summaryrefslogtreecommitdiff
path: root/www/policy/CAcertCommunityAgreement.html
diff options
context:
space:
mode:
Diffstat (limited to 'www/policy/CAcertCommunityAgreement.html')
-rw-r--r--www/policy/CAcertCommunityAgreement.html531
1 files changed, 531 insertions, 0 deletions
diff --git a/www/policy/CAcertCommunityAgreement.html b/www/policy/CAcertCommunityAgreement.html
new file mode 100644
index 0000000..810c043
--- /dev/null
+++ b/www/policy/CAcertCommunityAgreement.html
@@ -0,0 +1,531 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" lang="en">
+ <title>CAcert Community Agreement</title>
+ <style>
+ .r{
+ text-align: right;
+ }
+ .vTop{
+ vertical-align: top;
+ }
+ dt{
+ font-style: italic;
+ }
+ </style>
+
+</head>
+<body>
+
+<div class="comment">
+<table style="width: 100%;">
+
+<tr>
+<td>
+ Name: CCA <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD9</a><br />
+ Status: POLICY <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20080109">p20080109</a><br />
+Editor: <a style="color: steelblue" href="https://wiki.cacert.org/Iang">Iang</a><br />
+ Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright &copy; CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br />
+
+</td>
+<td class="vTop r">
+ <a href="https://www.cacert.org/policy/PolicyOnPolicy.html"><img src="images/cacert-policy.png" alt="CCA Status - POLICY" height="31" width="88" style="border-style: none;" /></a>
+
+</td>
+</tr>
+</table>
+</div>
+
+<h2> CAcert Community Agreement </h2>
+
+
+
+<h3 id="s0"> 0. Introduction </h3>
+
+<p>
+This agreement is between
+you, being a registered member ("Member")
+within CAcert's community at large ("Community")
+and CAcert Incorporated ("CAcert"),
+being an operator of services to the Community.
+</p>
+
+<h4 id="s0.1"> 0.1 Terms </h4>
+<dl>
+ <dt>"CAcert"</dt><dd>
+ means CAcert Inc.,
+ a non-profit Association of Members incorporated in
+ New South Wales, Australia.
+ Note that Association Members are distinct from
+ the Members defined here.</dd>
+ <dt>"Member"</dt><dd>
+ means you, a registered participant within CAcert's Community,
+ with an account on the website and the
+ facility to request certificates.
+ Members may be individuals ("natural persons")
+ or organisations ("legal persons").</dd>
+ <dt>"Organisation"</dt><dd>
+ is defined under the Organisation Assurance programme,
+ and generally includes corporations and other entities
+ that become Members and become Assured.</dd>
+ <dt>"Community"</dt><dd>
+ means all of the Members
+ that are registered by this agreement
+ and other parties by other agreements,
+ all being under CAcert's Arbitration.</dd>
+ <dt>"Non-Related Person" ("NRP")</dt><dd>
+ being someone who is not a
+ Member, is not part of the Community,
+ and has not registered their agreement.
+ Such people are offered the NRP-DaL
+ another agreement allowing the USE of certificates.</dd>
+ <dt>"Non-Related Persons - Disclaimer and Licence" ("NRP-DaL")</dt><dd>
+ another agreement that is offered to persons outside the
+ Community.</dd>
+ <dt>"Arbitration"</dt><dd>
+ is the Community's forum for
+ resolving disputes, or jurisdiction.</dd>
+ <dt>"Dispute Resolution Policy" ("DRP" =&gt; COD7)</dt><dd>
+ is the policy and
+ rules for resolving disputes.</dd>
+ <dt>"USE"</dt><dd>
+ means the act by your software
+ to conduct its tasks, incorporating
+ the certificates according to software procedures.</dd>
+ <dt>"RELY"</dt><dd>
+ means your human act in taking on a
+ risk and liability on the basis of the claim(s)
+ bound within a certificate.</dd>
+ <dt>"OFFER"</dt><dd>
+ means the your act
+ of making available your certificate to another person.
+ Generally, you install and configure your software
+ to act as your agent and facilite this and other tasks.
+ OFFER does not imply suggestion of reliance.</dd>
+ <dt>"Issue"</dt><dd>
+ means creation of a certificate by CAcert.
+ To create a certificate,
+ CAcert affixes a digital signature from the root
+ onto a public key and other information.
+ This act would generally bind a statement or claim,
+ such as your name, to your key.</dd>
+ <dt>"Root"</dt><dd>
+ means CAcert's top level key,
+ used for signing certificates for Members.
+ In this document, the term includes any subroots.</dd>
+ <dt>"CAcert Official Document" ("COD" =&gt; COD3)</dt><dd>
+ in a standard format for describing the details of
+ operation and governance essential to a certificate authority.
+ Changes are managed and controlled.
+ CODs define more technical terms.
+ See 4.2 for listing of relevant CODs.</dd>
+ <dt>"Certification Practice Statement" ("CPS" =&gt; COD6)</dt><dd>
+ is the document that controls details
+ about operational matters within CAcert.</dd>
+</dl>
+
+
+<h3 id="s1"> 1. Agreement and Licence </h3>
+
+<h4 id="s1.1"> 1.1 Agreement </h4>
+
+<p>
+You and CAcert both agree to the terms and conditions
+in this agreement.
+Your agreement is given by any of
+</p>
+
+<ul><li>
+ your signature on a form to request assurance of identity
+ ("CAP" form),
+ </li><li>
+ your request on the website
+ to join the Community and create an account,
+ </li><li>
+ your request for Organisation Assurance,
+ </li><li>
+ your request for issuing of certificates, or
+ </li><li>
+ if you USE, RELY, or OFFER
+ any certificate issued to you.
+</li></ul>
+
+<p>
+Your agreement
+is effective from the date of the first event above
+that makes this agreement known to you.
+This Agreement
+replaces and supercedes prior agreements,
+including the NRP-DaL.
+</p>
+
+
+<h4 id="s1.2"> 1.2 Licence </h4>
+
+<p>
+As part of the Community, CAcert offers you these rights:
+</p>
+
+<ol><li>
+ You may USE any certificates issued by CAcert.
+ </li><li>
+ You may RELY on any certificate issued by CAcert,
+ as explained and limited by CPS (COD6).
+ </li><li>
+ You may OFFER certificates issued to you by CAcert
+ to Members for their RELIANCE.
+ </li><li>
+ You may OFFER certificates issued to you by CAcert
+ to NRPs for their USE, within the general principles
+ of the Community.
+ </li><li>
+ This Licence is free of cost,
+ non-exclusive, and non-transferrable.
+</li></ol>
+
+<h4 id="s1.3"> 1.3 Your Contributions </h4>
+
+
+<p>
+You agree to a non-exclusive non-restrictive non-revokable
+transfer of Licence to CAcert for your contributions.
+That is, if you post an idea or comment on a CAcert forum,
+or email it to other Members,
+your work can be used freely by the Community for
+CAcert purposes, including placing under CAcert's licences
+for wider publication.
+</p>
+
+<p>
+You retain authorship rights, and the rights to also transfer
+non-exclusive rights to other parties.
+That is, you can still use your
+ideas and contributions outside the Community.
+</p>
+
+<p>
+Note that the following exceptions override this clause:
+</p>
+
+<ol><li>
+ Contributions to controlled documents are subject to
+ Policy on Policy ("PoP" =&gt; COD1)
+ </li><li>
+ Source code is subject to an open source licence regime.
+</li></ol>
+
+<h4 id="s1.4"> 1.4 Privacy </h4>
+
+
+<p>
+You give rights to CAcert to store, verify and process
+and publish your data in accordance with policies in force.
+These rights include shipping the data to foreign countries
+for system administration, support and processing purposes.
+Such shipping will only be done among
+CAcert Community administrators and Assurers.
+</p>
+
+<p>
+Privacy is further covered in the Privacy Policy ("PP" =&gt; COD5).
+</p>
+
+<h3 id="s2"> 2. Your Risks, Liabilities and Obligations </h3>
+
+<p>
+As a Member, you have risks, liabilities
+and obligations within this agreement.
+</p>
+
+<h4 id="s2.1"> 2.1 Risks </h4>
+
+<ol><li>
+ A certificate may prove unreliable.
+ </li><li>
+ Your account, keys or other security tools may be
+ lost or otherwise compromised.
+ </li><li>
+ You may find yourself subject to Arbitration
+ (DRP =&gt; COD7).
+</li></ol>
+
+<h4 id="s2.2"> 2.2 Liabilities </h4>
+
+<ol><li>
+ You are liable for any penalties
+ as awarded against you by the Arbitrator.
+ </li><li>
+ Remedies are as defined in the DRP (COD7).
+ An Arbitrator's ruling may
+ include monetary amounts, awarded against you.
+ </li><li>
+ Your liability is limited to
+ a total maximum of
+ <b>1000 Euros</b>.
+ </li><li>
+ "Foreign Courts" may assert jurisdiction.
+ These include your local courts, and are outside our Arbitration.
+ Foreign Courts will generally refer to the Arbitration
+ Act of their country, which will generally refer
+ civil cases to Arbitration.
+ The Arbitration Act will not apply to criminal cases.
+</li></ol>
+
+<h4 id="s2.3"> 2.3 Obligations </h4>
+
+<p>
+ You are obliged
+</p>
+
+<ol><li>
+ to provide accurate information
+ as part of Assurance.
+ You give permission for verification of the information
+ using CAcert-approved methods.
+ </li><li>
+ to make no false representations.
+ </li><li>
+ to submit all your disputes to Arbitration
+ (DRP =&gt; COD7).
+</li></ol>
+
+<h4 id="s2.4"> 2.4 Principles </h4>
+
+<p>
+As a Member of CAcert, you are a member of
+the Community.
+ You are further obliged to
+ work within the spirit of the Principles
+ of the Community.
+ These are described in
+ <a href="https://svn.cacert.org/CAcert/principles.html">Principles of the Community</a>.
+</p>
+
+<h4 id="s2.5"> 2.5 Security </h4>
+<p>
+CAcert exists to help you to secure yourself.
+You are primarily responsible for your own security.
+Your security obligations include
+</p>
+
+<ol><li>
+ to secure yourself and your computing platform (e.g., PC),
+ </li><li>
+ to keep your email account in good working order,
+ </li><li>
+ to secure your CAcert account
+ (e.g., credentials such as username, password),
+ </li><li>
+ to secure your private keys,
+ </li><li>
+ to review certificates for accuracy,
+ and
+ </li><li>
+ when in doubt, notify CAcert,
+ </li><li>
+ when in doubt, take other reasonable actions, such as
+ revoking certificates,
+ changing account credentials,
+ and/or generating new keys.
+</li></ol>
+
+<p>
+Where, above, 'secure' means to protect to a reasonable
+degree, in proportion with your risks and the risks of
+others.
+</p>
+
+<h3 id="s3"> 3. Law and Jurisdiction </h3>
+
+<h4 id="s3.1"> 3.1 Governing Law </h4>
+
+<p>
+This agreement is governed under the law of
+New South Wales, Australia,
+being the home of the CAcert Inc. Association.
+</p>
+
+<h4 id="s3.2"> 3.2 Arbitration as Forum of Dispute Resolution </h4>
+
+<p>
+You agree, with CAcert and all of the Community,
+that all disputes arising out
+of or in connection to our use of CAcert services
+shall be referred to and finally resolved
+by Arbitration under the rules within the
+Dispute Resolution Policy of CAcert
+(DRP =&gt; COD7).
+The rules select a single Arbitrator chosen by CAcert
+from among senior Members in the Community.
+The ruling of the Arbitrator is binding and
+final on Members and CAcert alike.
+</p>
+
+<p>
+In general, the jurisdiction for resolution of disputes
+is within CAcert's own forum of Arbitration,
+as defined and controlled by its own rules (DRP =&gt; COD7).
+</p>
+
+<p>
+We use Arbitration for many purposes beyond the strict
+nature of disputes, such as governance and oversight.
+A systems administrator may
+need authorisation to conduct a non-routine action,
+and Arbitration may provide that authorisation.
+Thus, you may find yourself party to Arbitration
+that is simply support actions, and you may file disputes in
+order to initiate support actions.
+</p>
+
+<h4 id="s3.3"> 3.3 Termination </h4>
+<p>
+You may terminate this agreement by resigning
+from CAcert. You may do this at any time by
+writing to CAcert's online support forum and
+filing dispute to resign.
+All services will be terminated, and your
+certificates will be revoked.
+However, some information will continue to
+be held for certificate processing purposes.
+</p>
+
+<p>
+The provisions on Arbitration survive any termination
+by you by leaving CAcert.
+That is, even if you resign from CAcert,
+you are still bound by the DRP (COD7),
+and the Arbitrator may reinstate any provision of this
+agreement or bind you to a ruling.
+</p>
+
+<p>
+Only the Arbitrator may terminate this agreement with you.
+</p>
+
+<h4 id="s3.4"> 3.4 Changes of Agreement </h4>
+
+<p>
+CAcert may from time to time vary the terms of this Agreement.
+Changes will be done according to the documented CAcert policy
+for changing policies, and is subject to scrutiny and feedback
+by the Community.
+Changes will be notified to you by email to your primary address.
+</p>
+
+<p>
+If you do not agree to the changes, you may terminate as above.
+Continued use of the service shall be deemed to be agreement
+by you.
+</p>
+
+<h4 id="s3.5"> 3.5 Communication </h4>
+
+<p>
+Notifications to CAcert are to be sent by
+email to the address
+<b>support</b> <i>at</i> CAcert.org.
+You should attach a digital signature,
+but need not do so in the event of security
+or similar urgency.
+</p>
+
+<p>
+Notifications to you are sent
+by CAcert to the primary email address
+registered with your account.
+You are responsible for keeping your email
+account in good working order and able
+to receive emails from CAcert.
+</p>
+
+<p>
+Arbitration is generally conducted by email.
+</p>
+
+<h3 id="s4"> 4. Miscellaneous </h3>
+
+<h4 id="s4.1"> 4.1 Other Parties Within the Community </h4>
+
+<p>
+As well as you and other Members in the Community,
+CAcert forms agreements with third party
+vendors and others.
+Thus, such parties will also be in the Community.
+Such agreements are also controlled by the same
+policy process as this agreement, and they should
+mirror and reinforce these terms.
+</p>
+
+
+<h4 id="s4.2"> 4.2 References and Other Binding Documents </h4>
+
+<p>
+This agreement is CAcert Official Document 9 (COD9)
+and is a controlled document.
+</p>
+
+<p>
+You are also bound by
+</p>
+
+<ol><li>
+ <a href="https://www.cacert.org/policy/CertificationPracticeStatement.html">
+ Certification Practice Statement</a> (CPS =&gt; COD6).
+ </li><li>
+ <a href="https://www.cacert.org/policy/DisputeResolutionPolicy.html">
+ Dispute Resolution Policy</a> (DRP =&gt; COD7).
+ </li><li>
+ <a href="https://www.cacert.org/policy/PrivacyPolicy.html">
+ Privacy Policy</a> (PP =&gt; COD5).
+ </li><li>
+ <a href="https://svn.cacert.org/CAcert/principles.html">
+ Principles of the Community</a>.
+</li></ol>
+
+<p>
+Where documents are referred to as <i>=&gt; COD x</i>,
+they are controlled documents
+under the control of Policy on Policies (COD1).
+</p>
+
+<p>
+This agreement and controlled documents above are primary,
+and may not be replaced or waived except
+by formal policy channels and by Arbitration.
+</p>
+
+<h4 id="s4.3"> 4.3 Informative References </h4>
+
+<p>
+The governing documents are in English.
+Documents may be translated for convenience.
+Because we cannot control the legal effect of translations,
+the English documents are the ruling ones.
+</p>
+
+<p>
+You are encouraged to be familiar with the
+Assurer Handbook,
+which provides a more readable introduction for much of
+the information needed.
+The Handbook is not however an agreement, and is overruled
+by this agreement and others listed above.
+</p>
+
+<h4 id="s4.4"> 4.4 Not Covered in this Agreement </h4>
+
+<p>
+<b>Intellectual Property.</b>
+This Licence does not transfer any intellectual
+property rights ("IPR") to you. CAcert asserts and
+maintains its IPR over its roots, issued certificates,
+brands, logos and other assets.
+Note that the certificates issued to you
+are CAcert's intellectual property
+and you do not have rights other than those stated.
+</p>
+<p><a href="http://validator.w3.org/check?uri=referer"><img src="images/valid-html50-blue.png" alt="Valid HTML 5" height="31" width="88"></a></p>
+</body>
+</html>