summaryrefslogtreecommitdiff
path: root/www/policy/CAcertCommunityAgreement.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/policy/CAcertCommunityAgreement.php')
-rw-r--r--www/policy/CAcertCommunityAgreement.php512
1 files changed, 512 insertions, 0 deletions
diff --git a/www/policy/CAcertCommunityAgreement.php b/www/policy/CAcertCommunityAgreement.php
new file mode 100644
index 0000000..5c16b4b
--- /dev/null
+++ b/www/policy/CAcertCommunityAgreement.php
@@ -0,0 +1,512 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head><title>CAcert Community Agreement</title></head>
+<body>
+
+
+
+
+<h3> <a name="0"> 0. </a> Introduction </h3>
+
+<p>
+This agreement is between
+you, being a registered member ("Member")
+within CAcert's community at large ("Community")
+and CAcert Incorporated ("CAcert"),
+being an operator of services to the Community.
+</p>
+
+<h4> <a name="0.1"> 0.1 </a> Terms </h4>
+<ol><li>
+ "CAcert"
+ means CAcert Inc.,
+ a non-profit Association of Members incorporated in
+ New South Wales, Australia.
+ Note that Association Members are distinct from
+ the Members defined here.
+ </li><li>
+ "Member"
+ means you, a registered participant within CAcert's Community,
+ with an account on the website and the
+ facility to request certificates.
+ Members may be individuals ("natural persons")
+ or organisations ("legal persons").
+ </li><li>
+ "Organisation"
+ is defined under the Organisation Assurance programme,
+ and generally includes corporations and other entities
+ that become Members and become Assured.
+ </li><li>
+ "Community"
+ means all of the Members
+ that are registered by this agreement
+ and other parties by other agreements,
+ all being under CAcert's Arbitration.
+ </li><li>
+ "Non-Related Person" ("NRP"),
+ being someone who is not a
+ Member, is not part of the Community,
+ and has not registered their agreement.
+ Such people are offered the NRP-DaL
+ another agreement allowing the USE of certificates.
+ </li><li>
+ "Non-Related Persons - Disclaimer and Licence" ("NRP-DaL"),
+ another agreement that is offered to persons outside the
+ Community.
+ </li><li>
+ "Arbitration"
+ is the Community's forum for
+ resolving disputes, or jurisdiction.
+ </li><li>
+ "Dispute Resolution Policy" ("DRP" => COD7)
+ is the policy and
+ rules for resolving disputes.
+ </li><li>
+ "USE"
+ means the act by your software
+ to conduct its tasks, incorporating
+ the certificates according to software procedures.
+ </li><li>
+ "RELY"
+ means your human act in taking on a
+ risk and liability on the basis of the claim(s)
+ bound within a certificate.
+ </li><li>
+ "OFFER"
+ means the your act
+ of making available your certificate to another person.
+ Generally, you install and configure your software
+ to act as your agent and facilite this and other tasks.
+ OFFER does not imply suggestion of reliance.
+ </li><li>
+ "Issue"
+ means creation of a certificate by CAcert.
+ To create a certificate,
+ CAcert affixes a digital signature from the root
+ onto a public key and other information.
+ This act would generally bind a statement or claim,
+ such as your name, to your key.
+ </li><li>
+ "Root"
+ means CAcert's top level key,
+ used for signing certificates for Members.
+ In this document, the term includes any subroots.
+ </li><li>
+ "CAcert Official Document" ("COD" => COD3)
+ in a standard format for describing the details of
+ operation and governance essential to a certificate authority.
+ Changes are managed and controlled.
+ CODs define more technical terms.
+ See 4.2 for listing of relevant CODs.
+ </li><li>
+ "Certification Practice Statement" ("CPS" => COD6)
+ is the document that controls details
+ about operational matters within CAcert.
+</li></ol>
+
+
+<h3> <a name="1"> 1. </a> Agreement and Licence </h3>
+
+<h4> <a name="1.1"> 1.1 </a> Agreement </h4>
+
+<p>
+You and CAcert both agree to the terms and conditions
+in this agreement.
+Your agreement is given by any of
+</p>
+
+<ul><li>
+ your signature on a form to request assurance of identity
+ ("CAP" form),
+ </li><li>
+ your request on the website
+ to join the Community and create an account,
+ </li><li>
+ your request for Organisation Assurance,
+ </li><li>
+ your request for issuing of certificates, or
+ </li><li>
+ if you USE, RELY, or OFFER
+ any certificate issued to you.
+</li></ul>
+
+<p>
+Your agreement
+is effective from the date of the first event above
+that makes this agreement known to you.
+This Agreement
+replaces and supercedes prior agreements,
+including the NRP-DaL.
+</p>
+
+
+<h4> <a name="1.2"> 1.2 </a> Licence </h4>
+
+<p>
+As part of the Community, CAcert offers you these rights:
+</p>
+
+<ol><li>
+ You may USE any certificates issued by CAcert.
+ </li><li>
+ You may RELY on any certificate issued by CAcert,
+ as explained and limited by CPS (COD6).
+ </li><li>
+ You may OFFER certificates issued to you by CAcert
+ to Members for their RELIANCE.
+ </li><li>
+ You may OFFER certificates issued to you by CAcert
+ to NRPs for their USE, within the general principles
+ of the Community.
+ </li><li>
+ This Licence is free of cost,
+ non-exclusive, and non-transferrable.
+</li></ol>
+
+<h4> <a name="1.3"> 1.3 </a> Your Contributions </h4>
+
+
+<p>
+You agree to a non-exclusive non-restrictive non-revokable
+transfer of Licence to CAcert for your contributions.
+That is, if you post an idea or comment on a CAcert forum,
+or email it to other Members,
+your work can be used freely by the Community for
+CAcert purposes, including placing under CAcert's licences
+for wider publication.
+</p>
+
+<p>
+You retain authorship rights, and the rights to also transfer
+non-exclusive rights to other parties.
+That is, you can still use your
+ideas and contributions outside the Community.
+</p>
+
+<p>
+Note that the following exceptions override this clause:
+</p>
+
+<ol><li>
+ Contributions to controlled documents are subject to
+ Policy on Policy ("PoP" => COD1)
+ </li><li>
+ Source code is subject to an open source licence regime.
+</li></ol>
+
+<h4> <a name="1.4"> 1.4 </a> Privacy </h4>
+
+
+<p>
+You give rights to CAcert to store, verify and process
+and publish your data in accordance with policies in force.
+These rights include shipping the data to foreign countries
+for system administration, support and processing purposes.
+Such shipping will only be done among
+CAcert Community administrators and Assurers.
+</p>
+
+<p>
+Privacy is further covered in the Privacy Policy ("PP" => COD5).
+</p>
+
+<h3> <a name="2"> 2. </a> Your Risks, Liabilities and Obligations </h3>
+
+<p>
+As a Member, you have risks, liabilities
+and obligations within this agreement.
+</p>
+
+<h4> <a name="2.1"> 2.1 </a> Risks </h4>
+
+<ol><li>
+ A certificate may prove unreliable.
+ </li><li>
+ Your account, keys or other security tools may be
+ lost or otherwise compromised.
+ </li><li>
+ You may find yourself subject to Arbitration
+ (DRP => COD7).
+</li></ol>
+
+<h4> <a name="2.2"> 2.2 </a> Liabilities </h4>
+
+<ol><li>
+ You are liable for any penalties
+ as awarded against you by the Arbitrator.
+ </li><li>
+ Remedies are as defined in the DRP (COD7).
+ An Arbitrator's ruling may
+ include monetary amounts, awarded against you.
+ </li><li>
+ Your liability is limited to
+ a total maximum of
+ <b>1000 Euros</b>.
+ </li><li>
+ "Foreign Courts" may assert jurisdiction.
+ These include your local courts, and are outside our Arbitration.
+ Foreign Courts will generally refer to the Arbitration
+ Act of their country, which will generally refer
+ civil cases to Arbitration.
+ The Arbitration Act will not apply to criminal cases.
+</li></ol>
+
+<h4> <a name="2.3"> 2.3 </a> Obligations </h4>
+
+<p>
+ You are obliged
+</p>
+
+<ol><li>
+ to provide accurate information
+ as part of Assurance.
+ You give permission for verification of the information
+ using CAcert-approved methods.
+ </li><li>
+ to make no false representations.
+ </li><li>
+ to submit all your disputes to Arbitration
+ (DRP => COD7).
+</li></ol>
+
+<h4> <a name="2.4"> 2.4 </a> Principles </h4>
+
+<p>
+As a Member of CAcert, you are a member of
+the Community.
+ You are further obliged to
+ work within the spirit of the Principles
+ of the Community.
+ These are described in
+ <a href="http://svn.cacert.org/CAcert/principles.html">Principles of the Community</a>.
+</p>
+
+<h4> <a name="2.5"> 2.5 </a> Security </h4>
+<p>
+CAcert exists to help you to secure yourself.
+You are primarily responsible for your own security.
+Your security obligations include
+</p>
+
+<ol><li>
+ to secure yourself and your computing platform (e.g., PC),
+ </li><li>
+ to keep your email account in good working order,
+ </li><li>
+ to secure your CAcert account
+ (e.g., credentials such as username, password),
+ </li><li>
+ to secure your private keys,
+ </li><li>
+ to review certificates for accuracy,
+ and
+ </li><li>
+ when in doubt, notify CAcert,
+ </li><li>
+ when in doubt, take other reasonable actions, such as
+ revoking certificates,
+ changing account credentials,
+ and/or generating new keys.
+</li></ol>
+
+<p>
+Where, above, 'secure' means to protect to a reasonable
+degree, in proportion with your risks and the risks of
+others.
+</p>
+
+<h3> <a name="3"> 3. </a> Law and Jurisdiction </h3>
+
+<h4> <a name="3.1"> 3.1 </a> Governing Law </h4>
+
+<p>
+This agreement is governed under the law of
+New South Wales, Australia,
+being the home of the CAcert Inc. Association.
+</p>
+
+<h4> <a name="3.2"> 3.2 </a> Arbitration as Forum of Dispute Resolution </h4>
+
+<p>
+You agree, with CAcert and all of the Community,
+that all disputes arising out
+of or in connection to our use of CAcert services
+shall be referred to and finally resolved
+by Arbitration under the rules within the
+Dispute Resolution Policy of CAcert
+(DRP => COD7).
+The rules select a single Arbitrator chosen by CAcert
+from among senior Members in the Community.
+The ruling of the Arbitrator is binding and
+final on Members and CAcert alike.
+</p>
+
+<p>
+In general, the jurisdiction for resolution of disputes
+is within CAcert's own forum of Arbitration,
+as defined and controlled by its own rules (DRP => COD7).
+</p>
+
+<p>
+We use Arbitration for many purposes beyond the strict
+nature of disputes, such as governance and oversight.
+A systems administrator may
+need authorisation to conduct a non-routine action,
+and Arbitration may provide that authorisation.
+Thus, you may find yourself party to Arbitration
+that is simply support actions, and you may file disputes in
+order to initiate support actions.
+</p>
+
+<h4> <a name="3.3"> 3.3 </a> Termination </h4>
+<p>
+You may terminate this agreement by resigning
+from CAcert. You may do this at any time by
+writing to CAcert's online support forum and
+filing dispute to resign.
+All services will be terminated, and your
+certificates will be revoked.
+However, some information will continue to
+be held for certificate processing purposes.
+</p>
+
+<p>
+The provisions on Arbitration survive any termination
+by you by leaving CAcert.
+That is, even if you resign from CAcert,
+you are still bound by the DRP (COD7),
+and the Arbitrator may reinstate any provision of this
+agreement or bind you to a ruling.
+</p>
+
+<p>
+Only the Arbitrator may terminate this agreement with you.
+</p>
+
+<h4> <a name="3.4"> 3.4 </a> Changes of Agreement </h4>
+
+<p>
+CAcert may from time to time vary the terms of this Agreement.
+Changes will be done according to the documented CAcert policy
+for changing policies, and is subject to scrutiny and feedback
+by the Community.
+Changes will be notified to you by email to your primary address.
+</p>
+
+<p>
+If you do not agree to the changes, you may terminate as above.
+Continued use of the service shall be deemed to be agreement
+by you.
+</p>
+
+<h4> <a name="3.5"> 3.5 </a> Communication </h4>
+
+<p>
+Notifications to CAcert are to be sent by
+email to the address
+<b>support</b> <i>at</i> CAcert.org.
+You should attach a digital signature,
+but need not do so in the event of security
+or similar urgency.
+</p>
+
+<p>
+Notifications to you are sent
+by CAcert to the primary email address
+registered with your account.
+You are responsible for keeping your email
+account in good working order and able
+to receive emails from CAcert.
+</p>
+
+<p>
+Arbitration is generally conducted by email.
+</p>
+
+<h3> <a name="4"> 4. </a> Miscellaneous </h3>
+
+<h4> <a name="4.1"> 4.1 </a> Other Parties Within the Community </h4>
+
+<p>
+As well as you and other Members in the Community,
+CAcert forms agreements with third party
+vendors and others.
+Thus, such parties will also be in the Community.
+Such agreements are also controlled by the same
+policy process as this agreement, and they should
+mirror and reinforce these terms.
+</p>
+
+
+<h4> <a name="4.2"> 4.2 </a> References and Other Binding Documents </h4>
+
+<p>
+This agreement is CAcert Official Document 9 (COD9)
+and is a controlled document.
+</p>
+
+<p>
+You are also bound by
+</p>
+
+<ol><li>
+ <a href="http://svn.cacert.org/CAcert/policy.htm">
+ Certification Practice Statement</a> (CPS => COD6).
+ </li><li>
+ <a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">
+ Dispute Resolution Policy</a> (DRP => COD7).
+ </li><li>
+ <a href="http://www.cacert.org/index.php?id=10">
+ Privacy Policy</a> (PP => COD5).
+ </li><li>
+ <a href="http://svn.cacert.org/CAcert/principles.html">
+ Principles of the Community</a>.
+</li></ol>
+
+<p>
+Where documents are referred to as <i>=> COD x</i>,
+they are controlled documents
+under the control of Policy on Policies (COD1).
+</p>
+
+<p>
+This agreement and controlled documents above are primary,
+and may not be replaced or waived except
+by formal policy channels and by Arbitration.
+</p>
+
+<h4> <a name="4.3"> 4.3 </a> Informative References </h4>
+
+<p>
+The governing documents are in English.
+Documents may be translated for convenience.
+Because we cannot control the legal effect of translations,
+the English documents are the ruling ones.
+</p>
+
+<p>
+You are encouraged to be familiar with the
+Assurer Handbook,
+which provides a more readable introduction for much of
+the information needed.
+The Handbook is not however an agreement, and is overruled
+by this agreement and others listed above.
+</p>
+
+<h4> <a name="4.4"> 4.4 </a> Not Covered in this Agreement </h4>
+
+<p>
+<b>Intellectual Property.</b>
+This Licence does not transfer any intellectual
+property rights ("IPR") to you. CAcert asserts and
+maintains its IPR over its roots, issued certificates,
+brands, logos and other assets.
+Note that the certificates issued to you
+are CAcert's intellectual property
+and you do not have rights other than those stated.
+</p>
+
+
+</body>
+</html>