with
|
||||
damaging consequences.
|
||||
</li>
|
||||
<li>
|
||||
A country may not have an Arbitration Act.
|
||||
In that case, the parties should enter into
|
||||
spirit of the forum.
|
||||
If they choose to break that spirit,
|
||||
they should also depart the community.
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h3 id="g0.5.3">4.3. Process and Flow </h3>
|
||||
|
||||
<p>
|
||||
To the extent reasonable, the Arbitrator conducts
|
||||
the arbitration as with any legal proceedings.
|
||||
This means that the process and style should follow
|
||||
legal tradition.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
However, the Arbitrator is unlikely to be trained in
|
||||
law. Hence, common sense must be applied, and the
|
||||
Arbitrator has wide latitude to rule on any particular
|
||||
motion, pleading, submission. The Arbitrator's ruling
|
||||
is final within the arbitration.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Note also that many elements of legal proceedings are
|
||||
deliberately left out of the rules.
|
||||
</p>
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -1,794 +1,4 @@
|
|||
<?='<?xml version="1.0" encoding="utf-8"?>'?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
||||
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" />
|
||||
<title>Dispute Resulution Policy</title>
|
||||
<style type="text/css">
|
||||
<!--
|
||||
.first-does-not-work {
|
||||
color : red;
|
||||
}
|
||||
.comment {
|
||||
color : steelblue;
|
||||
}
|
||||
.q {
|
||||
color : green;
|
||||
font-weight: bold;
|
||||
text-align: center;
|
||||
font-style:italic;
|
||||
}
|
||||
.change {
|
||||
color : blue;
|
||||
font-weight: bold;
|
||||
}
|
||||
.change2 {
|
||||
color : steelblue;
|
||||
}
|
||||
.strike {
|
||||
color : blue;
|
||||
text-decoration:line-through;
|
||||
}
|
||||
.draftadd {
|
||||
color : darkblue;
|
||||
font-weight: bold;
|
||||
font-style: italic;
|
||||
}
|
||||
.draftdrop {
|
||||
color : darkblue;
|
||||
text-decoration:line-through;
|
||||
font-style: italic;
|
||||
}
|
||||
-->
|
||||
</style>
|
||||
|
||||
</head>
|
||||
<body>
|
||||
|
||||
|
||||
|
||||
<div class="comment">
|
||||
<table width="100%">
|
||||
|
||||
<tr>
|
||||
<td>
|
||||
Name: DRP <a style="color: steelblue" href="//svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD7</a><br />
|
||||
Status: POLICY <a style="color: steelblue" href="//wiki.cacert.org/wiki/TopMinutes-20070917">m20070919.3</a><br />
|
||||
<span class="draftadd">DRAFT p20110108 p20121213</span> <br />
|
||||
Editor: <a style="color: steelblue" href="//wiki.cacert.org/TeusHagen">Teus Hagen
|
||||
</a><br />
|
||||
Licence: <a style="color: steelblue" href="//wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br /></td>
|
||||
<td valign="top" align="right">
|
||||
<a href="//www.cacert.org/policy/PolicyOnPolicy.php"><img src="/images/cacert-policy.png" alt="TTP-Assist Status - POLICY" height="31" width="88" style="border-style: none;" /></a><br />
|
||||
<a href="//www.cacert.org/policy/PolicyOnPolicy.php"><img src="/images/cacert-draft.png" alt="TTP-Assist Status - DRAFT" height="31" width="88" style="border-style: none;" /></a>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
|
||||
<h1> Dispute Resolution Policy </h1>
|
||||
|
||||
<h2 id="s0"> 0. Introduction</h2>
|
||||
|
||||
<p>
|
||||
This is the Dispute Resolution Policy
|
||||
<span class="draftdrop">for CAcert</span>
|
||||
<span class="draftadd">for the CAcert Community, consisting of CAcert Inc and Members who agree to the CAcert Community Agreement (CCA)</span>.
|
||||
Disputes arising out of
|
||||
operations by CAcert
|
||||
<span class="draftadd">Inc</span>
|
||||
and interactions between
|
||||
<span class="draftadd">
|
||||
Members
|
||||
</span>
|
||||
may be addressed through this policy.
|
||||
This document also presents the rules for
|
||||
resolution of disputes.
|
||||
</p>
|
||||
|
||||
<h3 id="s0.1"> 0.1 Nature of Disputes </h3>
|
||||
|
||||
<p>
|
||||
Disputes include:
|
||||
</p>
|
||||
|
||||
<ul><li>
|
||||
Requests for non-routine support actions.
|
||||
CAcert support team has no authority to
|
||||
act outside the normal support facilities made
|
||||
available to
|
||||
<span class="draftadd">
|
||||
Members;
|
||||
</span>
|
||||
</li><li>
|
||||
Classical disputes where a <span class="draftadd">Member</span> or another
|
||||
assert claims and demand remedies;
|
||||
</li><li>
|
||||
Requests by external organisations, including
|
||||
legal processes from foreign courts;
|
||||
</li><li>
|
||||
Events initiated for training purposes.
|
||||
</li></ul>
|
||||
|
||||
<h2 id="s1"> 1. Filing</h2>
|
||||
|
||||
<h3 id="s1.1"> 1.1 Filing Party</h3>
|
||||
<p>
|
||||
Anyone may file a dispute.
|
||||
In filing, they become <i>Claimants</i>.
|
||||
</p>
|
||||
|
||||
<h3 id="s1.2"> 1.2 Channel for Filing</h3>
|
||||
|
||||
<p>
|
||||
Disputes are filed by being sent to the normal
|
||||
support channel of CAcert,
|
||||
and a fee may be payable.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Such fees as are imposed on filing will be specified
|
||||
on the dispute resolution page of the website.
|
||||
</p>
|
||||
|
||||
<h3 id="s1.3"> 1.3 Case Manager</h3>
|
||||
<p>
|
||||
The Case Manager (CM) takes control of the filing.
|
||||
</p>
|
||||
|
||||
<ol><li>
|
||||
CM makes an initial determination as
|
||||
to whether this filing is a dispute
|
||||
for resolution, or it is a request
|
||||
for routine support.
|
||||
</li><li>
|
||||
CM logs the case and establishes such
|
||||
documentation and communications support as is customary.
|
||||
</li><li>
|
||||
If any party acts immediately on the filing
|
||||
(such as an urgent security action),
|
||||
the CM names these parties to the case.
|
||||
</li><li>
|
||||
CM selects the Arbitrator.
|
||||
</li></ol>
|
||||
|
||||
<p>
|
||||
The personnel within the CAcert support team
|
||||
are Case Managers, by default, or as directed
|
||||
by the Dispute Resolution Officer <span class="change2">(DRO)</span>.
|
||||
</p>
|
||||
|
||||
<h3 id="s1.4"> 1.4 Contents</h3>
|
||||
<p>
|
||||
The filing must specify:
|
||||
</p>
|
||||
|
||||
<ul><li>
|
||||
The filing party(s), being the <i>Claimant(s)</i>.
|
||||
</li><li>
|
||||
The party(s) to whom the complaint is addressed to,
|
||||
being the <i>Respondent(s)</i>.
|
||||
This will be CAcert in the
|
||||
case of requests for support actions.
|
||||
It may be a <span class="draftadd">Member</span> (possibly unidentified) in the
|
||||
case where one <span class="draftadd">Member</span> has given rise to a complaint against another.
|
||||
</li><li>
|
||||
The <i>Complaint</i>.
|
||||
For example, a trademark has been infringed,
|
||||
privacy has been breached,
|
||||
or a <span class="draftadd">Member</span> has defrauded using a certificate.
|
||||
</li><li>
|
||||
The action(s) requested by the filing party
|
||||
(technically, called the <i>relief</i>).
|
||||
For example, to delete an account,
|
||||
to revoke a certificate, or to stop a
|
||||
trademark infringement.
|
||||
</li></ul>
|
||||
|
||||
<p>
|
||||
If the filing is inadequate for lack of information
|
||||
or for format, the Case Manager
|
||||
may refile with the additional information,
|
||||
attaching the original messages.
|
||||
</p>
|
||||
|
||||
<h3 id="s1.5"> 1.5 The Arbitrator</h3>
|
||||
|
||||
<p>
|
||||
The Case Manager selects the Arbitrator according
|
||||
to the mechanism managed by the
|
||||
<span class="change2">DRO</span> <!-- Dispute Resolution Officer -->
|
||||
and approved from time to time.
|
||||
This mechanism is to maintain a list of Arbitrators available for
|
||||
dispute resolution.
|
||||
Each selected Arbitrator has the right to decline the dispute,
|
||||
and should decline a dispute with which there exists a conflict
|
||||
of interest.
|
||||
The reason for declining should be stated.
|
||||
If no Arbitrator accepts the dispute, the case is
|
||||
closed with status "declined."
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Arbitrators are experienced Assurers <span class="draftdrop">of CAcert</span>.
|
||||
They should be independent and impartial, including
|
||||
of CAcert <span class="draftadd">Inc.</span> itself where it becomes a party.
|
||||
</p>
|
||||
|
||||
<h2 id="s2"> 2. The Arbitration</h2>
|
||||
|
||||
|
||||
<h3 id="s2.1"> 2.1 Authority</h3>
|
||||
|
||||
<p>
|
||||
The Board of CAcert <span class="draftadd">Inc.</span> and the
|
||||
<span class="draftadd">
|
||||
Members of the Community
|
||||
</span>
|
||||
vest in Arbitrators
|
||||
full authority to hear disputes and deliver rulings
|
||||
which are binding on CAcert <span class="draftadd">Inc.</span> and the
|
||||
<span class="draftadd">
|
||||
Members.
|
||||
</span>
|
||||
</p>
|
||||
|
||||
|
||||
<h3 id="s2.2"> 2.2 Preliminaries</h3>
|
||||
|
||||
<p>
|
||||
The Arbitrator conducts some preliminaries:
|
||||
</p>
|
||||
|
||||
<ul><li>
|
||||
The Arbitrator reviews the available documentation
|
||||
and affirms the rules of dispute resolution.
|
||||
Jurisdiction is established, see below.
|
||||
</li><li>
|
||||
The Arbitrator affirms the governing law (NSW, Australia).
|
||||
The Arbitrator may select local law and local
|
||||
procedures where Claimants and all Respondents
|
||||
agree, are under such jurisdiction, and it is deemed
|
||||
more appropriate.
|
||||
However, this is strictly limited to those parties,
|
||||
and especially, CAcert <span class="draftadd">Inc.</span> and other parties
|
||||
remain under the governing law.
|
||||
</li><li>
|
||||
The Arbitrator reviews the Respondents and Claimants
|
||||
with a view to dismissal or joining of additional parties.
|
||||
E.g., support personnel may be joined if emergency action was
|
||||
taken.
|
||||
</li><li>
|
||||
Any parties that are not
|
||||
<span class="draftadd">
|
||||
Members
|
||||
</span>
|
||||
and are not bound by the
|
||||
<span class="draftdrop">CPS</span> <span class="draftadd">CCA</span>
|
||||
are given the opportunity to enter into
|
||||
CAcert and be bound by the
|
||||
<span class="draftdrop">CPS</span> <span class="draftadd">CCA</span>
|
||||
and these rules of arbitration.
|
||||
If
|
||||
<!-- <span class="draftdrop">these Non-Related Persons (NRPs)</span> <span class="change">they</span> -->
|
||||
these Non-Related Persons (NRPs)
|
||||
remain outside,
|
||||
their rights and remedies under CAcert's policies
|
||||
and forum are strictly limited to
|
||||
<span class="strike">that</span> <span class="change2">those</span>
|
||||
specified in the
|
||||
<span class="draftdrop">Non-Related Persons -- Disclaimer and Licence</span> <span class="draftadd">Root Distribution License</span>.
|
||||
NRPs
|
||||
may proceed with Arbitration subject to preliminary orders
|
||||
of the Arbitrator.
|
||||
</li><li>
|
||||
Participating
|
||||
<span class="draftadd">
|
||||
Members
|
||||
</span>
|
||||
may not resign
|
||||
<span class="change2">
|
||||
from the Community
|
||||
</span>
|
||||
until the completion of the case.
|
||||
</li><li>
|
||||
The Arbitrator confirms that all parties accept
|
||||
the forum of dispute resolution.
|
||||
This is especially important where a
|
||||
<span class="draftadd">
|
||||
Member
|
||||
</span>
|
||||
might be
|
||||
in a country with no Arbitration Act in law, or
|
||||
where there is reason to believe that a party might
|
||||
go to an external court.
|
||||
</li><li>
|
||||
The Arbitrator confirms that parties are representing
|
||||
themselves. Parties are entitled to be legally
|
||||
represented, but are not encouraged to do so,
|
||||
bearing in mind the volunteer nature of the
|
||||
organisation and the size of the dispute.
|
||||
If they do so<span class="change2">,</span>
|
||||
they must declare such, including any changes.
|
||||
</li><li>
|
||||
The Arbitrator may appoint experienced Assurers
|
||||
to assist and represent parties, especially for NRPs.
|
||||
The Case Manager must not provide such assistance.
|
||||
</li><li>
|
||||
The Arbitrator is bound to maintain the balance
|
||||
of legal fairness.
|
||||
</li><li>
|
||||
The Arbitrator may make any preliminary orders,
|
||||
including protection orders and orders referring
|
||||
to emergency actions already taken.
|
||||
</li><li>
|
||||
The Arbitrator may request any written pleadings,
|
||||
counterclaims, and/or statements of defence.
|
||||
</li></ul>
|
||||
|
||||
|
||||
<h3 id="s2.3"> 2.3 Jurisdiction </h3>
|
||||
|
||||
<p>
|
||||
Jurisdiction - the right or power to hear and rule on
|
||||
disputes - is initially established by clauses in the
|
||||
<span class="draftadd">
|
||||
CAcert Community Agreement.
|
||||
</span>
|
||||
The agreement must establish:
|
||||
</p>
|
||||
|
||||
<ul><li>
|
||||
That all Parties agree to binding Arbitration
|
||||
in CAcert's forum of dispute resolution;
|
||||
</li><li>
|
||||
for all disputes relating to activities within
|
||||
CAcert, issued certificates, roles and actions, etc;
|
||||
</li><li>
|
||||
as defined by these rules, including the selection
|
||||
of a single Arbitrator;
|
||||
</li><li>
|
||||
under the Law of NSW, Australia; and
|
||||
</li><li>
|
||||
the Parties keep email accounts in good working order.
|
||||
</li></ul>
|
||||
|
||||
<p>
|
||||
An external court may have ("assert") jurisdiction to decide on
|
||||
issues such as trademark, privacy, contract and fraud,
|
||||
and may do so with legal remedies.
|
||||
These are areas where jurisdiction may need
|
||||
to be considered carefully:
|
||||
</p>
|
||||
|
||||
<ul><li>
|
||||
Where NRPs, being not Members of CAcert and not
|
||||
bound by agreement, are parties to the dispute.
|
||||
E.g., intellectual property disputes may involve
|
||||
NRPs and their trademarks;
|
||||
</li><li>
|
||||
criminal actions or actions likely to result in criminal
|
||||
proceedings,
|
||||
e.g., fraud;
|
||||
</li><li>
|
||||
Contracts between
|
||||
<span class="draftadd">
|
||||
Members
|
||||
</span>
|
||||
that were formed without
|
||||
a clause to seek arbitration in the forum;
|
||||
</li><li>
|
||||
Areas where laws fall outside the Arbitration Act,
|
||||
such as privacy;
|
||||
</li><li>
|
||||
Legal process (subpoenas, etc) delivered by
|
||||
an external court of "competent jurisdiction."
|
||||
</li></ul>
|
||||
|
||||
<p>
|
||||
The Arbitrator must consider jurisdiction and rule on a
|
||||
case by case basis whether jurisdiction is asserted,
|
||||
either wholly or partially, or declines to hear the case.
|
||||
In the event of asserting
|
||||
jurisdiction, and a NRP later decides to pursue rights in
|
||||
another forum, the Arbitrator should seek the agreement
|
||||
of the NRP to file the ruling as part of the new case.
|
||||
</p>
|
||||
|
||||
<h3 id="s2.4"> 2.4 Basis in Law </h3>
|
||||
|
||||
<p>
|
||||
Each country generally has an Arbitration Act
|
||||
that elevates Arbitration as a strong dispute
|
||||
resolution forum.
|
||||
The Act generally defers to Arbitration
|
||||
if the parties have so agreed.
|
||||
That is, as
|
||||
<span class="draftadd">
|
||||
Members
|
||||
</span>
|
||||
<span class="draftdrop">users of CAcert</span>,
|
||||
you agree to resolve
|
||||
all disputes before CAcert's forum.
|
||||
This is sometimes called <i>private law</i>
|
||||
or <i>alternative dispute resolution</i>.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
As a matter of public policy, courts will generally
|
||||
refer any case back to Arbitration.
|
||||
<span class="draftadd">
|
||||
Members
|
||||
</span>
|
||||
should understand that they will have
|
||||
strictly limited rights to ask the courts to
|
||||
seek to have a case heard or to override a Ruling.
|
||||
</p>
|
||||
|
||||
|
||||
<h3 id="s2.5"> 2.5 External Courts </h3>
|
||||
|
||||
<p>
|
||||
When an external court claims and asserts its jurisdiction,
|
||||
and issues a court order, subpoena or other service to CAcert,
|
||||
the CM files the order as a dispute, with the external court
|
||||
as <i>Claimant</i>.
|
||||
The CM and other support staff are granted no authority to
|
||||
act on the basis of any court order, and ordinarily
|
||||
must await the order of the Arbitrator
|
||||
(which might simply be a repeat of the external court order).
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The Arbitrator establishes the bona fides of the
|
||||
court, and rules.
|
||||
The Arbitrator may rule to reject the order,
|
||||
for jurisdiction or other reasons.
|
||||
By way of example, if all Parties are
|
||||
<span class="draftadd">
|
||||
Members,
|
||||
</span>
|
||||
then jurisdiction more normally falls within the forum.
|
||||
If the Arbitrator rules to reject,
|
||||
he should do so only after consulting with CAcert <span class="draftadd">Inc.</span> counsel.
|
||||
The Arbitrator's jurisidiction is ordinarily that of
|
||||
dealing with the order, and
|
||||
not that which the external court has claimed to.
|
||||
</p>
|
||||
|
||||
|
||||
<h3 id="s2.6"> 2.6 Process</h3>
|
||||
|
||||
<p>
|
||||
The Arbitrator follows the procedure:
|
||||
</p>
|
||||
|
||||
|
||||
<ol><li>
|
||||
Establish the facts.
|
||||
The Arbitrator collects the evidence from the parties.
|
||||
The Arbitrator may order CAcert <span class="draftadd">Inc.</span> or
|
||||
<span class="draftadd">
|
||||
Members
|
||||
</span>
|
||||
under jurisdiction to provide support or information.
|
||||
The Arbitrator may use email, phone or face-to-face
|
||||
meetings as proceedings.
|
||||
</li><li>
|
||||
Apply the Rules of Dispute Resolution,
|
||||
the policies of CAcert and the governing law.
|
||||
The Arbitrator may request that the parties
|
||||
submit their views.
|
||||
The Arbitrator also works to the mission of CAcert,
|
||||
the benefit of all
|
||||
<span class="draftadd">
|
||||
Members
|
||||
</span>
|
||||
, and the community as a whole.
|
||||
The Arbitrator may
|
||||
<span class="draftadd">
|
||||
seek
|
||||
</span>
|
||||
any assistance.
|
||||
</li><li>
|
||||
Makes a considered Ruling.
|
||||
</li></ol>
|
||||
|
||||
<h2 id="s3"> 3. The Ruling</h2>
|
||||
|
||||
<h3 id="s3.1"> 3.1 The Contents </h3>
|
||||
|
||||
<p>
|
||||
The Arbitrator records:
|
||||
</p>
|
||||
|
||||
<ol><li>
|
||||
The Identification of the Parties,
|
||||
</li><li>
|
||||
The Facts,
|
||||
</li><li>
|
||||
The logic of the rules and law,
|
||||
</li><li>
|
||||
The directions and actions to be taken by each party
|
||||
(the ruling).
|
||||
</li><li>
|
||||
The date and place that the ruling is rendered.
|
||||
</li></ol>
|
||||
|
||||
|
||||
<h3 id="s3.2"> 3.2 Process </h3>
|
||||
<p>
|
||||
Once the Ruling is delivered, the case is closed.
|
||||
The Case Manager is responsible for recording the
|
||||
Ruling, publishing it, and advising <span class="draftadd">Members</span>.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Proceedings are ordinarily private.
|
||||
The Ruling is ordinarily published,
|
||||
within the bounds of the Privacy Policy.
|
||||
The Ruling is written in English.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Only under exceptional circumstances can the
|
||||
Arbitrator declare the Ruling private <i>under seal</i>.
|
||||
Such a declaration must be reviewed in its entirety
|
||||
by the Board,
|
||||
and the Board must confirm or deny that declaration.
|
||||
If it confirms, the existence of any Rulings under seal
|
||||
must be published to the
|
||||
<span class="draftadd">
|
||||
Members
|
||||
</span>
|
||||
in a timely manner
|
||||
(within days).
|
||||
</p>
|
||||
|
||||
<h3 id="s3.3"> 3.3 Binding and Final </h3>
|
||||
|
||||
<p>
|
||||
The Ruling is
|
||||
<!-- (DRAFT p20110108) -->
|
||||
<span class="draftadd">ordinarily final and binding </span>
|
||||
<span class="draftdrop">binding and final</span>
|
||||
on CAcert <span class="draftadd">Inc.</span> and all
|
||||
<span class="draftadd">
|
||||
Members
|
||||
</span>
|
||||
.
|
||||
Ordinarily, all
|
||||
<span class="draftadd">
|
||||
Members
|
||||
</span>
|
||||
agree to be bound by this dispute
|
||||
resolution policy.
|
||||
<span class="draftadd">
|
||||
Members
|
||||
</span>
|
||||
must declare in the Preliminaries
|
||||
any default in agreement or binding.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
If a person who is not a
|
||||
<span class="draftadd">
|
||||
Member
|
||||
</span>
|
||||
is a party to the dispute,
|
||||
then the Ruling is not binding and final on that person,
|
||||
but the Ruling must be presented in filing any dispute
|
||||
in another forum such as the person's local courts.
|
||||
</p>
|
||||
|
||||
<h3 id="s3.4"> 3.4 <span class="draftadd">Review for Appeal (DRAFT p20110108)</span> <span class="draftdrop">Re-opening the Case or Appeal</span> </h3>
|
||||
|
||||
<p>
|
||||
In the <span class="draftadd">event</span> <span class="draftdrop">case</span> of clear injustices, egregious behaviour or
|
||||
unconscionable Rulings,
|
||||
<span class="draftadd">
|
||||
a review may be requested by filing a dispute (DRAFT p20110108).
|
||||
</span>
|
||||
<span class="draftdrop">
|
||||
parties may seek to re-open the
|
||||
case by filing a dispute.
|
||||
</span>
|
||||
The new Arbitrator reviews the new dispute,
|
||||
re-examines and reviews the entire case, then rules on
|
||||
whether the case may be re-opened or not.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<span class="draftadd">
|
||||
If the Review Arbitrator rules the case be re-opened,
|
||||
then the Review Arbitrator refers the case to an Appeal Panel of 3.
|
||||
The Appeal Panel is led by a Senior Arbitrator,
|
||||
and is formed according to procedures established
|
||||
by the DRO from time to time.
|
||||
The Appeal Panel hears the case and delivers a final and binding Ruling.
|
||||
(DRAFT p20110108)
|
||||
</span>
|
||||
<span class="draftdrop">
|
||||
If the new Arbitrator rules the case be re-opened,
|
||||
then it is referred to the Board of CAcert Inc.
|
||||
The Board hears the case and delivers a final
|
||||
and binding Ruling.
|
||||
</span>
|
||||
</p>
|
||||
|
||||
<h3 id="s3.5"> 3.5 Liability </h3>
|
||||
|
||||
<p>
|
||||
All liability of the Arbitrator for any act in
|
||||
connection with deciding a dispute is excluded
|
||||
by all parties, provided such act does not constitute
|
||||
an intentional breach of duty.
|
||||
All liability of the Arbitrators, CAcert <span class="draftadd">Inc.</span>, its officers and its
|
||||
employees (including Case Manager)
|
||||
for any other act or omission in connection with
|
||||
arbitration proceedings is excluded, provided such acts do not
|
||||
constitute an intentional or grossly negligent breach of duty.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The above provisions may only be overridden by
|
||||
appeal process
|
||||
(by means of a new dispute causing referral to the Board).
|
||||
|
||||
</p>
|
||||
|
||||
<h3 id="s3.6"> 3.6 Remedies </h3>
|
||||
|
||||
<p>
|
||||
The Arbitrator generally instructs using internal remedies,
|
||||
that is ones that are within the general domain of
|
||||
<span class="draftdrop">CAcert</span>
|
||||
<span class="draftadd">the Community</span>,
|
||||
but there are some external remedies at his disposal.
|
||||
He may rule and instruct any of the parties on these issues.
|
||||
</p>
|
||||
|
||||
<ul><li>
|
||||
"community service" typically including
|
||||
<ul><li>
|
||||
attend and assure people at trade shows / open source gatherings,
|
||||
</li><li>
|
||||
writing documentation
|
||||
</li><li>
|
||||
serve in <span class="change2">a</span> role - support, dispute arbitration
|
||||
</li></ul>
|
||||
or others as decided.
|
||||
|
||||
</li><li>
|
||||
Fined by loss of assurance points, which may result
|
||||
in losing Assurer or Assured status.
|
||||
|
||||
</li><li>
|
||||
Retraining in role.
|
||||
|
||||
</li><li>
|
||||
Revoking of any certificates.
|
||||
|
||||
</li><li>
|
||||
Monetary fine up to the liability cap established for
|
||||
each party as described in the
|
||||
<span class="draftadd">
|
||||
CAcert Community Agreement.
|
||||
</span>
|
||||
|
||||
</li><li>
|
||||
Exclusion from community.
|
||||
|
||||
</li><li>
|
||||
Reporting to applicable authorities.
|
||||
|
||||
</li><li>
|
||||
Changes to policies and procedures.
|
||||
|
||||
</li></ul>
|
||||
|
||||
<p>
|
||||
The Arbitrator is not limited within the general domain
|
||||
of CAcert, and may instruct novel remedies as seen fit.
|
||||
Novel remedies outside the domain may be routinely
|
||||
confirmed by the Board by way of appeal process,
|
||||
in order to establish precedent.
|
||||
|
||||
</p>
|
||||
|
||||
<h2 id="s4"> 4. Appendix</h2>
|
||||
|
||||
|
||||
<h3 id="s4.1"> 4.1 The Advantages of this Forum </h3>
|
||||
<p>
|
||||
The advantage of this process for
|
||||
<span class="draftadd">
|
||||
Members
|
||||
</span>
|
||||
is:
|
||||
</p>
|
||||
|
||||
<ul><li>
|
||||
CAcert and <span class="draftadd">Members</span> operate across many jurisdictions.
|
||||
Arbitration allows us to select a single set of
|
||||
rules across all jurisdictions.
|
||||
</li><li>
|
||||
Arbitration allows CAcert to appropriately separate
|
||||
out the routine support actions from difficult dispute
|
||||
actions. Support personnel have no authority to
|
||||
act, the appropriately selected Arbitrator has all
|
||||
authority to act.
|
||||
Good governance is thus maintained.
|
||||
</li><li>
|
||||
This forum allows CAcert <span class="draftadd">Members</span> to look after themselves
|
||||
in a community, without exposing each other to potentially
|
||||
disastrous results in strange courts from foreign lands.
|
||||
</li><li>
|
||||
By volunteering to resolve things "in-house" the costs
|
||||
are reduced.
|
||||
</li><li>
|
||||
Even simple support issues such as password changing
|
||||
can be improved by treating as a dispute. A clear
|
||||
chain of request, analysis, ruling and action can be established.
|
||||
</li><li>
|
||||
CAcert Assurers can develop the understanding and the rules
|
||||
for sorting out own problems far better than courts or
|
||||
other external agencies.
|
||||
</li></ul>
|
||||
|
||||
<h3 id="s4.2"> 4.2 The Disadvantages of this Forum </h3>
|
||||
|
||||
<p>
|
||||
Some disadvantages exist.
|
||||
</p>
|
||||
|
||||
<ul><li>
|
||||
<span class="draftadd">Members</span> may have their rights trampled over.
|
||||
In such a case, the community should strive to
|
||||
re-open the case
|
||||
and refer it to the board.
|
||||
|
||||
|
||||
</li><li>
|
||||
<span class="draftadd">Members</span> may feel overwhelmed by the formality
|
||||
of the process.
|
||||
It is kept formal so as to establish good and proper
|
||||
authority to act; otherwise, support and other
|
||||
people in power may act without thought and with
|
||||
damaging consequences.
|
||||
</li><li>
|
||||
A country may not have an Arbitration Act.
|
||||
In that case, the parties should enter into
|
||||
spirit of the forum.
|
||||
If they choose to break that spirit,
|
||||
they should also depart the community.
|
||||
</li></ul>
|
||||
|
||||
<h3 id="s4.3"> 4.3 Process and Flow </h3>
|
||||
|
||||
<p>
|
||||
To the extent reasonable, the Arbitrator conducts
|
||||
the arbitration as with any legal proceedings.
|
||||
This means that the process and style should follow
|
||||
legal tradition.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
However, the Arbitrator is unlikely to be trained in
|
||||
law. Hence, common sense must be applied, and the
|
||||
Arbitrator has wide latitude to rule on any particular
|
||||
motion, pleading, submission. The Arbitrator's ruling
|
||||
is final within the arbitration.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Note also that many elements of legal proceedings are
|
||||
deliberately left out of the rules.
|
||||
</p>
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
||||
<?php
|
||||
header('HTTP/1.0 301 Moved Permanently');
|
||||
header('Location: DisputeResolutionPolicy.html');
|
||||
exit();
|
|
@ -1,14 +0,0 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
|
||||
<html>
|
||||
<head><title>NRP-DAL was replaced by the Root Distribution License</title></head>
|
||||
<body>
|
||||
<table border="1" bgcolor="#EEEEEE"><tr><td>
|
||||
|
||||
The document "Non Related Persons - Disclaimer And Licence" was replaced by the Root Distribution Licence, which can be found <a href="/policy/RootDistributionLicense.php">here</a>.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</body>
|
||||
</html>
|
408
www/policy/OrganisationAssurancePolicy.html
Normal file
408
www/policy/OrganisationAssurancePolicy.html
Normal file
|
@ -0,0 +1,408 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" lang="en">
|
||||
<title> Organisation Assurance Policy </title>
|
||||
<style type="text/css">
|
||||
<!--
|
||||
.comment {
|
||||
color : steelblue;
|
||||
}
|
||||
-->
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div class="comment">
|
||||
<table width="100%">
|
||||
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>
|
||||
Name: OAP <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD11</a>
|
||||
<br>
|
||||
|
||||
Status: POLICY <a href="https://wiki.cacert.org/PolicyDecisions#p20140731">p20140731</a>
|
||||
<br>
|
||||
Editor: Jens Paul
|
||||
<br>
|
||||
Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy"> CC-by-sa+DRP </a>
|
||||
<br>
|
||||
</td>
|
||||
<td align="right" valign="top">
|
||||
<a href="https://www.cacert.org/policy/PolicyOnPolicy.php">
|
||||
<img src="images/cacert-policy.png" alt="OAP Status - POLICY" style="border-style: none;" height="31" width="88">
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
<h1> Organisation Assurance Policy </h1>
|
||||
|
||||
<h2 id="s0"> 0. Preliminaries </h2>
|
||||
|
||||
<p>
|
||||
This policy describes how Organisation Assurers ("OAs")
|
||||
conduct Assurances on Organisations.
|
||||
It fits within the overall web-of-trust
|
||||
or Assurance process of CAcert.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
This policy is not a Controlled document, for purposes of
|
||||
Configuration Control Specification ("CCS").
|
||||
</p>
|
||||
|
||||
<h2 id="s1"> 1. Purpose </h2>
|
||||
|
||||
<p>
|
||||
Organisations with assured status can issue certificates
|
||||
directly with their own domains within.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The purpose and statement of the certificate remains
|
||||
the same as with ordinary users (natural persons)
|
||||
and as described in the CPS.
|
||||
</p>
|
||||
|
||||
<ul><li>
|
||||
The organisation named within is identified.
|
||||
</li><li>
|
||||
The organisation has been verified according
|
||||
to this policy.
|
||||
</li><li>
|
||||
The organisation is within the jurisdiction
|
||||
and can be taken to CAcert Arbitration.
|
||||
</li></ul>
|
||||
|
||||
|
||||
<h2 id="s2"> 2. Roles and Structure </h2>
|
||||
|
||||
<h3 id="s2.1"> 2.1 Assurance Officer </h3>
|
||||
|
||||
<p>
|
||||
The Assurance Officer ("AO")
|
||||
manages this policy and reports to the CAcert Inc. Committee ("Board").
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The AO manages all OAs and is responsible for process,
|
||||
the CAcert Organisation Assurance Programme ("COAP") form,
|
||||
OA training and testing, manuals, quality control.
|
||||
In these responsibilities, other Officers will assist.
|
||||
</p>
|
||||
<p>
|
||||
The OA is appointed by the Board.
|
||||
Where the OA is failing the Board decides.
|
||||
</p>
|
||||
|
||||
<h3 id="s2.2"> 2.2 Organisation Assurers </h3>
|
||||
|
||||
<p>
|
||||
</p>
|
||||
|
||||
<ol type="a"> <li>
|
||||
An OA must be an experienced Assurer
|
||||
<ol type="i">
|
||||
<li>Have 150 assurance points.</li>
|
||||
<li>Be fully trained and tested on all general Assurance processes.</li>
|
||||
</ol>
|
||||
|
||||
</li><li>
|
||||
Must be trained as Organisation Assurer.
|
||||
<ol type="i">
|
||||
<li> Global knowledge: This policy. </li>
|
||||
<li> Global knowledge: A OA manual covers how to do the process.</li>
|
||||
<li> Local knowledge: legal forms of organisations within jurisdiction.</li>
|
||||
<li> Basic governance. </li>
|
||||
<li> Training may be done a variety of ways,
|
||||
such as on-the-job, etc. </li>
|
||||
</ol>
|
||||
|
||||
</li><li>
|
||||
Must be tested.
|
||||
<ol type="i">
|
||||
<li> Global test: Covers this policy and the process. </li>
|
||||
<li> Local knowledge: Subsidiary Policy to specify. </li>
|
||||
<li> Tests to be created, approved, run, verified
|
||||
by CAcert only (not outsourced). </li>
|
||||
<li> Tests are conducted manually, not online/automatic. </li>
|
||||
<li> Documentation to be retained. </li>
|
||||
<li> Tests may include on-the-job components. </li>
|
||||
</ol>
|
||||
|
||||
</li><li>
|
||||
Must be approved.
|
||||
<ol type="i">
|
||||
<li> Two supervising OAs must sign-off on new OA,
|
||||
as trained, tested and passed.
|
||||
</li>
|
||||
<li> AO must sign-off on a new OA,
|
||||
as supervised, trained and tested.
|
||||
</li>
|
||||
</ol>
|
||||
</li>
|
||||
<li>The OA can decide when a CAcert
|
||||
(individual) Assurer
|
||||
has done several OA Application Advises to appoint this
|
||||
person to OA Assurer.
|
||||
</li>
|
||||
|
||||
</ol>
|
||||
|
||||
<h3 id="s2.3"> 2.3 Organisation Assurance Advisor ("OAA") </h3>
|
||||
<p>
|
||||
In countries/states/provinces where no OA Assurers are
|
||||
operating for an OA Application (COAP) the OA
|
||||
can be advised by an experienced local CAcert
|
||||
(individual) Assurer to take the decision
|
||||
to accept the OA Application (COAP) of the organisation.
|
||||
</p>
|
||||
<p>
|
||||
The local Assurer must have at least 150 Points,
|
||||
should know the language, and know
|
||||
the organisation trade office registry culture and quality.
|
||||
</p>
|
||||
|
||||
|
||||
<h3 id="s2.4"> 2.4 Organisation Administrator </h3>
|
||||
|
||||
<p>
|
||||
The Administrator within each Organisation ("O-Admin")
|
||||
is the one who handles the assurance requests
|
||||
and the issuing of certificates.
|
||||
</p>
|
||||
|
||||
<ol type="a"> <li>
|
||||
O-Admin must be Assurer
|
||||
<ol type="i">
|
||||
<li>Have 100 assurance points.</li>
|
||||
<li>Fully trained and tested as Assurer.</li>
|
||||
</ol>
|
||||
|
||||
</li><li>
|
||||
Organisation is required to appoint O-Admin,
|
||||
and appoint ones as required.
|
||||
<ol type="i">
|
||||
<li> On COAP Request Form.</li>
|
||||
</ol>
|
||||
|
||||
</li><li>
|
||||
O-Admin must work with an assigned OA.
|
||||
<ol type="i">
|
||||
<li> Have contact details.</li>
|
||||
</ol>
|
||||
</ol>
|
||||
|
||||
|
||||
<h2 id="s3"> 3. Policies </h2>
|
||||
|
||||
<h3 id="s3.1"> 3.1 Policy </h3>
|
||||
|
||||
<p>
|
||||
There is one policy being this present document,
|
||||
and several subsidiary policies.
|
||||
</p>
|
||||
|
||||
<ol type="a">
|
||||
<li> This policy authorises the creation of subsidiary policies. </li>
|
||||
<li> This policy is international. </li>
|
||||
<li> Subsidiary policies are implementations of the policy. </li>
|
||||
<li> Organisations are assured under an appropriate subsidiary policy. </li>
|
||||
</ol>
|
||||
|
||||
<h3 id="s3.2"> 3.2 Subsidiary Policies </h3>
|
||||
|
||||
<p>
|
||||
The nature of the Subsidiary Policies ("SubPols"):
|
||||
</p>
|
||||
|
||||
<ol type="a"><li>
|
||||
SubPols are purposed to check the organisation
|
||||
under the rules of the jurisdiction that creates the
|
||||
organisation. This does not evidence an intention
|
||||
by CAcert to
|
||||
enter into the local jurisdiction, nor an intention
|
||||
to impose the rules of that jurisdiction over any other
|
||||
organisation.
|
||||
CAcert assurances are conducted under the jurisdiction
|
||||
of CAcert.
|
||||
</li><li>
|
||||
For OAs,
|
||||
SubPol specifies the <i>tests of local knowledge</i>
|
||||
including the local organisation assurance COAP forms.
|
||||
</li><li>
|
||||
For assurances,
|
||||
SubPol specifies the <i>local documentation forms</i>
|
||||
which are acceptable under this SubPol to meet the
|
||||
standard.
|
||||
</li><li>
|
||||
SubPols are subjected to the normal
|
||||
policy approval process.
|
||||
</li></ol>
|
||||
|
||||
<h3 id="s3.3"> 3.3 Freedom to Assemble </h3>
|
||||
|
||||
<p>
|
||||
Subsidiary Policies are open, accessible and free to enter.
|
||||
</p>
|
||||
|
||||
<ol type="a"><li>
|
||||
SubPols compete but are compatible.
|
||||
</li><li>
|
||||
No SubPol is a franchise.
|
||||
</li><li>
|
||||
Many will be on State or National lines,
|
||||
reflecting the legal
|
||||
tradition of organisations created
|
||||
("incorporated") by states.
|
||||
</li><li>
|
||||
However, there is no need for strict national lines;
|
||||
it is possible to have 2 SubPols in one country, or one
|
||||
covering several countries with the same language
|
||||
(e.g., Austria with Germany, England with Wales but not Scotland).
|
||||
</li><li>
|
||||
There could also be SubPols for special
|
||||
organisations, one person organisations,
|
||||
UN agencies, churches, etc.
|
||||
</li><li>
|
||||
Where it is appropriate to use the SubPol
|
||||
in another situation (another country?), it
|
||||
can be so approved.
|
||||
(e.g., Austrian SubPol might be approved for Germany.)
|
||||
The SubPol must record this approval.
|
||||
</li></ol>
|
||||
|
||||
|
||||
<h2 id="s4"> 4. Process </h2>
|
||||
|
||||
<h3 id="s4.1"> 4.1 Standard of Organisation Assurance </h3>
|
||||
<p>
|
||||
The essential standard of Organisation Assurance is:
|
||||
</p>
|
||||
|
||||
<ol type="a"><li>
|
||||
the organisation exists
|
||||
</li><li>
|
||||
the organisation name is correct and consistent:
|
||||
<ol type="i">
|
||||
<li>in official documents specified in SubPol.</li>
|
||||
<li>on COAP form.</li>
|
||||
<li>in CAcert database.</li>
|
||||
<li>form or type of legal entity is consistent</li>
|
||||
</ol>
|
||||
</li><li>
|
||||
signing rights:
|
||||
requestor can sign on behalf of the organisation.
|
||||
</li><li>
|
||||
the organisation has agreed to the terms of the
|
||||
CAcert Community Agreement
|
||||
and is therefore subject to Arbitration.
|
||||
</li></ol>
|
||||
|
||||
<p>
|
||||
Acceptable documents to meet above standard
|
||||
are stated in the SubPol.
|
||||
</p>
|
||||
|
||||
<h3 id="s4.2"> 4.2 COAP </h3>
|
||||
<p>
|
||||
The COAP form documents the checks and the resultant
|
||||
assurance results to meet the standard.
|
||||
Additional information to be provided on form:
|
||||
</p>
|
||||
|
||||
<ol type="a"><li>
|
||||
CAcert account of O-Admin (email address?)
|
||||
</li><li>
|
||||
location:
|
||||
<ol type="i">
|
||||
<li>country (MUST).</li>
|
||||
<li>city (MUST).</li>
|
||||
<li>additional contact information (as required by SubPol).</li>
|
||||
</ol>
|
||||
</li><li>
|
||||
administrator account name(s) (1 or more)
|
||||
</li><li>
|
||||
domain name(s)
|
||||
</li><li>
|
||||
Agreement with
|
||||
CAcert Community Agreement.
|
||||
Statement and initials box for organisation
|
||||
and also for OA.
|
||||
</li><li>
|
||||
Date of completion of Assurance.
|
||||
Records should be maintained for 7 years from
|
||||
this date.
|
||||
</li></ol>
|
||||
|
||||
<p>
|
||||
The COAP should be in English. Where translations
|
||||
are provided, they should be matched to the English,
|
||||
and indication provided that the English is the
|
||||
ruling language (due to Arbitration requirements).
|
||||
</p>
|
||||
|
||||
<h3 id="s4.3"> 4.3 Jurisdiction </h3>
|
||||
|
||||
<p>
|
||||
Organisation Assurances are carried out by
|
||||
CAcert Inc. under its Arbitration jurisdiction.
|
||||
Actions carried out by OAs are under this regime.
|
||||
</p>
|
||||
|
||||
<ol type="a"><li>
|
||||
The organisation has agreed to the terms of the
|
||||
CAcert Community Agreement.
|
||||
</li><li>
|
||||
The organisation, the Organisation Assurers, CAcert and
|
||||
other related parties are bound into CAcert's jurisdiction
|
||||
and dispute resolution.
|
||||
</li><li>
|
||||
The OA is responsible for ensuring that the
|
||||
organisation reads, understands, intends and
|
||||
agrees to the
|
||||
CAcert Community Agreement.
|
||||
This OA responsibility should be recorded on COAP
|
||||
(statement and initials box).
|
||||
</li></ol>
|
||||
|
||||
<h2 id="s5"> 5. Exceptions </h2>
|
||||
|
||||
|
||||
<ol type="a"><li>
|
||||
<b> Conflicts of Interest.</b>
|
||||
An OA must not assure an organisation in which
|
||||
there is a close or direct relationship by, e.g.,
|
||||
employment, family, financial interests.
|
||||
Other conflicts of interest must be disclosed.
|
||||
</li><li>
|
||||
<b> Trusted Third Parties.</b>
|
||||
TTPs are not generally approved to be part of
|
||||
organisation assurance,
|
||||
but may be approved by subsidiary policies according
|
||||
to local needs.
|
||||
</li><li>
|
||||
<b>Exceptional Organisations.</b>
|
||||
(e.g., Vatican, International Space Station, United Nations)
|
||||
can be dealt with as a single-organisation
|
||||
SubPol.
|
||||
The OA creates the checks, documents them,
|
||||
and subjects them to to normal policy approval.
|
||||
</li><li>
|
||||
<b>DBA.</b>
|
||||
Alternative names for organisations
|
||||
(DBA, "doing business as")
|
||||
can be added as long as they are proven independently.
|
||||
E.g., registration as DBA or holding of registered trade mark.
|
||||
This means that the anglo law tradition of unregistered DBAs
|
||||
is not accepted without further proof.
|
||||
</li>
|
||||
</ol>
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -1,402 +1,4 @@
|
|||
<?='<?xml version="1.0" encoding="utf-8"?>'?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
||||
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<title> Organisation Assurance Policy </title>
|
||||
<style type="text/css">
|
||||
<!--
|
||||
.comment {
|
||||
color : steelblue;
|
||||
}
|
||||
-->
|
||||
</style>
|
||||
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div class="comment">
|
||||
<table width="100%">
|
||||
|
||||
<tr>
|
||||
<td>
|
||||
Name: OAP <a style="color: steelblue" href="//svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD11</a><br />
|
||||
|
||||
Status: POLICY/DRAFT <a style="color: steelblue" href="//wiki.cacert.org/wiki/TopMinutes-20070917">m20070918.x </a><br />
|
||||
|
||||
<span class="draftadd">DRAFT p20080401.1 </span> <br />
|
||||
Editor: Jens Paul <br />
|
||||
Licence: <a style="color: steelblue" href="//wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br /></td>
|
||||
<td valign="top" align="right">
|
||||
<a href="//www.cacert.org/policy/PolicyOnPolicy.html"><img src="/images/cacert-policy.png" alt="OAP Status - POLICY" height="31" width="88" style="border-style: none;" /></a><br />
|
||||
<a href="//www.cacert.org/policy/PolicyOnPolicy.html"><img src="/images/cacert-draft.png" alt="OAP Status - DRAFT" height="31" width="88" style="border-style: none;" /></a>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
|
||||
<h1> Organisation Assurance Policy </h1>
|
||||
|
||||
<h2 id="s0">0. Preliminaries </h2>
|
||||
|
||||
<p>
|
||||
This policy describes how Organisation Assurers ("OAs")
|
||||
conduct Assurances on Organisations.
|
||||
It fits within the overall web-of-trust
|
||||
or Assurance process of CAcert.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
This policy is not a Controlled document, for purposes of
|
||||
Configuration Control Specification ("CCS").
|
||||
</p>
|
||||
|
||||
<h2 id="s1"> 1. Purpose </h2>
|
||||
|
||||
<p>
|
||||
Organisations with assured status can issue certificates
|
||||
directly with their own domains within.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The purpose and statement of the certificate remains
|
||||
the same as with ordinary users (natural persons)
|
||||
and as described in the CPS.
|
||||
</p>
|
||||
|
||||
<ul><li>
|
||||
The organisation named within is identified.
|
||||
</li><li>
|
||||
The organisation has been verified according
|
||||
to this policy.
|
||||
</li><li>
|
||||
The organisation is within the jurisdiction
|
||||
and can be taken to CAcert Arbitration.
|
||||
</li></ul>
|
||||
|
||||
|
||||
<h2 id="s2"> 2. Roles and Structure </h2>
|
||||
|
||||
<h3 id="s2.1"> 2.1 Assurance Officer </h3>
|
||||
|
||||
<p>
|
||||
The Assurance Officer ("AO")
|
||||
manages this policy and reports to the CAcert Inc. Committee ("Board").
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The AO manages all OAs and is responsible for process,
|
||||
the CAcert Organisation Assurance Programme ("COAP") form,
|
||||
OA training and testing, manuals, quality control.
|
||||
In these responsibilities, other Officers will assist.
|
||||
</p>
|
||||
<p>
|
||||
The OA is appointed by the Board.
|
||||
Where the OA is failing the Board decides.
|
||||
</p>
|
||||
|
||||
<h3 id="s2.2"> 2.2 Organisation Assurers </h3>
|
||||
|
||||
<p>
|
||||
</p>
|
||||
|
||||
<ol type="a"> <li>
|
||||
An OA must be an experienced Assurer
|
||||
<ol type="i">
|
||||
<li>Have 150 assurance points.</li>
|
||||
<li>Be fully trained and tested on all general Assurance processes.</li>
|
||||
</ol>
|
||||
|
||||
</li><li>
|
||||
Must be trained as Organisation Assurer.
|
||||
<ol type="i">
|
||||
<li> Global knowledge: This policy. </li>
|
||||
<li> Global knowledge: A OA manual covers how to do the process.</li>
|
||||
<li> Local knowledge: legal forms of organisations within jurisdiction.</li>
|
||||
<li> Basic governance. </li>
|
||||
<li> Training may be done a variety of ways,
|
||||
such as on-the-job, etc. </li>
|
||||
</ol>
|
||||
|
||||
</li><li>
|
||||
Must be tested.
|
||||
<ol type="i">
|
||||
<li> Global test: Covers this policy and the process. </li>
|
||||
<li> Local knowledge: Subsidiary Policy to specify.</li>
|
||||
<li> Tests to be created, approved, run, verified
|
||||
by CAcert only (not outsourced). </li>
|
||||
<li> Tests are conducted manually, not online/automatic. </li>
|
||||
<li> Documentation to be retained. </li>
|
||||
<li> Tests may include on-the-job components. </li>
|
||||
</ol>
|
||||
|
||||
</li><li>
|
||||
Must be approved.
|
||||
<ol type="i">
|
||||
<li> Two supervising OAs must sign-off on new OA,
|
||||
as trained, tested and passed.
|
||||
</li>
|
||||
<li> AO must sign-off on a new OA,
|
||||
as supervised, trained and tested.
|
||||
</li>
|
||||
</ol>
|
||||
</li>
|
||||
<li>The OA can decide when a CAcert
|
||||
(individual) Assurer
|
||||
has done several OA Application Advises to appoint this
|
||||
person to OA Assurer.
|
||||
</li>
|
||||
|
||||
</ol>
|
||||
|
||||
<h3 id="s2.3"> 2.3 Organisation Assurance Advisor ("OAA") </h3>
|
||||
<p>In countries/states/provinces where no OA Assurers are
|
||||
operating for an OA Application (COAP) the OA
|
||||
can be advised by an experienced local CAcert
|
||||
(individual) Assurer to take the decision
|
||||
to accept the OA Application (COAP) of the organisation.
|
||||
</p>
|
||||
<p>
|
||||
The local Assurer must have at least 150 Points,
|
||||
should know the language, and know
|
||||
the organisation trade office registry culture and quality.
|
||||
</p>
|
||||
|
||||
|
||||
<h3 id="s2.4"> 2.4 Organisation Administrator </h3>
|
||||
|
||||
<p>
|
||||
The Administrator within each Organisation ("O-Admin")
|
||||
is the one who handles the assurance requests
|
||||
and the issuing of certificates.
|
||||
</p>
|
||||
|
||||
<ol type="a"> <li>
|
||||
O-Admin must be Assurer
|
||||
<ol type="i">
|
||||
<li>Have 100 assurance points.</li>
|
||||
<li>Fully trained and tested as Assurer.</li>
|
||||
</ol>
|
||||
|
||||
</li><li>
|
||||
Organisation is required to appoint O-Admin,
|
||||
and appoint ones as required.
|
||||
<ol type="i">
|
||||
<li> On COAP Request Form.</li>
|
||||
</ol>
|
||||
|
||||
</li><li>
|
||||
O-Admin must work with an assigned OA.
|
||||
<ol type="i">
|
||||
<li> Have contact details.</li>
|
||||
</ol>
|
||||
</ol>
|
||||
|
||||
|
||||
<h2 id="s3"> 3. Policies </h2>
|
||||
|
||||
<h3 id="s3.1"> 3.1 Policy </h3>
|
||||
|
||||
<p>
|
||||
There is one policy being this present document,
|
||||
and several subsidiary policies.
|
||||
</p>
|
||||
|
||||
<ol type="a">
|
||||
<li> This policy authorises the creation of subsidiary policies. </li>
|
||||
<li> This policy is international. </li>
|
||||
<li> Subsidiary policies are implementations of the policy. </li>
|
||||
<li> Organisations are assured under an appropriate subsidiary policy. </li>
|
||||
</ol>
|
||||
|
||||
<h3 id="s3.2"> 3.2 Subsidiary Policies </h3>
|
||||
|
||||
<p>
|
||||
The nature of the Subsidiary Policies ("SubPols"):
|
||||
</p>
|
||||
|
||||
<ol type="a"><li>
|
||||
SubPols are purposed to check the organisation
|
||||
under the rules of the jurisdiction that creates the
|
||||
organisation. This does not evidence an intention
|
||||
by CAcert to
|
||||
enter into the local jurisdiction, nor an intention
|
||||
to impose the rules of that jurisdiction over any other
|
||||
organisation.
|
||||
CAcert assurances are conducted under the jurisdiction
|
||||
of CAcert.
|
||||
</li><li>
|
||||
For OAs,
|
||||
SubPol specifies the <i>tests of local knowledge</i>
|
||||
including the local organisation assurance COAP forms.
|
||||
</li><li>
|
||||
For assurances,
|
||||
SubPol specifies the <i>local documentation forms</i>
|
||||
which are acceptable under this SubPol to meet the
|
||||
standard.
|
||||
</li><li>
|
||||
SubPols are subjected to the normal
|
||||
policy approval process.
|
||||
</li></ol>
|
||||
|
||||
<h3 id="s3.3"> 3.3 Freedom to Assemble </h3>
|
||||
|
||||
<p>
|
||||
Subsidiary Policies are open, accessible and free to enter.
|
||||
</p>
|
||||
|
||||
<ol type="a"><li>
|
||||
SubPols compete but are compatible.
|
||||
</li><li>
|
||||
No SubPol is a franchise.
|
||||
</li><li>
|
||||
Many will be on State or National lines,
|
||||
reflecting the legal
|
||||
tradition of organisations created
|
||||
("incorporated") by states.
|
||||
</li><li>
|
||||
However, there is no need for strict national lines;
|
||||
it is possible to have 2 SubPols in one country, or one
|
||||
covering several countries with the same language
|
||||
(e.g., Austria with Germany, England with Wales but not Scotland).
|
||||
</li><li>
|
||||
There could also be SubPols for special
|
||||
organisations, one person organisations,
|
||||
UN agencies, churches, etc.
|
||||
</li><li>
|
||||
Where it is appropriate to use the SubPol
|
||||
in another situation (another country?), it
|
||||
can be so approved.
|
||||
(e.g., Austrian SubPol might be approved for Germany.)
|
||||
The SubPol must record this approval.
|
||||
</li></ol>
|
||||
|
||||
|
||||
<h2 id="s4"> 4. Process </h2>
|
||||
|
||||
<h3 id="s4.1"> 4.1 Standard of Organisation Assurance </h3>
|
||||
<p>
|
||||
The essential standard of Organisation Assurance is:
|
||||
</p>
|
||||
|
||||
<ol type="a"><li>
|
||||
the organisation exists
|
||||
</li><li>
|
||||
the organisation name is correct and consistent:
|
||||
<ol type="i">
|
||||
<li>in official documents specified in SubPol.</li>
|
||||
<li>on COAP form.</li>
|
||||
<li>in CAcert database.</li>
|
||||
<li>form or type of legal entity is consistent</li>
|
||||
</ol>
|
||||
</li><li>
|
||||
signing rights:
|
||||
requestor can sign on behalf of the organisation.
|
||||
</li><li>
|
||||
the organisation has agreed to the terms of the
|
||||
CAcert Community Agreement
|
||||
and is therefore subject to Arbitration.
|
||||
</li></ol>
|
||||
|
||||
<p>
|
||||
Acceptable documents to meet above standard
|
||||
are stated in the SubPol.
|
||||
</p>
|
||||
|
||||
<h3 id="s4.2"> 4.2 COAP </h3>
|
||||
<p>
|
||||
The COAP form documents the checks and the resultant
|
||||
assurance results to meet the standard.
|
||||
Additional information to be provided on form:
|
||||
</p>
|
||||
|
||||
<ol type="a"><li>
|
||||
CAcert account of O-Admin (email address?)
|
||||
</li><li>
|
||||
location:
|
||||
<ol type="i">
|
||||
<li>country (MUST).</li>
|
||||
<li>city (MUST).</li>
|
||||
<li>additional contact information (as required by SubPol).</li>
|
||||
</ol>
|
||||
</li><li>
|
||||
administrator account name(s) (1 or more)
|
||||
</li><li>
|
||||
domain name(s)
|
||||
</li><li>
|
||||
Agreement with
|
||||
CAcert Community Agreement.
|
||||
Statement and initials box for organisation
|
||||
and also for OA.
|
||||
</li><li>
|
||||
Date of completion of Assurance.
|
||||
Records should be maintained for 7 years from
|
||||
this date.
|
||||
</li></ol>
|
||||
|
||||
<p>
|
||||
The COAP should be in English. Where translations
|
||||
are provided, they should be matched to the English,
|
||||
and indication provided that the English is the
|
||||
ruling language (due to Arbitration requirements).
|
||||
</p>
|
||||
|
||||
<h3 id="s4.3"> 4.3 Jurisdiction </h3>
|
||||
|
||||
<p>
|
||||
Organisation Assurances are carried out by
|
||||
CAcert Inc. under its Arbitration jurisdiction.
|
||||
Actions carried out by OAs are under this regime.
|
||||
</p>
|
||||
|
||||
<ol type="a"><li>
|
||||
The organisation has agreed to the terms of the
|
||||
CAcert Community Agreement.
|
||||
</li><li>
|
||||
The organisation, the Organisation Assurers, CAcert and
|
||||
other related parties are bound into CAcert's jurisdiction
|
||||
and dispute resolution.
|
||||
</li><li>
|
||||
The OA is responsible for ensuring that the
|
||||
organisation reads, understands, intends and
|
||||
agrees to the
|
||||
CAcert Community Agreement.
|
||||
This OA responsibility should be recorded on COAP
|
||||
(statement and initials box).
|
||||
</li></ol>
|
||||
|
||||
<h2 id="s5"> 5. Exceptions </h2>
|
||||
|
||||
|
||||
<ol type="a"><li>
|
||||
<b> Conflicts of Interest.</b>
|
||||
An OA must not assure an organisation in which
|
||||
there is a close or direct relationship by, e.g.,
|
||||
employment, family, financial interests.
|
||||
Other conflicts of interest must be disclosed.
|
||||
</li><li>
|
||||
<b> Trusted Third Parties.</b>
|
||||
TTPs are not generally approved to be part of
|
||||
organisation assurance,
|
||||
but may be approved by subsidiary policies according
|
||||
to local needs.
|
||||
</li><li>
|
||||
<b>Exceptional Organisations.</b>
|
||||
(e.g., Vatican, International Space Station, United Nations)
|
||||
can be dealt with as a single-organisation
|
||||
SubPol.
|
||||
The OA creates the checks, documents them,
|
||||
and subjects them to to normal policy approval.
|
||||
</li><li>
|
||||
<b>DBA.</b>
|
||||
Alternative names for organisations
|
||||
(DBA, "doing business as")
|
||||
can be added as long as they are proven independently.
|
||||
E.g., registration as DBA or holding of registered trade mark.
|
||||
This means that the anglo law tradition of unregistered DBAs
|
||||
is not accepted without further proof.
|
||||
</li></ol>
|
||||
</body>
|
||||
</html>
|
||||
<?php
|
||||
header('HTTP/1.0 301 Moved Permanently');
|
||||
header('Location: OrganisationAssurancePolicy.html');
|
||||
exit;
|
309
www/policy/OrganisationAssurancePolicy_Australia.html
Normal file
309
www/policy/OrganisationAssurancePolicy_Australia.html
Normal file
|
@ -0,0 +1,309 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" lang="en">
|
||||
<title>CACert Organisation Assurance Program sub-policy for Australia</title>
|
||||
<style type="text/css">
|
||||
<!--
|
||||
.comment {
|
||||
color : steelblue;
|
||||
}
|
||||
-->
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<h1>
|
||||
CAcert Organisation Assurance Program sub-policy for Australia
|
||||
</h1>
|
||||
<div class="comment">
|
||||
<table width="100%">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td rowspan="2">
|
||||
Name: CAcert Organisation Assurance Program sub-policy Australia<a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD11.AU</a>
|
||||
<br>
|
||||
Creation Date : 2008-04-02
|
||||
<br>
|
||||
Editor: Sam Johnston
|
||||
<br>
|
||||
Status: POLICY <a href="https://wiki.cacert.org/PolicyDecisions#p20140731">p20140731</a>
|
||||
<br>
|
||||
Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy">CC-by-sa+DRP</a>
|
||||
|
||||
</td>
|
||||
<td align="right" valign="top">
|
||||
<a href="https://www.cacert.org/policy/PolicyOnPolicy.php">
|
||||
<img src="images/cacert-policy.png" alt="OAP AU Status - POLICY" style="border-style: none;" height="31" width="88">
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
<h2 id="g0.1">0. Preliminaries </h2>
|
||||
|
||||
<p>
|
||||
This CAcert sub-policy extends the Organisation Assurance Policy
|
||||
("OAP") by specifying how the CAcert Organisation Assurance Program
|
||||
("COAP") is to be conducted by the assigned Organisation Assurer ("OA")
|
||||
under the supervision of the Assurance Officer ("AO") for entities
|
||||
within the defined scope.
|
||||
</p>
|
||||
|
||||
<h2 id="g0.2">1. Scope</h2>
|
||||
|
||||
<p>
|
||||
This sub-policy is applicable to:
|
||||
<br>
|
||||
</p>
|
||||
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
|
||||
<li>Australian legal entities:
|
||||
<br>
|
||||
|
||||
<ol style="list-style-type: lower-roman;">
|
||||
|
||||
<li>Sole Traders</li>
|
||||
|
||||
<li>Partnerships</li>
|
||||
|
||||
<li>Companies</li>
|
||||
|
||||
<li>Trusts</li>
|
||||
|
||||
<li>Government Bodies & Intrumentalities</li>
|
||||
|
||||
<li>Clubs & Associations</li>
|
||||
|
||||
</ol>
|
||||
|
||||
</li>
|
||||
</ol>
|
||||
|
||||
<h2 id="g0.3">2. Requirements </h2>
|
||||
|
||||
<p>
|
||||
This section describes any scope specific requirements that are not otherwise defined in the OAP.
|
||||
</p>
|
||||
|
||||
<h3 id="g0.3.1">2.1. Organisation </h3>
|
||||
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
|
||||
<li>For sole traders operating under their own name business name registration is OPTIONAL.</li>
|
||||
|
||||
<li>Applicants MUST be a valid legal entity but MAY have an arbitrary number of registered trading names.</li>
|
||||
|
||||
</ol>
|
||||
|
||||
<h3 id="g0.3.2">2.2. Records </h3>
|
||||
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
|
||||
<li>Digital Signatures MAY be accepted in Australia under the Electronic Transactions Act 2000.
|
||||
</li>
|
||||
|
||||
<li>Historic documents MAY be accepted where it can be proven that
|
||||
material changes have not been made (eg via absence of subsequent
|
||||
submissions in official document listings).</li>
|
||||
|
||||
</ol>
|
||||
|
||||
<h3 id="g0.3.3">2.3. Application Form </h3>
|
||||
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
|
||||
<li>The licensing authority MUST be specified as 'Australian
|
||||
Securities and Investments Commission (ASIC)' (for companies, trusts
|
||||
etc) or a state office of fair trading (for sole traders, partnerships
|
||||
and trading names).</li>
|
||||
|
||||
<li>Any applicable organisation identifiers (ACN/ABN/ARBN) MUST be
|
||||
specified where applicable (not required for sole traders operating
|
||||
under their own name).</li>
|
||||
|
||||
</ol>
|
||||
|
||||
<h2 id="g0.4">3. Registration </h2>
|
||||
|
||||
<h3 id="g0.4.1">3.1. Registries </h3>
|
||||
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
|
||||
<li>AusRegistry [<a title="AusRegistry" href="http://www.ausregistry.com.au/">http://www.ausregistry.com.au/</a>]
|
||||
<br>
|
||||
|
||||
<ol>
|
||||
|
||||
<li>.au ccTLD WHOIS [<a title="AusRegistry WHOIS" href="http://whois.ausregistry.net.au/">http://whois.ausregistry.net.au/</a>]
|
||||
<br>
|
||||
</li>
|
||||
</ol>
|
||||
</li>
|
||||
|
||||
<li>Australian Securities and Investments Commission ("ASIC") [<a title="Australian Securities and Investments Commission" href="http://www.asic.gov.au/">http://www.asic.gov.au/</a>]
|
||||
<br>
|
||||
|
||||
<ol style="list-style-type: lower-roman;">
|
||||
|
||||
<li>National Names Index [<a title="National Names Index" href="http://www.search.asic.gov.au/gns001.html">http://www.search.asic.gov.au/gns001.html</a>]
|
||||
<br>
|
||||
</li>
|
||||
</ol>
|
||||
</li>
|
||||
|
||||
<li>Australian state offices of fair trading [<a title="ACCC Contacts: State offices of fair trading" href="http://www.accc.gov.au/content/index.phtml/itemId/325459">http://www.accc.gov.au/content/index.phtml/itemId/325459</a>]
|
||||
<br>
|
||||
|
||||
<ol style="list-style-type: lower-roman;">
|
||||
|
||||
<li>ACT Office of Fair Trading (OFT) [<a title="ACT Office of Fair Trading (OFT)" href="http://www.fairtrading.act.gov.au/">http://www.fairtrading.act.gov.au/</a>]</li>
|
||||
|
||||
<li>NT Consumer Affairs [<a title="NT Consumer Affairs" href="http://www.nt.gov.au/justice/consaffairs/">http://www.nt.gov.au/justice/consaffairs/</a>]</li>
|
||||
|
||||
<li>NSW Office of Fair Trading (OFT) [<a title="NSW Office of Fair Trading (OFT)" href="http://www.fairtrading.nsw.gov.au/">http://www.fairtrading.nsw.gov.au</a>]</li>
|
||||
|
||||
<li>QLD Office of Fair Trading (OFT) [<a title="QLD Office of Fair Trading (OFT)" href="http://www.fairtrading.qld.gov.au/">http://www.fairtrading.qld.gov.au</a>]</li>
|
||||
|
||||
<li>SA Office of Fair Trading (OFT) [<a title="SA Office of Fair Trading (OFT)" href="http://www.ocba.sa.gov.au/">http://www.ocba.sa.gov.au</a>]</li>
|
||||
|
||||
<li>TAS Office of Fair Trading (OFT) [<a title="TAS Office of Fair Trading (OFT)" href="http://www.consumer.tas.gov.au/">http://www.consumer.tas.gov.au/</a>]</li>
|
||||
|
||||
<li>VIC Office of Fair Trading (OFT) [<a title="TAS Office of Fair Trading (OFT)" href="http://www.consumer.vic.gov.au/">http://www.consumer.vic.gov.au</a>]</li>
|
||||
|
||||
<li>WA Department of Consumer and Employment Protection (DOCEP) [<a title="Department of Consumer and Employment Protection, WA (DOCEP)" href="http://www.docep.wa.gov.au/">http://www.docep.wa.gov.au</a>]</li>
|
||||
|
||||
</ol>
|
||||
|
||||
</li>
|
||||
|
||||
<li>Australian Taxation Office ("ATO") [<a title="Australian Taxation Office" href="http://www.ato.gov.au/">http://www.ato.gov.au/</a>]
|
||||
<br>
|
||||
|
||||
<ol style="list-style-type: lower-roman;">
|
||||
|
||||
<li>Australian Business Register ("ABR") [<a title="Australian Business Register" href="http://www.abr.business.gov.au/">http://www.abr.business.gov.au/</a>]
|
||||
<br>
|
||||
</li>
|
||||
|
||||
</ol>
|
||||
|
||||
</li>
|
||||
|
||||
<li>Credit Reporting Agencies
|
||||
<br>
|
||||
|
||||
<ol style="list-style-type: lower-roman;">
|
||||
|
||||
<li>Dun & Bradstreet (Australia) [<a title="Dun & Bradstreet (Australia)" href="http://www.dnb.com.au/">http://www.dnb.com.au/</a>]
|
||||
<br></li>
|
||||
|
||||
<li>Veda Advantage [<a title="Veda Advantage" href="http://www.vedaadvantage.com/">http://www.vedaadvantage.com/</a>]
|
||||
<br></li>
|
||||
|
||||
</ol>
|
||||
|
||||
</li>
|
||||
|
||||
</ol>
|
||||
|
||||
<h3 id="g0.4.2">3.2. Agents </h3>
|
||||
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
|
||||
<li>ASIC
|
||||
<br>
|
||||
|
||||
<ol style="list-style-type: lower-roman;">
|
||||
|
||||
<li>ASIC Information Brokers [<a title="ASIC Information Brokers" href="http://www.asic.gov.au/asic/asic.nsf/byheadline/Information+brokers?openDocument">http://www.asic.gov.au/asic/asic.nsf/byheadline/Information+brokers?openDocument</a>]</li>
|
||||
|
||||
<li>ASIC Service Centers [<a title="ASIC Service Centers" href="http://www.asic.gov.au/asic/asic.nsf/byheadline/ASIC+Service+Centre+Addresses?openDocument">http://www.asic.gov.au/asic/asic.nsf/byheadline/ASIC+Service+Centre+Addresses?openDocument</a>]</li>
|
||||
|
||||
</ol>
|
||||
|
||||
</li>
|
||||
|
||||
</ol>
|
||||
|
||||
<h3 id="g0.4.3">3.3. Identifiers </h3>
|
||||
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
|
||||
<li>Australian Company Number ("ACN") is a unique 9 digit identifying
|
||||
number assigned by ASIC when a body becomes registered as a company
|
||||
under corporations law.</li>
|
||||
|
||||
<li>Australian Registered Body Number ("ARBN") is a unique 9 digit
|
||||
identifying number assigned by ASIC when a body is registered with them
|
||||
other than as a company, for example registrable Australian bodies.
|
||||
<br></li>
|
||||
|
||||
<li>Australian Business Number ("ABN") is a unique 11 digit
|
||||
identifying number issued to all entities registered in the Australian
|
||||
Business Register (ABR).</li>
|
||||
|
||||
</ol>
|
||||
|
||||
<h3 id="g0.4.4">3.4. Documents </h3>
|
||||
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
|
||||
<li>ASIC Company Extract</li>
|
||||
|
||||
<li>Credit File</li>
|
||||
|
||||
</ol>
|
||||
|
||||
<h2 id="g0.5">4. Processes </h2>
|
||||
|
||||
<h3 id="g0.5.1">4.1. Assurance </h3>
|
||||
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
|
||||
<li>Each person listed in an application MUST be individually assured and referenced by a confirmed email.</li>
|
||||
|
||||
<li>Sole traders operating under their own name MAY be automatically approved without further checks.</li>
|
||||
|
||||
<li>All other trading names (including companies) MUST be verified
|
||||
against the National Names Index and/or Australian Business Register,
|
||||
where the status MUST be 'Registered' or 'Active' respectively.</li>
|
||||
|
||||
<li>Partnership applicants MUST additionally be verified in the
|
||||
register as a current individual member and SHOULD be a managing
|
||||
partner.</li>
|
||||
|
||||
<li>Company applications MUST be made by an individual who is duly authorised to sign on behalf of the company:
|
||||
|
||||
<ol style="list-style-type: lower-roman;">
|
||||
|
||||
<li>Officeholder applicants (directors or preferably secretary)
|
||||
MUST be verified in an "ASIC Company Extract" (obtained for a fee
|
||||
reclaimable from the applicant by the OA from an ASIC Service Center or
|
||||
ASIC Information Broker) or "Credit File" from a "Credit Reporting
|
||||
Agency".</li>
|
||||
|
||||
<li>Any other applicant MUST prove that they are duly authorised to
|
||||
sign on behalf of the entity (for example via delegation and/or under
|
||||
replacible rules) to the satisfaction of the OA, for approval by the AO.</li>
|
||||
|
||||
</ol>
|
||||
|
||||
</li>
|
||||
|
||||
<li>Trust applications MUST be made by the trustee.</li>
|
||||
|
||||
<li>Government Body & Intrumentality applications MUST be made by
|
||||
a duly authorised person and the relevant authorisation must accompany
|
||||
the application.</li>
|
||||
|
||||
<li>Club & Association applications MUST be made by the secretary of the club or association.</li>
|
||||
|
||||
</ol>
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
1021
www/policy/OrganisationAssurancePolicy_Europe.html
Normal file
1021
www/policy/OrganisationAssurancePolicy_Europe.html
Normal file
File diff suppressed because it is too large
Load diff
138
www/policy/OrganisationAssurancePolicy_Germany.html
Normal file
138
www/policy/OrganisationAssurancePolicy_Germany.html
Normal file
|
@ -0,0 +1,138 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" lang="en">
|
||||
<title>CACert Organisation Assurance Program sub-policy for Germany</title>
|
||||
<style type="text/css">
|
||||
<!--
|
||||
.comment {
|
||||
color : steelblue;
|
||||
}
|
||||
-->
|
||||
</style>
|
||||
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<h1> Organisation Assurance - sub-policy for German organisations</h1>
|
||||
<div class="comment">
|
||||
<table width="100%">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td rowspan="2">
|
||||
Name: Organisation Assurance - sub-policy Germany <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD11.DE</a>
|
||||
<br>
|
||||
Creation Date : 2007-10-22
|
||||
<br>
|
||||
Editor: Jens Paul
|
||||
<br>
|
||||
Status: POLICY <a href="https://wiki.cacert.org/PolicyDecisions#p20140731">p20140731</a>
|
||||
<br>
|
||||
Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy">CC-by-sa+DRP</a>
|
||||
|
||||
</td>
|
||||
<td align="right" valign="top">
|
||||
<a href="https://www.cacert.org/policy/PolicyOnPolicy.php">
|
||||
<img src="images/cacert-policy.png" alt="OAP DE Status - POLICY" style="border-style: none;" height="31" width="88">
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
<h2 id="g0.1">0. Preliminaries</h2>
|
||||
This sub-policy describes how Organisation Assurers ("OAs") conduct assurances on German organisations.
|
||||
It fits within the overall web-of-trust or assurance process and the Organisation Assurance Policy (OAP) of CAcert.
|
||||
<br>
|
||||
|
||||
<br>
|
||||
|
||||
<br>
|
||||
|
||||
<h2 id="g0.2">1. Purpose</h2>
|
||||
This is a subsidiary policy to the OAP.
|
||||
<br>
|
||||
|
||||
<br>
|
||||
a. This sub-policy is applicable for the assurance of German organisations only.
|
||||
<br>
|
||||
b. This sub-policy is an implementation of the OAP.
|
||||
<br>
|
||||
c. In the below, where the Assurance Officer (AO) is referred to, this includes his local delegate.
|
||||
<br>
|
||||
|
||||
<br>
|
||||
|
||||
<br>
|
||||
|
||||
<h2 id="g0.3">2. Organisation Assurers</h2>
|
||||
|
||||
<h2 id="g0.4">3. Requirements for the Organisation Assurer</h2>
|
||||
In addition to the requirements defined in the OAP, an OA must meet the
|
||||
following requirements for assuring German organisations:
|
||||
<br>
|
||||
a. Knowledge on common legal forms of organisations in Germany.
|
||||
<br>
|
||||
b. Must pass an additional test on local knowledge even if he is already an OA.
|
||||
<br>
|
||||
c. Should help the AO to define local requirements.
|
||||
<br>
|
||||
|
||||
<br>
|
||||
|
||||
<br>
|
||||
|
||||
<h2 id="g0.5">4. Process</h2>
|
||||
|
||||
<h2 id="g0.6">5. Organisations</h2>
|
||||
Acceptable organisations under this sub-policy must be:
|
||||
<br>
|
||||
|
||||
<br>
|
||||
a. Organisations created under the rules of the German jurisdiction.
|
||||
<br>
|
||||
b. Organisations must not be revoked by a competent authority with direct oversight over the organisation.
|
||||
<br>
|
||||
|
||||
<br>
|
||||
|
||||
<h2 id="g0.7">6. Documents</h2>
|
||||
The organisation has to provide documents to prove the essential standard of Organisation Assurance as defined in the policy:
|
||||
<br>
|
||||
a. The primary mechanism to prove existence is to get an official
|
||||
extract from the official register, either via an online interface
|
||||
or via physical means (organisation is asked to carry the costs)
|
||||
<br>
|
||||
b. Where not available, an official document will be required from the company, subject to such checks as defined by the AO.
|
||||
<br>
|
||||
c. If copies of official extracts from the official register are provided, they must be officially certified
|
||||
<br>
|
||||
d. Extracts from the official register should not be older than 4 weeks.
|
||||
<br>
|
||||
e. The AO maintains a list of which specific documents and tests can be acceptable for the certain types
|
||||
of organisations.
|
||||
<br>
|
||||
f. The OA can ask for additional documents if needed to validate required information for the assurance action.
|
||||
<br>
|
||||
|
||||
<br>
|
||||
|
||||
<h2 id="g0.8">7. COAP</h2>
|
||||
<p>
|
||||
In addition to the checks defined in the policy, the COAP form for German organisations requires:
|
||||
<br>
|
||||
a. The OA must keep all documentation for 10 years.
|
||||
<br>
|
||||
b. Signatures from organisation officials must meet the following requirements
|
||||
<br>
|
||||
i. as legally specified for the type of organisation
|
||||
<br>
|
||||
ii. as specified in the official documents (f.e. the excerpt from the register)
|
||||
<br>
|
||||
iii. as delegated within the organisation (proof of delegation needed)
|
||||
</p>
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
202
www/policy/PolicyOnJuniorAssurersMembers.html
Normal file
202
www/policy/PolicyOnJuniorAssurersMembers.html
Normal file
|
@ -0,0 +1,202 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" lang="en">
|
||||
<title> CACert -- Policy On Junior Assurers / Members </title>
|
||||
<style type="text/css">
|
||||
.q {
|
||||
color : green;
|
||||
text-indent : 2em;
|
||||
font-weight: bold;
|
||||
font-style:italic;
|
||||
}
|
||||
.error {
|
||||
color : red;
|
||||
font-weight: bold;
|
||||
text-align: center;
|
||||
font-style:italic;
|
||||
}
|
||||
.change {
|
||||
color : blue;
|
||||
font-weight: bold;
|
||||
}
|
||||
.padding5 td{
|
||||
padding: 5px;
|
||||
}
|
||||
.r {
|
||||
text-align : right;
|
||||
}
|
||||
</style>
|
||||
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<h1> Policy On Junior Assurers / Members </h1>
|
||||
|
||||
<table style="width: 100%;">
|
||||
<tr>
|
||||
<td>
|
||||
Editor: Iang<br />
|
||||
Creation Date : <a href="https://svn.cacert.org/CAcert/Assurance/Minutes/20091215HamburgMiniTOP.html">20091215</a><br />
|
||||
Status: POLICY <a href="https://wiki.cacert.org/PolicyDecisions#p20130222">p20130222</a><br />
|
||||
Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br />
|
||||
</td><td class="r">
|
||||
<a href="https://www.cacert.org/policy/PolicyOnPolicy.html"><img src="images/cacert-policy.png" alt="PoJAM Status - POLICY" height="31" width="88" style="border-style: none;" /></a>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<h2 id="s0"> 0. Preliminaries </h2>
|
||||
<h3 id="s0.1"> 0.1 Authority.</h3>
|
||||
<p>This sub-policy extends the
|
||||
<a href="https://www.cacert.org/policy/AssurancePolicy.html">
|
||||
Assurance Policy</a> ("AP" => COD13)
|
||||
by specifying how Juniors can be brought into the
|
||||
CAcert Community.
|
||||
</p>
|
||||
|
||||
<h3 id="s0.2"> 0.2 Terms.</h3>
|
||||
|
||||
<ul>
|
||||
<li> <b>Minor</b> is a person who is not empowered to enter contracts as self under local laws.</li>
|
||||
<li> <b>Junior</b> is a person under 18. A Junior is probably a Minor.</li>
|
||||
<li> <b>Parent</b>. A competent adult that is legally responsible under local law for the Minor. E.g., a natural or adopted parent, or a legal guardian. Unless otherwise stated, the singular term Parent is used herein, and is used to cover all forms of persons that are legally responsible for the Minor. </li>
|
||||
</ul>
|
||||
|
||||
<h2 id="s1"> 1. Scope </h2>
|
||||
<p id="s1.1"><b> 1.1 </b>
|
||||
This policy applies to all Members of the CAcert Community.
|
||||
</p>
|
||||
|
||||
<p id="s1.2"><b> 1.2 </b>
|
||||
Although variations exist in different countries, CAcert works to a principle of no discrimination (Principles) and therefore imposes the same view across all countries.
|
||||
</p>
|
||||
|
||||
<h2 id="s2"> 2. Entering the Community </h2>
|
||||
<p id="s2.1"><b> 2.1 </b>
|
||||
There is no limit on age for membership of CAcert.
|
||||
</p>
|
||||
|
||||
<p id="s2.2"><b> 2.2 </b>
|
||||
Membership requires a legal contract to be formed. This can be formed one of two ways:
|
||||
</p>
|
||||
<ol>
|
||||
<li>the member has capacity to enter the contract themselves, or</li>
|
||||
<li>the member is a Minor and requires the consent of the Parent.</li>
|
||||
</ol>
|
||||
|
||||
<p id="s2.3"><b> 2.3 </b>
|
||||
The Assurer is responsible in all cases for confirming that the entry into the CAcert Community Agreement is founded. This means in practice that the Assurer has to confirm the above.
|
||||
</p>
|
||||
|
||||
<p id="s2.4"><b> 2.4 </b>
|
||||
A general situation in each country is that a Minor can only enter with Parental consent. In this case, the Assurer should confirm the consent of the Parent.
|
||||
</p>
|
||||
|
||||
<p id="s2.5"><b> 2.5 </b>
|
||||
The mechanism for confirming the Parent's consent is something that varies and is not covered by policy. The simple requirement here is that the Assurer makes a reliable statement (CARS) that consent is established, following these two declarations:
|
||||
</p>
|
||||
<blockquote>
|
||||
<p>
|
||||
The Assurer's declaration
|
||||
(specifically referring to Assurance Policy 1.1 part 4
|
||||
<a href="https://www.cacert.org/policy/AssurancePolicy.html#s1.1">AP1.1</a>):
|
||||
</p>
|
||||
<blockquote>
|
||||
<table class="padding5" border="1"><tr><td>
|
||||
This Assurance conducted according to Assurance Policy
|
||||
</td></tr></table>
|
||||
</blockquote>
|
||||
</blockquote>
|
||||
<blockquote>
|
||||
<p>
|
||||
The member's declaration:
|
||||
</p>
|
||||
<blockquote>
|
||||
<table class="padding5" border="1"><tr><td>
|
||||
I agree to the CCA
|
||||
</td></tr></table>
|
||||
</blockquote>
|
||||
</blockquote>
|
||||
|
||||
<p id="s2.6"><b> 2.6 </b>
|
||||
The Assurance Handbook (<a href="https://wiki.cacert.org/AssuranceHandbook2">AH</a>) should expand on common methods to establish and record consent. Such as, on a separate form, a modification to CAP form, etc.
|
||||
</p>
|
||||
|
||||
|
||||
<h2 id="s3"> 3. System Block </h2>
|
||||
<p id="s3.1"><b> 3.1 </b>
|
||||
Although there is no age limit in this policy, it is reasonable that the Assurer should check this issue closely below 18.
|
||||
</p>
|
||||
|
||||
<p id="s3.2"><b> 3.2 </b>
|
||||
For persons over 18, the Assurer may presume that the person has capacity to enter into a contract, in absence of any alternate suggestion. This is regardless of the legal circumstances of the country.
|
||||
</p>
|
||||
|
||||
<p id="s3.3"><b> 3.3 </b>
|
||||
Therefore, a change should be put into the system:
|
||||
</p>
|
||||
<blockquote>
|
||||
<p>
|
||||
If the member is under 18 years of age,<br />
|
||||
the system shall require the Assurer to confirm<br />
|
||||
that consent was established during the Assurance,<br />
|
||||
or otherwise as considered by the Assurer,<br />
|
||||
before additional higher reliance products are available.
|
||||
</p>
|
||||
</blockquote>
|
||||
<p>
|
||||
The system therefore will block all "reliance" products
|
||||
as defined by policy
|
||||
(issuance of named certificates under CPS, Assurer under AP),
|
||||
until consent is established as appropriate.
|
||||
</p>
|
||||
<p>
|
||||
The absence of this feature does not remove the duty of the Assurer (for example, because of delays in implementation).
|
||||
</p>
|
||||
|
||||
<p id="s3.4"><b> 3.4 </b>
|
||||
The first Assurers of a Member may then have the greater technical burden of explaining and confirming the consent, but the confirmation is required of all Assurers as part of the CAP.
|
||||
</p>
|
||||
|
||||
<p id="s3.5"><b> 3.5 </b>
|
||||
The Assurance Handbook (<a href="https://wiki.cacert.org/AssuranceHandbook2">AH</a>) should document more efficient methods, such as a single form carried by the Junior Member for showing to the Assurer, rather than the Parent's signature over each individual CAP form.
|
||||
</p>
|
||||
|
||||
|
||||
<h2 id="s4"> 4. The Junior Assurer </h2>
|
||||
<p id="s4.1"><b> 4.1 </b>
|
||||
Assurer status may only be granted if the user is at least 14 years old. Other preliminaries for the Assurer status set up by other policies are untouched. Combining AP and this policy, a Junior Assurer is a CAcert member with 100 Assurance Points, has passed the CAcert Assurer Challenge, and is between the ages of 14 and 18 years.
|
||||
</p>
|
||||
|
||||
<p id="s4.2"><b> 4.2 </b>
|
||||
A Junior Assurer can issue a maximum of 10 Assurance Points to an assuree, independent of how many Experience Points the Junior already has. The Experience Points awarded to the Junior Assurer are untouched.
|
||||
</p>
|
||||
|
||||
<p id="s4.3"><b> 4.3 </b>
|
||||
The Assurance Handbook (<a href="https://wiki.cacert.org/AssuranceHandbook2">AH</a>)
|
||||
should stipulate the convention as to how the Junior Assurer establishes bona fides.
|
||||
</p>
|
||||
|
||||
|
||||
<h2 id="s5"> 5. Arbitration </h2>
|
||||
<p>
|
||||
Arbitration with Juniors needs to take into account that a local court may find the CCA to be improperly imposed. Some understanding of this risk should be taken, but Arbitrators should be careful not to weaken the web of trust on this basis. Therefore, more care should be taken in explaining and ensuring the spirit of the CCA is maintained.
|
||||
</p>
|
||||
<ul>
|
||||
<li>
|
||||
The Parent may be concerned about the impact of an Arbitration. Technically, the consenting Parent is the one appearing in the Arbitration. The Arbitrator should recognise both the technical (legal) meaning, but strive to maintain the spirit of the Junior member's appearance. For example, Arbitration documentation may name the Parent primarily, and refer to the Junior in text.
|
||||
</li>
|
||||
<li>
|
||||
The Arbitrator may appoint a senior Assurer to advise the Parent on the nature of the Community.
|
||||
</li>
|
||||
<li>
|
||||
A ruling should be tested by comparing it to an adult scenario.
|
||||
</li>
|
||||
</ul>
|
||||
<p>
|
||||
The counter-situation to a weak CCA agreement is that if a person (of any age) feels the CCA to be inappropriate, then they have not entered into the Community. The Arbitrator is at liberty to terminate the CCA with a Member, if there is a sustainable view that it is inappropriate. Such termination should include measures needed to repair the web of trust.
|
||||
</p>
|
||||
<p><a href="http://validator.w3.org/check?uri=referer"><img src="images/valid-html50-blue.png" alt="Valid HTML 5" height="31" width="88"></a></p>
|
||||
</body>
|
||||
</html>
|
356
www/policy/PolicyOnPolicy.html
Normal file
356
www/policy/PolicyOnPolicy.html
Normal file
|
@ -0,0 +1,356 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" lang="en">
|
||||
<title>Policy on Policy</title>
|
||||
<style type="text/css">
|
||||
<!--
|
||||
body {
|
||||
font-family : verdana, helvetica, arial, sans-serif;
|
||||
}
|
||||
|
||||
th {
|
||||
text-align : left;
|
||||
}
|
||||
|
||||
.comment {
|
||||
color : steelblue;
|
||||
}
|
||||
.q {
|
||||
color : green;
|
||||
font-weight: bold;
|
||||
text-align: center;
|
||||
font-style:italic;
|
||||
}
|
||||
-->
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div class="comment">
|
||||
|
||||
<table width="100%">
|
||||
|
||||
<tbody>
|
||||
<tr>
|
||||
|
||||
<td rowspan="2">
|
||||
Name: PoP <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD1</a>
|
||||
<br>
|
||||
Status: POLICY <a href="https://wiki.cacert.org/PolicyDecisions#p20140731">p20140731</a>
|
||||
<br>
|
||||
Editor: Iang 20080309
|
||||
<br>
|
||||
Changes: 20100507, 20130223, 20140731
|
||||
<br>
|
||||
Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy">CC-by-sa+DRP</a>
|
||||
<br>
|
||||
</td>
|
||||
|
||||
<td align="right" valign="top">
|
||||
<a href="https://www.cacert.org/policy/PolicyOnPolicy.php">
|
||||
<img src="images/cacert-policy.png" alt="PoP Status - POLICY" style="border-style: none;" height="31" width="88">
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
<p>
|
||||
<br>
|
||||
</p>
|
||||
|
||||
<h1> Policy on Policy </h1>
|
||||
|
||||
|
||||
|
||||
<h2 id="g0.1">0. Preliminaries </h2>
|
||||
<p>
|
||||
Policy on Policy adopts the IETF model of
|
||||
'rough consensus' to create CAcert documents
|
||||
within the open CAcert Policy Group <a href="https://lists.cacert.org/wws/info/cacert-policy"> mail list forum</a>.
|
||||
</p>
|
||||
|
||||
|
||||
<h2 id="g0.2">1. Scope and Purpose </h2>
|
||||
|
||||
<p id="s1.1">
|
||||
1.1
|
||||
This policy documents and controls the process by which
|
||||
CAcert creates and promulgates policies.
|
||||
</p>
|
||||
|
||||
<p id="s1.2">
|
||||
1.2
|
||||
The policy covers itself.
|
||||
The policy replaces prior ones.
|
||||
For Audit purposes,
|
||||
the policy is part of the Configuration-Control Specification
|
||||
("CCS", <a href="http://rossde.com/CA_review/CA_review_A.html#A1">DRC_A.1</a>)
|
||||
and also documents part of the CCS.
|
||||
</p>
|
||||
|
||||
<p id="s1.3">
|
||||
1.3
|
||||
The policies so created are generally binding on
|
||||
CAcert Inc., members under CAcert Community Agreement
|
||||
(CCA => COD9) and other related parties under other agreements.
|
||||
</p>
|
||||
|
||||
<p id="s1.4">
|
||||
1.4
|
||||
The Policy Officer manages all policies
|
||||
and the policy group.
|
||||
The policy group is formed on the open mailing list
|
||||
known as CAcert Policy Group, and is to be open to all
|
||||
Community Members of CAcert.
|
||||
</p>
|
||||
|
||||
|
||||
<h2 id="g0.3">2. Basic Model </h2>
|
||||
|
||||
<p id="s2.1">
|
||||
2.1
|
||||
The basic concept was drawn from the IETF model.
|
||||
</p>
|
||||
|
||||
<p id="s2.2">
|
||||
2.2
|
||||
Policies are documented.
|
||||
Documents start as <i>Work-In-Progress</i>, move through to
|
||||
<i>DRAFT</i> and finalise in <i>POLICY</i> status.
|
||||
</p>
|
||||
|
||||
<p id="s2.3">
|
||||
2.3
|
||||
Decisions are taken by "Rough Consensus."
|
||||
A vote may be called to clarify.
|
||||
</p>
|
||||
|
||||
<p id="s2.4">
|
||||
2.4
|
||||
Documents should include a minimum of information
|
||||
in a standardised format managed by the Documentation Officer:
|
||||
the Title,
|
||||
short name,
|
||||
Document Status,
|
||||
date the Status was reached,
|
||||
Editor,
|
||||
date / time of the last edit,
|
||||
Abstract.
|
||||
</p>
|
||||
|
||||
<p id="s2.5">
|
||||
2.5
|
||||
Editors may make the following changes, where
|
||||
it is clear that the change does not change the policy:</p>
|
||||
<ul>
|
||||
<li>
|
||||
fixes to errors in grammar and spelling,
|
||||
</li>
|
||||
<li>
|
||||
anchors, HTML errors, URLs & formatting,
|
||||
</li>
|
||||
<li>
|
||||
COD numbers and other references, and
|
||||
</li>
|
||||
<li>
|
||||
other minutiae, as agreed under 2.3.
|
||||
</li>
|
||||
</ul>
|
||||
<p>
|
||||
Such changes to be notified to the policy group, and to be folded into effect, etc, without further ado.
|
||||
</p>
|
||||
|
||||
|
||||
<p id="s2.6">
|
||||
2.6
|
||||
Documents of lower status (work-in-progress or DRAFT)
|
||||
must not be confusable with documents of higher status
|
||||
(DRAFT or POLICY).
|
||||
Copies should be eliminated where not being worked on.
|
||||
</p>
|
||||
|
||||
<h2 id="g0.4">3. Work-In-Progress </h2>
|
||||
|
||||
<p id="s3.1">
|
||||
3.1
|
||||
An Editor is identified.
|
||||
This person is responsible for
|
||||
drafting the document, following the consensus of the policy group.
|
||||
</p>
|
||||
|
||||
<p id="s3.2">
|
||||
3.2
|
||||
The Policy Officer resolves minor disputes and keeps order.
|
||||
</p>
|
||||
|
||||
<p id="s3.3">
|
||||
3.3
|
||||
The mail list of the policy group
|
||||
is used as the primary debating
|
||||
forum. A sub-group may be formed,
|
||||
but decision-taking
|
||||
should be visible on the main group.
|
||||
</p>
|
||||
|
||||
<p id="s3.4">
|
||||
3.4
|
||||
Documents start with the status of
|
||||
"Work-In-Progress" or WIP for short.
|
||||
</p>
|
||||
|
||||
|
||||
<h2 id="g0.5">4. DRAFT status </h2>
|
||||
|
||||
<p id="s4.1">
|
||||
4.1
|
||||
On completion, a document moves to DRAFT status.
|
||||
</p>
|
||||
|
||||
<p id="s4.2">
|
||||
4.2
|
||||
A DRAFT is a policy-in-effect for the Community and is
|
||||
to be distributed and treated as such.
|
||||
</p>
|
||||
|
||||
<p id="s4.3">
|
||||
4.3
|
||||
As far as the Community is concerned, the DRAFT is policy.
|
||||
Challenges and concerns can be addressed to the policy group,
|
||||
and policy group discussions on a DRAFT
|
||||
may be presented in Dispute Resolution.
|
||||
</p>
|
||||
|
||||
<p id="s4.4">
|
||||
4.4
|
||||
Revisions of DRAFTs
|
||||
must be treated as decisions on the policy group.
|
||||
</p>
|
||||
|
||||
<p id="s4.5">
|
||||
4.5
|
||||
The period of the DRAFT status is announced widely,
|
||||
which should be at least a month and no longer than a year.
|
||||
</p>
|
||||
|
||||
<p id="s4.6">
|
||||
4.6
|
||||
During the period of DRAFT,
|
||||
CAcert Inc. retains a veto over
|
||||
policies that effect the running of CAcert Inc.
|
||||
</p>
|
||||
|
||||
<h2 id="g0.6">5. POLICY status </h2>
|
||||
<p id="s5.1">
|
||||
5.1
|
||||
After DRAFT period has elapsed with no revision beyond
|
||||
minor and editorial changes,
|
||||
there should be a decision
|
||||
to move the document from
|
||||
DRAFT to POLICY status.
|
||||
</p>
|
||||
|
||||
<p id="s5.2">
|
||||
5.2
|
||||
Once POLICY, the Community may only challenge the document
|
||||
in Dispute Resolution.
|
||||
</p>
|
||||
|
||||
<p id="s5.3">
|
||||
5.3
|
||||
Policy group may propose changes to a POLICY document
|
||||
in order to update it. When changes move to DRAFT status,
|
||||
they may be included in the POLICY document,
|
||||
but must be clearly indicated within as DRAFT not POLICY.
|
||||
</p>
|
||||
|
||||
<p id="s5.4">
|
||||
5.4
|
||||
POLICY documents are published on the CAcert website in plain HTML. Change control must be in place.
|
||||
</p>
|
||||
|
||||
<h2 id="g0.7">6. Open Process </h2>
|
||||
|
||||
<p id="s6.1">
|
||||
6.1
|
||||
All policy discussions and documents should be open
|
||||
processes. There should be a fair chance for
|
||||
the Community
|
||||
to have their views heard.
|
||||
Rough Consensus is the working metric.
|
||||
</p>
|
||||
|
||||
<p id="s6.2">
|
||||
6.2
|
||||
Contributions to
|
||||
formally controlled documents such as Policies
|
||||
are transferred fully to CAcert Inc.
|
||||
Copyrights
|
||||
and similar intellectual property rights
|
||||
required to incorporate the Contribution
|
||||
are either transferred to CAcert Inc, or,
|
||||
are issued and contributed under free,
|
||||
open, non-restrictive,
|
||||
irrevocable, exclusive,
|
||||
and clear licence to CAcert Inc.
|
||||
In all cases, CAcert Inc licenses the
|
||||
contributions back to the community
|
||||
under an open licence.
|
||||
</p>
|
||||
|
||||
<p id="s6.3">
|
||||
6.3
|
||||
Contributors declare any conflicts of interest.
|
||||
</p>
|
||||
|
||||
<p id="s6.4">
|
||||
6.4
|
||||
Policies should be issued under free, open,
|
||||
non-restrictive,
|
||||
irrevocable, non-exclusive,
|
||||
and clear licence by CAcert, Inc.
|
||||
</p>
|
||||
|
||||
<p id="s6.5">
|
||||
6.5
|
||||
Mailing lists should be archived,
|
||||
and important meetings should be minuted.
|
||||
A record of decisions is to be maintained.
|
||||
</p>
|
||||
|
||||
<h2 id="g0.8">7. Disputes. </h2>
|
||||
|
||||
<p id="s7.1">
|
||||
7.1
|
||||
Any questions not resolved by these rules
|
||||
may be voted on in the policy group, or
|
||||
may be dealt with in Dispute Resolution.
|
||||
</p>
|
||||
|
||||
<p id="s7.2">
|
||||
7.2
|
||||
The Policy Officer may decide a tight vote in a minor matter only.
|
||||
Failure of Rough Consensus may be declared by
|
||||
dissenting members.
|
||||
</p>
|
||||
|
||||
<p id="s7.3">
|
||||
7.3
|
||||
Matters unresolved refer back
|
||||
to further group discussion.
|
||||
</p>
|
||||
|
||||
<p id="s7.4">
|
||||
7.4
|
||||
The external avenue for disputes is to file a dispute
|
||||
according to CAcert's
|
||||
<a href="https://www.cacert.org/policy/DisputeResolutionPolicy.php">
|
||||
Dispute Resolution Policy</a>
|
||||
DRP => COD7.
|
||||
</p>
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -1,287 +1,4 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
|
||||
<html>
|
||||
<head><title>Policy on Policy</title></head>
|
||||
<body>
|
||||
|
||||
<table width="100%">
|
||||
|
||||
<tr>
|
||||
<td> PoP </td>
|
||||
<td> </td>
|
||||
<td width="20%"> Iang </td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td> POLICY <a href="http://wiki.cacert.org/wiki/PolicyDecisions">p200800204.1</a> </td>
|
||||
<td> </td>
|
||||
<td>
|
||||
20080309
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td> COD1 </td>
|
||||
<td> </td>
|
||||
<td> </td>
|
||||
</tr>
|
||||
|
||||
|
||||
<tr>
|
||||
<td> </td>
|
||||
<td > <b>Policy on Policy</b> </td>
|
||||
<td> </td>
|
||||
</tr>
|
||||
|
||||
</table>
|
||||
|
||||
<h2> 0. Preliminaries </h2>
|
||||
<p>
|
||||
Policy on Policy adopts the IETF model of
|
||||
'rough consensus' to create CAcert documents
|
||||
within the open [policy] mail list forum.
|
||||
</p>
|
||||
|
||||
|
||||
<h2> 1. Scope and Purpose </h2>
|
||||
|
||||
<p>
|
||||
1.1
|
||||
This policy documents and controls the process by which
|
||||
CAcert creates and promulgates policies.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
1.2
|
||||
The policy covers itself.
|
||||
The policy replaces prior ones.
|
||||
For Audit purposes,
|
||||
the policy is part of the Configuration-Control Specification
|
||||
("CCS", <a href="http://rossde.com/CA_review/CA_review_A.html#A1">DRC_A.1</a>)
|
||||
and also documents part of the CCS.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
1.3
|
||||
The policies so created are generally binding on
|
||||
CAcert, registered users and related parties.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
1.4
|
||||
The Policy Officer manages all policies
|
||||
and the policy group.
|
||||
The policy group is formed on the open mailing list
|
||||
known as [policy], and is to be open to all
|
||||
Community Members of CAcert.
|
||||
</p>
|
||||
|
||||
<h2> 2. Basic Model </h2>
|
||||
|
||||
<p>
|
||||
2.1
|
||||
The basic concept was drawn from the IETF model.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
2.2
|
||||
Policies are documented.
|
||||
Documents start as <i>Work-In-Progress</i>, move through to
|
||||
<i>DRAFT</i> and finalise in <i>POLICY</i> status.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
2.3
|
||||
Decisions are taken by "Rough Consensus."
|
||||
A vote may be called to clarify.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
2.4
|
||||
Documents should include a minimum of information
|
||||
in a standardised format managed by the Documentation Officer:
|
||||
the Title,
|
||||
short name,
|
||||
Document Status,
|
||||
date the Status was reached,
|
||||
Editor,
|
||||
date / time of the last edit,
|
||||
Abstract.
|
||||
</p>
|
||||
|
||||
<h2> 3. Work-In-Progress </h2>
|
||||
|
||||
<p>
|
||||
3.1
|
||||
An Editor is identified.
|
||||
This person is responsible for
|
||||
drafting the document, following the consensus of the policy group.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
3.2
|
||||
The Policy Officer resolves minor disputes and keeps order.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
3.3
|
||||
The mail list of the policy group
|
||||
is used as the primary debating
|
||||
forum. A sub-group may be formed,
|
||||
but decision-taking
|
||||
should be visible on the main group.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
3.4
|
||||
Documents start with the status of
|
||||
"Work-In-Progress" or WIP for short.
|
||||
</p>
|
||||
|
||||
|
||||
<h2> 4. DRAFT status </h2>
|
||||
|
||||
<p>
|
||||
4.1
|
||||
On completion, a document moves to DRAFT status.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
4.2
|
||||
A DRAFT is a policy-in-effect for the Community and is
|
||||
to be distributed and treated as such.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
4.3
|
||||
As far as the Community is concerned, the DRAFT is policy.
|
||||
Challenges and concerns can be addressed to the policy group,
|
||||
and policy group discussions on a DRAFT
|
||||
may be presented in Dispute Resolution.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
4.4
|
||||
Revisions of DRAFTs
|
||||
must be treated as decisions on the policy group.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
4.5
|
||||
The period of the DRAFT status is announced widely,
|
||||
which should be at least a month and no longer than a year.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
4.6
|
||||
During the period of DRAFT,
|
||||
CAcert Inc. retains a veto over
|
||||
policies that effect the running of CAcert Inc.
|
||||
</p>
|
||||
|
||||
|
||||
<h2> 5. POLICY status </h2>
|
||||
<p>
|
||||
5.1
|
||||
After DRAFT period has elapsed with no revision beyond
|
||||
minor and editorial changes,
|
||||
there should be a decision
|
||||
to move the document from
|
||||
DRAFT to POLICY status.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
5.2
|
||||
Once POLICY, the Community may only challenge the document
|
||||
in Dispute Resolution.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
5.3
|
||||
Policy group may propose changes to a POLICY document
|
||||
in order to update it. When changes move to DRAFT status,
|
||||
they may be included in the POLICY document,
|
||||
but must be clearly indicated within as DRAFT not POLICY.
|
||||
</p>
|
||||
|
||||
<h2> 6. Open Process </h2>
|
||||
|
||||
<p>
|
||||
6.1
|
||||
All policy discussions and documents should be open
|
||||
processes. There should be a fair chance for
|
||||
the Community
|
||||
to have their views heard.
|
||||
Rough Consensus is the working metric.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
6.2
|
||||
Contributions to
|
||||
formally controlled documents such as Policies
|
||||
are transferred fully to CAcert Inc.
|
||||
Copyrights
|
||||
and similar intellectual property rights
|
||||
required to incorporate the Contribution
|
||||
are either transferred to CAcert Inc, or,
|
||||
are issued and contributed under free,
|
||||
open, non-restrictive,
|
||||
irrevocable, exclusive,
|
||||
and clear licence to CAcert Inc.
|
||||
In all cases, CAcert Inc licenses the
|
||||
contributions back to the community
|
||||
under an open licence.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
6.3
|
||||
Contributors declare any conflicts of interest.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
6.4
|
||||
Policies should be issued under free, open,
|
||||
non-restrictive,
|
||||
irrevocable, non-exclusive,
|
||||
and clear licence by CAcert, Inc.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
6.5
|
||||
Mailing lists should be archived,
|
||||
and important meetings should be minuted.
|
||||
</p>
|
||||
|
||||
<h2> 7. Disputes. </h2>
|
||||
|
||||
<p>
|
||||
7.1
|
||||
Any questions not resolved by these rules
|
||||
may be voted on in the policy group, or
|
||||
may be dealt with in Dispute Resolution.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
7.2
|
||||
The Policy Officer may decide a tight vote in a minor matter only.
|
||||
Failure of Rough Consensus may be declared by
|
||||
dissenting members.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
7.3
|
||||
Matters unresolved refer back
|
||||
to further group discussion.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
7.4
|
||||
The external avenue for disputes is to file a dispute
|
||||
according to CAcert's
|
||||
<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">
|
||||
Dispute Resolution Policy</a>
|
||||
DRP => COD7.
|
||||
</p>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
<?php
|
||||
header('HTTP/1.0 301 Moved Permanently');
|
||||
header('Location: PolicyOnPolicy.html');
|
||||
exit();
|
|
@ -1,53 +1,51 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head><title>Privacy Policy</title></head>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" lang="en">
|
||||
<style>
|
||||
.r {
|
||||
text-align : right;
|
||||
}
|
||||
</style>
|
||||
<title>Privacy Policy</title>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<table width="100%">
|
||||
<table style="width: 100%;">
|
||||
|
||||
<tr>
|
||||
<td> PP </td>
|
||||
<td> </td>
|
||||
<td width="20%"> </td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td> POLICY <a href="http://wiki.cacert.org/wiki/PolicyDecisions">m20060629</a> </td>
|
||||
<td> </td>
|
||||
<td>
|
||||
20060629
|
||||
Name: PP <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD5</a><br />
|
||||
Status: POLICY <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#m20060629">m20060629</a> <br />
|
||||
Changes: 20060629<br />
|
||||
Editor: <br />
|
||||
</td>
|
||||
<td class="r">
|
||||
<a href="https://www.cacert.org/policy/PolicyOnPolicy.html"><img src="images/cacert-policy.png" alt="PP Status - POLICY" height="31" width="88" style="border-style: none;" /></a>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td> COD5 </td>
|
||||
<td> </td>
|
||||
<td> </td>
|
||||
</tr>
|
||||
|
||||
|
||||
<tr>
|
||||
<td> </td>
|
||||
<td > <b>Privacy Policy</b> </td>
|
||||
<td> </td>
|
||||
</tr>
|
||||
|
||||
</table>
|
||||
|
||||
<h2> 0. Preliminaries </h2>
|
||||
|
||||
<p><br /><br /></p>
|
||||
|
||||
|
||||
|
||||
<h1>Privacy Policy</h1>
|
||||
|
||||
<h2 id="s0"> 0. Preliminaries </h2>
|
||||
<p>
|
||||
This policy discloses what information we gather about you when you visit any of our Web site, and when you issue or use our certificates. It describes how we use that information and how you can control it.
|
||||
</p>
|
||||
|
||||
|
||||
|
||||
<h2>1. Website information</h2>
|
||||
<h2 id="s1">1. Website information</h2>
|
||||
<p>
|
||||
We collect two kinds of information about website users: 1) data that users volunteer by signing up to our website or when you send us an email via our contact form; and 2) aggregated tracking data we collect when users interact with our site.
|
||||
</p>
|
||||
|
||||
<h2>2. Personal information</h2>
|
||||
<h2 id="s2">2. Personal information</h2>
|
||||
<p>
|
||||
When you post to the contact form, you must provide your name and email address. When you sign up to the website, you must provide your name, email address, date of birth and some lost pass phrase question and answers.
|
||||
</p>
|
||||
|
@ -55,12 +53,12 @@ When you post to the contact form, you must provide your name and email address.
|
|||
We only share your information with any other organisation when so instructed by a CAcert arbitrator.
|
||||
</p>
|
||||
|
||||
<h2>3. Aggregated tracking information</h2>
|
||||
<h2 id="s3">3. Aggregated tracking information</h2>
|
||||
<p>
|
||||
We analyse visitors' use of our sites by tracking information such as page views, traffic flow, search terms, and click through. We use this information to improve our sites. We also share this anonymous traffic and demographic information in aggregate form with advertisers and other business partners. We do not share any information with advertisers that can identify an individual user.
|
||||
</p>
|
||||
|
||||
<h2>4. Cookies</h2>
|
||||
<h2 id="s4">4. Cookies</h2>
|
||||
<p>
|
||||
Some of our advertisers use a third-party ad server to display ads. These ads may contain cookies. The ad server receives these cookies, and we don't have access to them.
|
||||
</p>
|
||||
|
@ -68,33 +66,33 @@ Some of our advertisers use a third-party ad server to display ads. These ads ma
|
|||
We don't use cookies to store personal information, we do use sessions, and if cookies are enabled, the session will be stored in a cookie, and we do not look for cookies, apart from the session id. However if cookies are disabled then no information will be stored on or looked for on your computer.
|
||||
</p>
|
||||
|
||||
<h2>5. Notification of changes</h2>
|
||||
<h2 id="s5">5. Notification of changes</h2>
|
||||
<p>
|
||||
If we change our Privacy Policy, we will post those changes on www.CAcert.org. If we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users via email. Users will be able to opt out of any new use of their personal information.
|
||||
</p>
|
||||
|
||||
<h2>6. How to update, correct, or delete your information</h2>
|
||||
<h2 id="s6">6. How to update, correct, or delete your information</h2>
|
||||
<p>
|
||||
You are able to update, add and remove your information at any time via our web interface, log into the 'My Account' and then click on the 'My Details' section, and then click the relevant link
|
||||
</p>
|
||||
|
||||
<h2>7. Privacy of certificates</h2>
|
||||
<h2 id="s7">7. Privacy of certificates</h2>
|
||||
<p>
|
||||
CAcert does not automatically publish the certificates through a directory service or the website to other people than the user who requested the certificate. In the future, the user might be able to opt-in for publication of the certificates through a directory server by CAcert.
|
||||
</p>
|
||||
|
||||
<h2>8. Privacy of user data</h2>
|
||||
<h2 id="s8">8. Privacy of user data</h2>
|
||||
<p>
|
||||
CAcert Assurers can see the name, birthday and the number of points by looking up the correct email address. No other person related data is published by CAcert.
|
||||
</p>
|
||||
|
||||
<h2>9. Exceptions</h2>
|
||||
<h2 id="s9">9. Exceptions</h2>
|
||||
<p>
|
||||
A CAcert arbitrator may override this policy in a dispute.
|
||||
To obtain access to confidential data, a dispute has to be filed.
|
||||
</p>
|
||||
|
||||
<h2>10. Legal mandates</h2>
|
||||
<h2 id="s10">10. Legal mandates</h2>
|
||||
<p>
|
||||
CAcert adopts the Australian privacy regulations.
|
||||
Please see <a href='http://www.privacy.gov.au/'>http://www.privacy.gov.au/</a> for further details.
|
||||
|
@ -104,11 +102,11 @@ Governmental warrants and civil supoenas will be processed through the dispute r
|
|||
|
||||
<p>If you need to contact us in writing, address your mail to:</p>
|
||||
<p>
|
||||
CAcert Inc.<br>
|
||||
PO Box 66 <br>
|
||||
Oatley NSW 2223<br>
|
||||
CAcert Inc.<br />
|
||||
PO Box 66 <br />
|
||||
Oatley NSW 2223<br />
|
||||
Australia
|
||||
</p>
|
||||
|
||||
<p><a href="http://validator.w3.org/check?uri=referer"><img src="images/valid-html50-blue.png" alt="Valid HTML 5" height="31" width="88"></a></p>
|
||||
</body>
|
||||
</html>
|
||||
|
|
4
www/policy/PrivacyPolicy.php
Normal file
4
www/policy/PrivacyPolicy.php
Normal file
|
@ -0,0 +1,4 @@
|
|||
<?php
|
||||
header('HTTP/1.0 301 Moved Permanently');
|
||||
header('Location: PrivacyPolicy.html');
|
||||
exit();
|
177
www/policy/RootDistributionLicense.html
Normal file
177
www/policy/RootDistributionLicense.html
Normal file
|
@ -0,0 +1,177 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" lang="en">
|
||||
<title> CAcert - Root Distribution License </title>
|
||||
<style type="text/css">
|
||||
<!--
|
||||
.comment {
|
||||
color : steelblue;
|
||||
}
|
||||
-->
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="comment">
|
||||
<table width="100%">
|
||||
<tbody>
|
||||
<tr rowspan="2">
|
||||
<td>
|
||||
Name: RDL <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD14</a>
|
||||
<br>
|
||||
Status: POLICY <a href="https://wiki.cacert.org/PolicyDecisions#p20140731">p20140731</a>
|
||||
<br>
|
||||
Editor: Mark Lipscombe
|
||||
<br>
|
||||
Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy">CC-by-sa+DRP</a>
|
||||
</td>
|
||||
<td align="right" valign="top">
|
||||
<a href="https://www.cacert.org/policy/PolicyOnPolicy.php">
|
||||
<img src="images/cacert-policy.png" alt="RDL Status - POLICY" style="border-style: none;" height="31" width="88">
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
<p>
|
||||
<br>
|
||||
|
||||
<br>
|
||||
</p>
|
||||
|
||||
<table border="1">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>
|
||||
|
||||
<h1> Root Distribution License </h1>
|
||||
|
||||
<h2 id="g0.1">1. Terms </h2>
|
||||
|
||||
<p>
|
||||
"CAcert Inc" means CAcert Incorporated, a non-profit association incorporated in New South Wales, Australia.
|
||||
<br>
|
||||
"CAcert Community Agreement" means the agreement entered into by each person wishing to RELY.
|
||||
<br>
|
||||
"Member" means a natural or legal person who has agreed to the CAcert Community Agreement.
|
||||
<br>
|
||||
"Certificate" means any certificate or like device to which CAcert Inc's digital signature has been affixed.
|
||||
<br>
|
||||
"CAcert Root Certificates" means any certificate issued by CAcert Inc to
|
||||
itself for the purposes of signing further CAcert Roots or for signing
|
||||
certificates of Members.
|
||||
<br>
|
||||
"RELY" means the human act in taking on a risk or liability on the basis
|
||||
of the claim(s) bound within a certificate issued by CAcert.
|
||||
<br>
|
||||
"Embedded" means a certificate that is contained within a software
|
||||
application or hardware system, when and only when, that software
|
||||
application or system is distributed in binary form only.
|
||||
<br>
|
||||
</p>
|
||||
|
||||
<h2 id="g0.2">2. Copyright </h2>
|
||||
|
||||
<p>
|
||||
CAcert Root Certificates are Copyright CAcert Incorporated. All rights reserved.
|
||||
</p>
|
||||
|
||||
<h2 id="g0.3">3. License </h2>
|
||||
|
||||
<p>
|
||||
You may copy and distribute CAcert Root Certificates only in accordance with this license.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
CAcert Inc grants you a free, non-exclusive license to copy and
|
||||
distribute CAcert Root Certificates in any medium, with or without
|
||||
modification, provided that the following conditions are met:
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
Redistributions of Embedded CAcert Root Certificates must take
|
||||
reasonable steps to inform the recipient of the disclaimer in section 4
|
||||
or reproduce this license and copyright notice in full in the
|
||||
documentation provided with the distribution.
|
||||
</li>
|
||||
<li>
|
||||
Redistributions in all other forms must reproduce this license and copyright notice in full.
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h2 id="g0.4">4. Disclaimer </h2>
|
||||
|
||||
<p>
|
||||
THE CACERT ROOT CERTIFICATES ARE PROVIDED "AS IS" AND ANY EXPRESS OR
|
||||
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
DISCLAIMED TO THE MAXIMUM EXTENT PERMITTED BY LAW. IN NO EVENT SHALL
|
||||
CACERT INC, ITS MEMBERS, AGENTS, SUBSIDIARIES OR RELATED PARTIES BE
|
||||
LIABLE TO THE LICENSEE OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT,
|
||||
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
|
||||
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
THESE CERTIFICATES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
IN ANY EVENT, CACERT'S LIABILITY SHALL NOT EXCEED $1,000.00 AUSTRALIAN
|
||||
DOLLARS.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
THIS LICENSE SPECIFICALLY DOES NOT PERMIT YOU TO RELY UPON ANY
|
||||
CERTIFICATES ISSUED BY CACERT INC. IF YOU WISH TO RELY ON CERTIFICATES
|
||||
ISSUED BY CACERT INC, YOU MUST ENTER INTO A SEPARATE AGREEMENT WITH
|
||||
CACERT INC.
|
||||
</p>
|
||||
|
||||
<h2 id="g0.5">5. Statutory Rights </h2>
|
||||
|
||||
<p>
|
||||
Nothing in this license affects any statutory rights that cannot be
|
||||
waived or limited by contract. In the event that any provision of this
|
||||
license is held to be invalid or unenforceable, the remaining provisions
|
||||
of this license remain in full force and effect.
|
||||
</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
<div class="comment">
|
||||
<h2 id="g0.6">Alternatives </h2>
|
||||
|
||||
<p>
|
||||
If you find the terms of the above
|
||||
Root Distribution License
|
||||
difficult or inadequate for your purposes, you may wish to:
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
Enter into the CAcert Community Agreement by
|
||||
<a href="https://www.cacert.org/index.php?id=1">
|
||||
registering as a Member</a>.
|
||||
This is free.
|
||||
</li>
|
||||
<li>
|
||||
Delete CAcert Root Certificates from your software.
|
||||
Your software documentation should give
|
||||
directions and assistance for this.
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<p>
|
||||
These alternatives are outside the above
|
||||
Root Distribution License
|
||||
and do not incorporate.
|
||||
</p>
|
||||
</div>
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -1,126 +1,4 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
||||
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" />
|
||||
<title> CAcert - Root Distribution License - DRAFT </title>
|
||||
<style type="text/css"> <!-- only for WIP -->
|
||||
<!--
|
||||
.change {
|
||||
color : blue;
|
||||
font-weight: bold;
|
||||
}
|
||||
.comment {
|
||||
color : steelblue;
|
||||
}
|
||||
-->
|
||||
</style>
|
||||
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div class="comment">
|
||||
<table width="100%">
|
||||
|
||||
<tr>
|
||||
<td>
|
||||
Name: RDL <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD14</a><br />
|
||||
Status: DRAFT <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20100710">p20100710</a> <br />
|
||||
Editor: Mark Lipscombe<br />
|
||||
</td>
|
||||
<td align="right">
|
||||
<a href="//www.cacert.org/policy/PolicyOnPolicy.php"><img src="/images/cacert-draft.png" alt="RDL Status - DRAFT" height="31" width="88" style="border-style: none;" /></a>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
<p><br /><br /></p>
|
||||
|
||||
<table border="1"><tr><td>
|
||||
|
||||
<h1> Root Distribution License </h1>
|
||||
|
||||
<h2 id="s1"> 1. Terms </h2>
|
||||
|
||||
<p>
|
||||
"CAcert Inc" means CAcert Incorporated, a non-profit association incorporated in New South Wales, Australia.<br />
|
||||
"CAcert Community Agreement" means the agreement entered into by each person wishing to RELY. <br />
|
||||
"Member" means a natural or legal person who has agreed to the CAcert Community Agreement.<br />
|
||||
"Certificate" means any certificate or like device to which CAcert Inc's digital signature has been affixed.<br />
|
||||
"CAcert Root Certificates" means any certificate issued by CAcert Inc to itself for the purposes of signing further CAcert Roots or for signing certificates of Members.<br />
|
||||
"RELY" means the human act in taking on a risk or liability on the basis of the claim(s) bound within a certificate issued by CAcert.<br />
|
||||
"Embedded" means a certificate that is contained within a software application or hardware system, when and only when, that software application or system is distributed in binary form only.<br />
|
||||
</p>
|
||||
|
||||
<h2 id="s2"> 2. Copyright </h2>
|
||||
|
||||
<p>
|
||||
CAcert Root Certificates are Copyright CAcert Incorporated. All rights reserved.
|
||||
</p>
|
||||
|
||||
<h2 id="s3"> 3. License </h2>
|
||||
|
||||
<p>
|
||||
You may copy and distribute CAcert Root Certificates only in accordance with this license.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
CAcert Inc grants you a free, non-exclusive license to copy and distribute CAcert Root Certificates in any medium, with or without modification, provided that the following conditions are met:
|
||||
</p>
|
||||
|
||||
<ul><li>
|
||||
Redistributions of Embedded CAcert Root Certificates must take reasonable steps to inform the recipient of the disclaimer in section 4 or reproduce this license and copyright notice in full in the documentation provided with the distribution.
|
||||
</li><li>
|
||||
Redistributions in all other forms must reproduce this license and copyright notice in full.
|
||||
</li></ul>
|
||||
|
||||
<h2 id="s4"> 4. Disclaimer </h2>
|
||||
|
||||
<p>
|
||||
THE CACERT ROOT CERTIFICATES ARE PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED TO THE MAXIMUM EXTENT PERMITTED BY LAW. IN NO EVENT SHALL CACERT INC, ITS MEMBERS, AGENTS, SUBSIDIARIES OR RELATED PARTIES BE LIABLE TO THE LICENSEE OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THESE CERTIFICATES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. IN ANY EVENT, CACERT'S LIABILITY SHALL NOT EXCEED $1,000.00 AUSTRALIAN DOLLARS.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
THIS LICENSE SPECIFICALLY DOES NOT PERMIT YOU TO RELY UPON ANY CERTIFICATES ISSUED BY CACERT INC. IF YOU WISH TO RELY ON CERTIFICATES ISSUED BY CACERT INC, YOU MUST ENTER INTO A SEPARATE AGREEMENT WITH CACERT INC.
|
||||
</p>
|
||||
|
||||
<h2 id="s5"> 5. Statutory Rights </h2>
|
||||
|
||||
<p>
|
||||
Nothing in this license affects any statutory rights that cannot be waived or limited by contract. In the event that any provision of this license is held to be invalid or unenforceable, the remaining provisions of this license remain in full force and effect.
|
||||
</p>
|
||||
|
||||
</td></tr></table>
|
||||
|
||||
<div class="comment">
|
||||
<h2> Alternatives </h2>
|
||||
|
||||
<p>
|
||||
If you find the terms of the above
|
||||
Root Distribution License
|
||||
difficult or inadequate for your purposes, you may wish to:
|
||||
</p>
|
||||
|
||||
<ul><li>
|
||||
Enter into the CAcert Community Agreement by
|
||||
<a href="https://www.cacert.org/index.php?id=1">
|
||||
registering as a Member</a>.
|
||||
This is free.
|
||||
</li><li>
|
||||
Delete CAcert Root Certificates from your software.
|
||||
Your software documentation should give
|
||||
directions and assistance for this.
|
||||
</li></ul>
|
||||
|
||||
<p>
|
||||
These alternatives are outside the above
|
||||
Root Distribution License
|
||||
and do not incorporate.
|
||||
</p>
|
||||
</div>
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
||||
<?php
|
||||
header('HTTP/1.0 301 Moved Permanently');
|
||||
header('Location: RootDistributionLicense.html');
|
||||
exit();
|
1308
www/policy/SecurityPolicy.html
Normal file
1308
www/policy/SecurityPolicy.html
Normal file
File diff suppressed because it is too large
Load diff
271
www/policy/TTPAssistedAssurancePolicy.html
Normal file
271
www/policy/TTPAssistedAssurancePolicy.html
Normal file
|
@ -0,0 +1,271 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" lang="en">
|
||||
<title> CAcert -- TTP-Assisted Assurance Policy </title>
|
||||
<style type="text/css">
|
||||
<!--
|
||||
.comment {
|
||||
color : steelblue;
|
||||
}
|
||||
-->
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div class="comment">
|
||||
<table width="100%">
|
||||
|
||||
<tbody>
|
||||
<tr>
|
||||
<td rowspan="2">
|
||||
Name: TTP-Assist <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD13.2</a>
|
||||
<br>
|
||||
Status: POLICY <a href="https://wiki.cacert.org/PolicyDecisions#p20140731">p20140731</a>
|
||||
<br>
|
||||
Editor: <a style="color: steelblue" href="https://wiki.cacert.org/UlrichSchroeter">Ulrich Schroeter</a>
|
||||
<br>
|
||||
Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy"> CC-by-sa+DRP </a>
|
||||
<br>
|
||||
</td>
|
||||
<td align="right" valign="top">
|
||||
<a href="https://www.cacert.org/policy/PolicyOnPolicy.php">
|
||||
<img src="images/cacert-policy.png" alt="TTP-Assist Status - POLICY" style="border-style: none;" height="31" width="88">
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
|
||||
<h1> TTP-Assisted Assurance Policy </h1>
|
||||
|
||||
|
||||
<h2 id="g0.1">0. Preliminaries </h2>
|
||||
|
||||
<p>
|
||||
This sub-policy extends the
|
||||
<a href="https://www.cacert.org/policy/AssurancePolicy.php">
|
||||
Assurance Policy</a> ("AP" => COD13)
|
||||
by specifying how Assurers can be assisted by
|
||||
outsourcing the identity documents verification
|
||||
component of assurance to trusted third parties (TTPs).
|
||||
Other definitions and terms can be found in AP or in
|
||||
<a href="https://wiki.cacert.org/AssuranceHandbook">Assurance Handbook</a>
|
||||
("AH").
|
||||
</p>
|
||||
|
||||
|
||||
<h2 id="g0.2">1. Scope </h2>
|
||||
|
||||
<p>
|
||||
This sub-policy is restricted to members located
|
||||
in areas not well-served with Assurers.
|
||||
It serves a goal of promoting both Assurers and Members in those areas.
|
||||
</p>
|
||||
|
||||
|
||||
<h2 id="g0.3">2. Roles </h2>
|
||||
|
||||
|
||||
<h3 id="g0.3.1">2.1 Trusted Third Party </h3>
|
||||
|
||||
<p>
|
||||
A Trusted Third Party ("TTP") is a person who is traditionally respected
|
||||
for making reliable statements to others, especially over identification
|
||||
documents. Typically, notaries public (anglo),
|
||||
Notaries (European), bank managers, accountants
|
||||
and lawyers.
|
||||
</p>
|
||||
|
||||
|
||||
<h3 id="g0.3.2">2.2 The Assurer (aka TTP-admin) </h3>
|
||||
|
||||
<p>
|
||||
To employ a TTP in an assurance,
|
||||
the Assurer must be a <a href="https://wiki.cacert.org/SeniorAssurer">Senior Assurer</a>.
|
||||
The Assurer must be familiar with the local
|
||||
language and customs.
|
||||
</p>
|
||||
|
||||
|
||||
<h3 id="g0.3.3">2.3 Member </h3>
|
||||
|
||||
|
||||
<p>
|
||||
A Member ("assuree") who is located in a place not well-served
|
||||
by Assurers may use the TTP-assisted assurance.
|
||||
</p>
|
||||
|
||||
|
||||
<h2 id="g0.4">3. The Assurance </h2>
|
||||
|
||||
|
||||
<p>
|
||||
Assurance assisted by TTP must meet these requirements:
|
||||
</p>
|
||||
|
||||
<ol style="list-style-type: lower-alpha;">
|
||||
<li id="s3.a">
|
||||
The Assurer must positively confirm the identity and
|
||||
suitability of the TTP.
|
||||
</li>
|
||||
<li id="s3.b">
|
||||
The TTP and the Member must meet face-to-face.
|
||||
</li>
|
||||
<li id="s3.c">
|
||||
The TTP confirms the details supporting the Assurance Statement.
|
||||
</li>
|
||||
<li id="s3.d">
|
||||
The Assurer makes a reliable statement to confirm the
|
||||
Assurance Statement.
|
||||
</li>
|
||||
<li id="s3.e">
|
||||
Assurance must be marked as TTP-Assisted
|
||||
(e.g., by use of TTPAdmin flag).
|
||||
</li>
|
||||
</ol>
|
||||
|
||||
|
||||
|
||||
|
||||
<h2 id="g0.5">4. Assurance Officer ("AO") </h2>
|
||||
|
||||
<p>
|
||||
The Board routinely delegates its responsibilities to the
|
||||
Assurance Officer (and this section assumes that, but does
|
||||
not require it).
|
||||
</p>
|
||||
|
||||
|
||||
<p>
|
||||
A report is requested annually from the Assurance Officer
|
||||
on performance of this policy for the association's
|
||||
annual report.
|
||||
</p>
|
||||
|
||||
<h3 id="g0.5.1">4.1 Practice </h3>
|
||||
|
||||
<p>
|
||||
Assurance Officer should prepare a
|
||||
<a href="https://wiki.cacert.org/TTP">detailed documentation</a>
|
||||
under
|
||||
<a href="https://wiki.cacert.org/AssuranceHandbook">AH</a>
|
||||
that meets the needs of this policy, including:
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
Form for TTPs
|
||||
</li>
|
||||
<li>
|
||||
Guide for TTPs.
|
||||
</li>
|
||||
<li>
|
||||
Form for TTP-assisted assurance (used by Assurer)
|
||||
</li>
|
||||
<li>
|
||||
Guide and protocol for Assurers.
|
||||
</li>
|
||||
<li>
|
||||
Mechanisms for contacting Assurers available for
|
||||
TTP-assisted assurances.
|
||||
</li>
|
||||
<li>
|
||||
Definition of
|
||||
<a href="https://wiki.cacert.org/SeniorAssurer">
|
||||
Senior Assurer</a>.
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
|
||||
<h3 id="g0.5.2">4.2 Deserts </h3>
|
||||
|
||||
<p>
|
||||
The Assurance Officer maintains a
|
||||
<a href="https://wiki.cacert.org/deserts">list of regions</a>
|
||||
that are designated as '<i>deserts,</i>' being areas that are so short
|
||||
of Assurers as to render face-to-face Assurance impractical.
|
||||
In each region, approved types of TTP are listed (e.g., Notary).
|
||||
The list is expected to vary according to the
|
||||
different juridical traditions of different regions.
|
||||
Changes to the regional lists are prepared by
|
||||
either an Organisation Assurer for that region
|
||||
(as described by OAP)
|
||||
or by two Assurers familiar with the traditions
|
||||
in that region.
|
||||
Changes are then submitted to the Board for approval.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Use of a type of TTP not on the list must be approved by
|
||||
AO and notified to Board.
|
||||
It is an explicit goal to reduce the usage of
|
||||
TTP-assisted assurances in favour of face-to-face Assurance.
|
||||
</p>
|
||||
|
||||
|
||||
<p>
|
||||
In coordination with internal and external auditors,
|
||||
the Assurance Officer shall design and implement a
|
||||
suitable programme to meet the needs of audit.
|
||||
Where approved by auditors or Board, the Assurance
|
||||
Officer may document and implement minor variations to this policy.
|
||||
</p>
|
||||
|
||||
|
||||
<h2 id="g0.6">5. Topup Assurance </h2>
|
||||
|
||||
|
||||
<p>
|
||||
AO is to operate a <cite>Topup Assurance Programme</cite>
|
||||
to help seed deserts with Assurers.
|
||||
A topup assurance will add additional Assurance Points
|
||||
to those gained from two previously conducted TTP-assisted assurances,
|
||||
in order for a Member to reach 100 Assurance Points
|
||||
for the express purpose of becoming an Assurer.
|
||||
</p>
|
||||
|
||||
|
||||
<p>
|
||||
A topup assurance is conducted by a third Senior Assurer
|
||||
according to the following requirements:
|
||||
</p>
|
||||
|
||||
|
||||
<ol>
|
||||
<li id="s5.1">
|
||||
Assurer Challenge must be completed as passed by Member.
|
||||
</li>
|
||||
<li id="s5.2">
|
||||
The topup must be requested by Member for
|
||||
purpose of enabling the Member to reach Assurer level.
|
||||
</li>
|
||||
<li id="s5.3">
|
||||
Topup Assurer must be a Senior Assurer,
|
||||
and must be independent of the TTP-assist Assurers.
|
||||
</li>
|
||||
<li id="s5.4">
|
||||
The Topup Assurer reviews the two TTP-assisted assurances,
|
||||
and conducts other checks as set by the Assurance Officer.
|
||||
The normal face-to-face meeting is not conducted.
|
||||
</li>
|
||||
<li id="s5.5">
|
||||
Topup Assurer may award up to 35 points.
|
||||
</li>
|
||||
<li id="s5.6">
|
||||
Assurance must be marked as Topup
|
||||
(e.g., by use of new feature with TTPAdmin flag).
|
||||
</li>
|
||||
</ol>
|
||||
|
||||
|
||||
<p>
|
||||
Each topup is to be reported to AO.
|
||||
Topup is only available in designated deserts.
|
||||
</p>
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
Binary file not shown.
Before Width: | Height: | Size: 4.7 KiB |
|
@ -25,15 +25,9 @@ showheader(_("CAcert - Policies"));
|
|||
|
||||
foreach (glob("*.html") as $filename)
|
||||
{
|
||||
echo "<li><a href='$filename'>$filename</a></li>\n";
|
||||
}
|
||||
|
||||
foreach (glob("*.php") as $filename)
|
||||
{
|
||||
if($filename != "index.php" && $filename != "NRPDisclaimerAndLicence.php")
|
||||
{
|
||||
echo "<li><a href='$filename'>$filename</a></li>\n";
|
||||
}
|
||||
if($filename != "NRPDisclaimerAndLicence.html"){
|
||||
echo "<li><a href='".htmlspecialchars($filename)."'>".htmlspecialchars($filename)."</a></li>\n";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue