From: Felix Dörre
Assurance Policy for CAcert Community Members
-
Editor: Teus Hagen
Creation date: 2008-05-30
@@ -38,7 +38,7 @@ Status: POLICY p20090105.2
-See also Organisation Assurance Policy (OAP) -and CAcert Policy Statement (CPS). +See also Organisation Assurance Policy (OAP) +and CAcert Policy Statement (CPS).
The person is a bona fide Member. In other words, the person is a member of the CAcert Community as defined by the CAcert -Community Agreement (CCA);
+Community Agreement (CCA);The Member has a (login) account with CAcert's on-line @@ -135,7 +135,7 @@ the Assurance Points.
The primary goal of the Assurance Statement is for the express purpose of certificates to meet the needs of the Relying Party Statement, which latter is found in the Certification Practice -Statement (CPS). +Statement (CPS).
When a certificate is issued, some of the Assurance Statement may be incorporated, e.g. Name. Other parts may be implied, e.g. @@ -290,7 +290,7 @@ The number of Assurance Points for each Member is not published.
The CAcert Policy Statement -(CPS) +(CPS) and other policies may list other capabilities that rely on Assurance Points.
@@ -600,7 +600,7 @@ Education Team;Updating this Assurance Policy, under the process -established by Policy on Policy (PoP);
+established by Policy on Policy (PoP);Management of all Subsidiary Policies (see below) for @@ -703,7 +703,7 @@ internal purposes.
circumstances:Under Arbitrator ruling, in a duly filed dispute (Dispute Resolution Policy +
Under Arbitrator ruling, in a duly filed dispute (Dispute Resolution Policy => COD7);
CAcert is a Community formed of Members who agree to the - + CAcert Community Agreement. The CA is technically operated by the Community, under the direction of the Board of CAcert Incorporated. @@ -320,7 +320,7 @@ intermediate CAs under the present CPS.
Registration Authorities (RAs) are controlled under Assurance Policy -(COD13). +(COD13).
Member. Membership of the Community is as defined in the -COD9. +COD9. Only Members may RELY or may become Subscribers. Membership is free.
@@ -358,7 +358,7 @@ A senior and experienced Member of the CAcert Community who resolves disputes between Members, including ones of certificate reliance, under Dispute Resolution Policy -(COD7). +(COD7).@@ -381,7 +381,7 @@ are unaware of the ramifications of usage. Their relationship with CAcert is described by the Non-related Persons - Disclaimer and Licence -(COD4). +(COD4). No other rights nor relationship is implied or offered.
@@ -848,7 +848,7 @@ and will only be used where new roots do not serve:This document is administered by the policy group of -the CAcert Community under Policy on Policy (COD1). +the CAcert Community under Policy on Policy (COD1).
CPS is controlled and updated according to the Policy on Policy -(COD1) +(COD1) which is part of Configuration-Control Specification (COD2).
@@ -913,7 +913,7 @@ As per above. Member. Everyone who agrees to the CAcert Community Agreement - (COD9). + (COD9). This generally implies having an account registered at CAcert and making use of CAcert's data, programs or services. A Member may be an individual ("natural person") @@ -923,7 +923,7 @@ As per above. Community. The group of Members who agree to the CAcert Community Agreement - (COD9) + (COD9) or equivalent agreements.@@ -949,7 +949,7 @@ As per above. Name. As defined in the Assurance Policy - (COD13), + (COD13), to describe a name of a Member that is verified by the Assurance process.
@@ -972,7 +972,7 @@ As per above. CAcert or the certificates that they may use, and are unaware of the ramifications of usage. They are not permitted to RELY, but may USE, under the - Non-Related Persons - Disclaimer and Licence (COD4). + Non-Related Persons - Disclaimer and Licence (COD4).
Reliance. @@ -1058,7 +1058,7 @@ for the general public.
-Under the Assurance Policy (COD13), +Under the Assurance Policy (COD13), there are means for Members to search, retrieve and verify certain data about themselves and others.
@@ -1196,7 +1196,7 @@ does not go into the certificate.Each Member's Name (CN= field) -is assured under the Assurance Policy (COD13) +is assured under the Assurance Policy (COD13) or subsidiary policies (such as Organisation Assurance Policy). Refer to those documents for meanings and variations.
@@ -1237,7 +1237,7 @@ Uniqueness of Names within certificates is not guaranteed. Each certificate has a unique serial number which maps to a unique account, and thus maps to a unique Member. See the Assurance Statement within Assurance Policy -(COD13). +(COD13).@@ -1249,7 +1249,7 @@ can only be registered to one Member.
Organisation Assurance Policy -(COD11) +(COD11) controls issues such as trademarks where applicable. A trademark can be disputed by filing a dispute. See @@ -1494,7 +1494,7 @@ The CAcert Inc. Board has the authority to decide to add or remove accepted TLD
Identity verification is controlled by the -Assurance Policy (COD13). +Assurance Policy (COD13). The reader is refered to the Assurance Policy, the following is representative and brief only.
@@ -1524,7 +1524,7 @@ to check the private key dynamically. Agreement. An Internet user becomes a Member by agreeing to the CAcert Community Agreement -(COD9) +(COD9) and registering an account on the online website. During the registration process Members are asked to supply information about themselves: @@ -1546,7 +1546,7 @@ for all service requests such as certificates.Assurance. Each Member is assured according to Assurance Policy -(COD13). +(COD13).
@@ -1617,7 +1617,7 @@ certificates that state their Assured Name(s). Verification of organisations is delegated by the Assurance Policy to the Organisation Assurance Policy -(COD11). +(COD11). The reader is refered to the Organisation Assurance Policy, the following is representative and brief only. @@ -1645,7 +1645,7 @@ stated in the OAP, briefly presented here:Members generate their own key-pairs. The CAcert Community Agreement -(COD9) +(COD9) obliges the Member as responsible for security. See CCA2.5, §9.6.
@@ -2132,7 +2132,7 @@ There are no external entities that are notified about issued certificates. All Members (subscribers and relying parties) are obliged according to the CAcert Community Agreement -(COD9) +(COD9) See especially 2.3 through 2.5.All important roles are generally required to be assured at least to the level of Assurer, as per AP. -Refer to Assurance Policy (COD13). +Refer to Assurance Policy (COD13).
@@ -2723,13 +2723,13 @@ Roles strive in general for separation of duties, either along the lines of
The operational period of a certificate and its key pair depends on the Assurance status of the Member, -see §1.4.5 and Assurance Policy (COD13). +see §1.4.5 and Assurance Policy (COD13).
@@ -3549,7 +3549,7 @@ Audit is no exception.
This CPS and other documents are subject to -the process in Policy on Policy (COD1). +the process in Policy on Policy (COD1). Audits cover the overall processes more than any one document, and documents may vary even as Audit reports are delivered. @@ -3578,7 +3578,7 @@ All fees are non-refundable.
Financial risks are dealt with primarily by the Dispute Resolution Policy -(COD7). +(COD7).
Under Assurance Policy -(COD13) +(COD13) the Member's status (as Assured, Assurer, etc) is available to other Members.
@@ -3697,9 +3697,9 @@ some deviations are necessary. Assets that fall under the control of CCS must be transferred to CAcert. See PoP 6.2 -(COD1), +(COD1), CCA 1.3 -(COD9). +(COD9). That is, CAcert is free to use, modify, distribute, and otherwise conduct the business of the CA as CAcert sees fit with the asset. @@ -3721,10 +3721,10 @@ m20070917.5. CAcert owns or requires full control over its documents, especially those covered by CCS. See PoP 6.2 -(COD1). +(COD1). Contributors transfer the rights, see CCA 1.3 -(COD9). +(COD9). Contributors warrant that they have the right to transfer. @@ -3739,9 +3739,9 @@ non-exclusive, unrestricted perpetual licence, permitting them to to re-use their original work freely. See PoP 6.4 -(COD1), +(COD1), CCA 1.3 -(COD9). +(COD9).@@ -3828,7 +3828,7 @@ to be Members in the Community.
Persons who have not accepted the above Agreements are offered the Non-Related Persons - Disclaimer and Licence -(COD4). +(COD4). Any representations and warranties are strictly limited to nominal usage. In essence, NRPs may USE but must not RELY. @@ -3864,7 +3864,7 @@ CAcert on behalf of related parties (RAs, Subscribers, etc) and itself disclaims all liability to NRPs in their usage of CA's certificates. -See COD4. +See COD4.
Members file a dispute to terminate their agreement. See §9.13 and CCA 3.3 -(COD9). +(COD9).
-Documents are varied (including terminated) under COD1. +Documents are varied (including terminated) under COD1.
@@ -3919,16 +3919,16 @@ No stipulation. All participants are obliged to keep their listed primary email addresses in good working order. See CCA 3.5 -(COD9). +(COD9).
-Amendments to the CPS are controlled by COD1. +Amendments to the CPS are controlled by COD1. Any changes in Member's Agreements are notified under CCA 3.4 -(COD9). +(COD9).
All Members of the Community agree to the
CAcert Community Agreement
-(COD9).
+(COD9).
This agreement also incorporates other key
documents, being this CPS, DRP and PP.
See CCA 4.2.
diff --git a/static/policy/DisputeResolutionPolicy.html b/static/policy/DisputeResolutionPolicy.html
index e9dafb38..2082bb04 100644
--- a/static/policy/DisputeResolutionPolicy.html
+++ b/static/policy/DisputeResolutionPolicy.html
@@ -60,8 +60,8 @@
Licence: CC-by-sa+DRP
-The document "Non Related Persons - Disclaimer And Licence" was replaced by the Root Distribution Licence, which can be found here. +The document "Non Related Persons - Disclaimer And Licence" was replaced by the Root Distribution Licence, which can be found here. |