diff options
Diffstat (limited to 'www/policy/AssurancePolicy.html')
-rw-r--r-- | www/policy/AssurancePolicy.html | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/www/policy/AssurancePolicy.html b/www/policy/AssurancePolicy.html index 818349a..c1b9e69 100644 --- a/www/policy/AssurancePolicy.html +++ b/www/policy/AssurancePolicy.html @@ -61,8 +61,8 @@ Last change date: 2009-01-08<br> <h1>Assurance Policy for CAcert Community Members</h1> -<h2><a id="s0">0.</a> Preamble</h2> -<h3><a id="s0.1">0.1.</a> Definition of Terms</h3> +<h2 id="s0">0. Preamble</h2> +<h3 id="s0.1">0.1. Definition of Terms</h3> <dl> <dt><em>Member</em> </dt> <dd> A Member is an individual who has agreed to the CAcert @@ -88,7 +88,7 @@ that assists discrimination from Members with similar full names. </dd> </dl> -<h3><a id="s0.2">0.2.</a> The CAcert Web of Trust</h3> +<h3 id="s0.2">0.2. The CAcert Web of Trust</h3> <p> In face-to-face meetings, an Assurer allocates a number of Assurance Points @@ -101,7 +101,7 @@ CAcert explicitly chooses to meet its various goals by construction of a Web-of-Trust of all Members. </p> -<h3><a id="s0.3">0.3.</a> Related Documentation</h3> +<h3 id="s0.3">0.3. Related Documentation</h3> <p> Documentation on Assurance is split between this Assurance Policy (AP) and the @@ -121,7 +121,7 @@ See also Organisation Assurance Policy (<a href="https://www.cacert.org/policy/O and CAcert Policy Statement (<a href="https://www.cacert.org/policy/CertificationPracticeStatement.html" target="_blank">CPS</a>). </p> -<h2><a id="s1">1.</a> Assurance Purpose</h2> +<h2 id="s1">1. Assurance Purpose</h2> <p>The purpose of Assurance is to add confidence in the Assurance Statement made by the CAcert Community of a Member. </p> <p>With sufficient assurances, a Member may: (a) issue certificates @@ -129,7 +129,7 @@ with their assured Name included, (b) participate in assuring others, and (c) other related activities. The strength of these activities is based on the strength of the assurance. </p> -<h3><a id="s1.1">1.1.</a>The Assurance Statement</h3> +<h3 id="s1.1">1.1.The Assurance Statement</h3> <p> The Assurance Statement makes the following claims about a person: @@ -160,7 +160,7 @@ address(es), secondary distinguishing feature (e.g. DoB). </p> </ol> <p>The confidence level of the Assurance Statement is expressed by the Assurance Points. </p> -<h3><a id="s1.2">1.2.</a>Relying Party Statement</h3> +<h3 id="s1.2">1.2.Relying Party Statement</h3> <p>The primary goal of the Assurance Statement is for the express purpose of certificates to meet the needs of the <em>Relying Party Statement</em>, which latter is found in the Certification Practice @@ -177,8 +177,8 @@ reliable indications of e.g. the Member's Name and email address. The nature of Assurance, the number of Assurance Points, and other policies and processes should be understood as limitations on any reliance. </p> -<h2><a id="s2">2.</a> The Member</h2> -<h3><a id="s2.1">2.1.</a> The Member's Name </h3> +<h2 id="s2">2. The Member</h2> +<h3 id="s2.1">2.1. The Member's Name </h3> <p> At least one individual Name is recorded in the Member's CAcert login account. The general standard of a Name is: @@ -203,7 +203,7 @@ encoded in unicode transformation format.</p> </li> </ul> -<h3><a id="s2.2">2.2.</a> Multiple Names and variations</h3> +<h3 id="s2.2">2.2. Multiple Names and variations</h3> <p> In order to handle the contradictions in the above general standard, a Member may record multiple Names or multiple variations of a Name @@ -215,7 +215,7 @@ different language or country variations, and transliterations of characters in a name. </p> -<h3><a id="s2.3">2.3.</a> Status and Capabilities</h3> +<h3 id="s2.3">2.3. Status and Capabilities</h3> <p> A Name which has reached the level of 50 Assurance Points is defined as an Assured @@ -324,7 +324,7 @@ and other policies may list other capabilities that rely on Assurance Points. </p> -<h2><a id="s3">3.</a> The Assurer</h2> +<h2 id="s3">3. The Assurer</h2> <p>An Assurer is a Member with the following: </p> <ul> <li> @@ -336,7 +336,7 @@ Points. </ul> <p>The Assurer Challenge is administered by the Education Team on behalf of the Assurance Officer. </p> -<h3><a id="s3.1">3.1.</a> The Obligations of the Assurer</h3> +<h3 id="s3.1">3.1. The Obligations of the Assurer</h3> <p>The Assurer is obliged to: </p> <ul> <li> @@ -366,8 +366,8 @@ directed by the Arbitrator; </p> Community. </p> </li> </ul> -<h2><a id="s4">4.</a> The Assurance</h2> -<h3><a id="s4.1">4.1.</a> The Assurance Process</h3> +<h2 id="s4">4. The Assurance</h2> +<h3 id="s4.1">4.1. The Assurance Process</h3> <p>The Assurer conducts the process of Assurance with each Member. </p> <p>The process consists of: </p> @@ -401,7 +401,7 @@ Assuree (Mutual Assurance); </p> forms by Assurer. </p> </li> </ol> -<h3><a id="s4.2">4.2.</a> Mutual Assurance</h3> +<h3 id="s4.2">4.2. Mutual Assurance</h3> <p>Mutual Assurance follows the principle of reciprocity. This means that the Assurance may be two-way, and that each member participating @@ -415,7 +415,7 @@ the Assurer, and reduces any sense of power. It is also an important aid to the assurance training for future Assurers. </p> -<h3><a id="s4.3">4.3.</a> Assurance Points</h3> +<h3 id="s4.3">4.3. Assurance Points</h3> <p>The Assurance applies Assurance Points to each Member which measure the increase of confidence in the Statement (above). Assurance Points should not be interpreted for any other purpose. @@ -482,7 +482,7 @@ and under any act under any Subsidiary Policy (below) is 50 Assurance Points. </p> -<h3><a id="s4.4">4.4.</a> Experience Points</h3> +<h3 id="s4.4">4.4. Experience Points</h3> <p>The maximum number of Assurance Points that may be awarded by an Assurer is determined by the Experience Points of the Assurer. </p> @@ -562,7 +562,7 @@ permanently to an Assurer by CAcert Inc.'s Committee (board), on recommendation from the Assurance Officer. </p> <p>Experience Points are not to be confused with Assurance Points. </p> -<h3><a id="s4.5">4.5.</a> CAcert Assurance Programme (CAP) form</h3> +<h3 id="s4.5">4.5. CAcert Assurance Programme (CAP) form</h3> <p>The CAcert Assurance Programme (<a href="https://www.cacert.org/cap.php" target="_blank">CAP</a>) form requests the following details of each Member or Prospective Member: </p> @@ -614,7 +614,7 @@ required as well; </p> </ul> <p>The CAP forms are to be kept at least for 7 years by the Assurer. </p> -<h2><a id="s5">5.</a> The Assurance Officer</h2> +<h2 id="s5">5. The Assurance Officer</h2> <p>The Committee (board) of CAcert Inc. appoints an Assurance Officer with the following responsibilities: </p> @@ -654,21 +654,21 @@ procedures or guidelines; </p> (web-of-trust) to meet the agreed needs of the Community. </p> </li> </ul> -<h2><a id="s6">6.</a> Subsidiary Policies</h2> +<h2 id="s6">6. Subsidiary Policies</h2> <p>The Assurance Officer manages various exceptions and additional processes. Each must be covered by an approved Subsidiary Policy (refer to Policy on Policy => CAcert Official Document COD1). Subsidiary Policies specify any additional tests of knowledge required and variations to process and documentation, within the general standard stated here. </p> -<h3><a id="s6.1">6.1.</a> Standard</h3> +<h3 id="s6.1">6.1. Standard</h3> <p>Each Subsidiary Policy must augment and improve the general standards in this Assurance Policy. It is the responsibility of each Subsidiary Policy to describe how it maintains and improves the specific and overall goals. It must describe exceptions and potential areas of risk. </p> -<h3><a id="s6.2">6.2.</a> High Risk Applications</h3> +<h3 id="s6.2">6.2. High Risk Applications</h3> <p>In addition to the Assurance or Experience Points ratings set here and in other subsidiary policies, the Assurance Officer or policies can designate certain applications as high risk. If so, additional @@ -720,7 +720,7 @@ support administrators. </p> </ul> <p>Applications that might attract additional measures include code-signing certificates and administration roles. </p> -<h2><a id="s7">7.</a> Privacy</h2> +<h2 id="s7">7. Privacy</h2> <p>CAcert is a "privacy" organisation, and takes the privacy of its Members seriously. The process maintains the security and privacy of both parties. </p> |