bug 1131: Properly escape greater than signs
[cacert-devel.git] / www / policy / CAcertCommunityAgreement.html
1 <!DOCTYPE html>
2 <html>
3 <head>
4 <meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" lang="en">
5 <title>CAcert Community Agreement</title>
6 <style>
7 .r{
8 text-align: right;
9 }
10 .vTop{
11 vertical-align: top;
12 }
13 </style>
14
15 </head>
16 <body>
17
18 <div class="comment">
19 <table style="width: 100%;">
20
21 <tr>
22 <td>
23 Name: CCA <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD9</a><br />
24 Status: POLICY <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20080109">p20080109</a><br />
25 Editor: <a style="color: steelblue" href="https://wiki.cacert.org/Iang">Iang</a><br />
26 Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright &copy; CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br />
27
28 </td>
29 <td class="vTop r">
30 <a href="https://www.cacert.org/policy/PolicyOnPolicy.html"><img src="images/cacert-policy.png" alt="CCA Status - POLICY" height="31" width="88" style="border-style: none;" /></a>
31
32 </td>
33 </tr>
34 </table>
35 </div>
36
37 <h2> CAcert Community Agreement </h2>
38
39
40
41 <h3> <a id="s0"> 0. </a> Introduction </h3>
42
43 <p>
44 This agreement is between
45 you, being a registered member ("Member")
46 within CAcert's community at large ("Community")
47 and CAcert Incorporated ("CAcert"),
48 being an operator of services to the Community.
49 </p>
50
51 <h4> <a id="s0.1"> 0.1 </a> Terms </h4>
52 <ol><li>
53 "CAcert"
54 means CAcert Inc.,
55 a non-profit Association of Members incorporated in
56 New South Wales, Australia.
57 Note that Association Members are distinct from
58 the Members defined here.
59 </li><li>
60 "Member"
61 means you, a registered participant within CAcert's Community,
62 with an account on the website and the
63 facility to request certificates.
64 Members may be individuals ("natural persons")
65 or organisations ("legal persons").
66 </li><li>
67 "Organisation"
68 is defined under the Organisation Assurance programme,
69 and generally includes corporations and other entities
70 that become Members and become Assured.
71 </li><li>
72 "Community"
73 means all of the Members
74 that are registered by this agreement
75 and other parties by other agreements,
76 all being under CAcert's Arbitration.
77 </li><li>
78 "Non-Related Person" ("NRP"),
79 being someone who is not a
80 Member, is not part of the Community,
81 and has not registered their agreement.
82 Such people are offered the NRP-DaL
83 another agreement allowing the USE of certificates.
84 </li><li>
85 "Non-Related Persons - Disclaimer and Licence" ("NRP-DaL"),
86 another agreement that is offered to persons outside the
87 Community.
88 </li><li>
89 "Arbitration"
90 is the Community's forum for
91 resolving disputes, or jurisdiction.
92 </li><li>
93 "Dispute Resolution Policy" ("DRP" =&gt; COD7)
94 is the policy and
95 rules for resolving disputes.
96 </li><li>
97 "USE"
98 means the act by your software
99 to conduct its tasks, incorporating
100 the certificates according to software procedures.
101 </li><li>
102 "RELY"
103 means your human act in taking on a
104 risk and liability on the basis of the claim(s)
105 bound within a certificate.
106 </li><li>
107 "OFFER"
108 means the your act
109 of making available your certificate to another person.
110 Generally, you install and configure your software
111 to act as your agent and facilite this and other tasks.
112 OFFER does not imply suggestion of reliance.
113 </li><li>
114 "Issue"
115 means creation of a certificate by CAcert.
116 To create a certificate,
117 CAcert affixes a digital signature from the root
118 onto a public key and other information.
119 This act would generally bind a statement or claim,
120 such as your name, to your key.
121 </li><li>
122 "Root"
123 means CAcert's top level key,
124 used for signing certificates for Members.
125 In this document, the term includes any subroots.
126 </li><li>
127 "CAcert Official Document" ("COD" =&gt; COD3)
128 in a standard format for describing the details of
129 operation and governance essential to a certificate authority.
130 Changes are managed and controlled.
131 CODs define more technical terms.
132 See 4.2 for listing of relevant CODs.
133 </li><li>
134 "Certification Practice Statement" ("CPS" =&gt; COD6)
135 is the document that controls details
136 about operational matters within CAcert.
137 </li></ol>
138
139
140 <h3> <a id="s1"> 1. </a> Agreement and Licence </h3>
141
142 <h4> <a id="s1.1"> 1.1 </a> Agreement </h4>
143
144 <p>
145 You and CAcert both agree to the terms and conditions
146 in this agreement.
147 Your agreement is given by any of
148 </p>
149
150 <ul><li>
151 your signature on a form to request assurance of identity
152 ("CAP" form),
153 </li><li>
154 your request on the website
155 to join the Community and create an account,
156 </li><li>
157 your request for Organisation Assurance,
158 </li><li>
159 your request for issuing of certificates, or
160 </li><li>
161 if you USE, RELY, or OFFER
162 any certificate issued to you.
163 </li></ul>
164
165 <p>
166 Your agreement
167 is effective from the date of the first event above
168 that makes this agreement known to you.
169 This Agreement
170 replaces and supercedes prior agreements,
171 including the NRP-DaL.
172 </p>
173
174
175 <h4> <a id="s1.2"> 1.2 </a> Licence </h4>
176
177 <p>
178 As part of the Community, CAcert offers you these rights:
179 </p>
180
181 <ol><li>
182 You may USE any certificates issued by CAcert.
183 </li><li>
184 You may RELY on any certificate issued by CAcert,
185 as explained and limited by CPS (COD6).
186 </li><li>
187 You may OFFER certificates issued to you by CAcert
188 to Members for their RELIANCE.
189 </li><li>
190 You may OFFER certificates issued to you by CAcert
191 to NRPs for their USE, within the general principles
192 of the Community.
193 </li><li>
194 This Licence is free of cost,
195 non-exclusive, and non-transferrable.
196 </li></ol>
197
198 <h4> <a id="s1.3"> 1.3 </a> Your Contributions </h4>
199
200
201 <p>
202 You agree to a non-exclusive non-restrictive non-revokable
203 transfer of Licence to CAcert for your contributions.
204 That is, if you post an idea or comment on a CAcert forum,
205 or email it to other Members,
206 your work can be used freely by the Community for
207 CAcert purposes, including placing under CAcert's licences
208 for wider publication.
209 </p>
210
211 <p>
212 You retain authorship rights, and the rights to also transfer
213 non-exclusive rights to other parties.
214 That is, you can still use your
215 ideas and contributions outside the Community.
216 </p>
217
218 <p>
219 Note that the following exceptions override this clause:
220 </p>
221
222 <ol><li>
223 Contributions to controlled documents are subject to
224 Policy on Policy ("PoP" =&gt; COD1)
225 </li><li>
226 Source code is subject to an open source licence regime.
227 </li></ol>
228
229 <h4> <a id="s1.4"> 1.4 </a> Privacy </h4>
230
231
232 <p>
233 You give rights to CAcert to store, verify and process
234 and publish your data in accordance with policies in force.
235 These rights include shipping the data to foreign countries
236 for system administration, support and processing purposes.
237 Such shipping will only be done among
238 CAcert Community administrators and Assurers.
239 </p>
240
241 <p>
242 Privacy is further covered in the Privacy Policy ("PP" =&gt; COD5).
243 </p>
244
245 <h3> <a id="s2"> 2. </a> Your Risks, Liabilities and Obligations </h3>
246
247 <p>
248 As a Member, you have risks, liabilities
249 and obligations within this agreement.
250 </p>
251
252 <h4> <a id="s2.1"> 2.1 </a> Risks </h4>
253
254 <ol><li>
255 A certificate may prove unreliable.
256 </li><li>
257 Your account, keys or other security tools may be
258 lost or otherwise compromised.
259 </li><li>
260 You may find yourself subject to Arbitration
261 (DRP =&gt; COD7).
262 </li></ol>
263
264 <h4> <a id="s2.2"> 2.2 </a> Liabilities </h4>
265
266 <ol><li>
267 You are liable for any penalties
268 as awarded against you by the Arbitrator.
269 </li><li>
270 Remedies are as defined in the DRP (COD7).
271 An Arbitrator's ruling may
272 include monetary amounts, awarded against you.
273 </li><li>
274 Your liability is limited to
275 a total maximum of
276 <b>1000 Euros</b>.
277 </li><li>
278 "Foreign Courts" may assert jurisdiction.
279 These include your local courts, and are outside our Arbitration.
280 Foreign Courts will generally refer to the Arbitration
281 Act of their country, which will generally refer
282 civil cases to Arbitration.
283 The Arbitration Act will not apply to criminal cases.
284 </li></ol>
285
286 <h4> <a id="s2.3"> 2.3 </a> Obligations </h4>
287
288 <p>
289 You are obliged
290 </p>
291
292 <ol><li>
293 to provide accurate information
294 as part of Assurance.
295 You give permission for verification of the information
296 using CAcert-approved methods.
297 </li><li>
298 to make no false representations.
299 </li><li>
300 to submit all your disputes to Arbitration
301 (DRP =&gt; COD7).
302 </li></ol>
303
304 <h4> <a id="s2.4"> 2.4 </a> Principles </h4>
305
306 <p>
307 As a Member of CAcert, you are a member of
308 the Community.
309 You are further obliged to
310 work within the spirit of the Principles
311 of the Community.
312 These are described in
313 <a href="https://svn.cacert.org/CAcert/principles.html">Principles of the Community</a>.
314 </p>
315
316 <h4> <a id="s2.5"> 2.5 </a> Security </h4>
317 <p>
318 CAcert exists to help you to secure yourself.
319 You are primarily responsible for your own security.
320 Your security obligations include
321 </p>
322
323 <ol><li>
324 to secure yourself and your computing platform (e.g., PC),
325 </li><li>
326 to keep your email account in good working order,
327 </li><li>
328 to secure your CAcert account
329 (e.g., credentials such as username, password),
330 </li><li>
331 to secure your private keys,
332 </li><li>
333 to review certificates for accuracy,
334 and
335 </li><li>
336 when in doubt, notify CAcert,
337 </li><li>
338 when in doubt, take other reasonable actions, such as
339 revoking certificates,
340 changing account credentials,
341 and/or generating new keys.
342 </li></ol>
343
344 <p>
345 Where, above, 'secure' means to protect to a reasonable
346 degree, in proportion with your risks and the risks of
347 others.
348 </p>
349
350 <h3> <a id="s3"> 3. </a> Law and Jurisdiction </h3>
351
352 <h4> <a id="s3.1"> 3.1 </a> Governing Law </h4>
353
354 <p>
355 This agreement is governed under the law of
356 New South Wales, Australia,
357 being the home of the CAcert Inc. Association.
358 </p>
359
360 <h4> <a id="s3.2"> 3.2 </a> Arbitration as Forum of Dispute Resolution </h4>
361
362 <p>
363 You agree, with CAcert and all of the Community,
364 that all disputes arising out
365 of or in connection to our use of CAcert services
366 shall be referred to and finally resolved
367 by Arbitration under the rules within the
368 Dispute Resolution Policy of CAcert
369 (DRP =&gt; COD7).
370 The rules select a single Arbitrator chosen by CAcert
371 from among senior Members in the Community.
372 The ruling of the Arbitrator is binding and
373 final on Members and CAcert alike.
374 </p>
375
376 <p>
377 In general, the jurisdiction for resolution of disputes
378 is within CAcert's own forum of Arbitration,
379 as defined and controlled by its own rules (DRP =&gt; COD7).
380 </p>
381
382 <p>
383 We use Arbitration for many purposes beyond the strict
384 nature of disputes, such as governance and oversight.
385 A systems administrator may
386 need authorisation to conduct a non-routine action,
387 and Arbitration may provide that authorisation.
388 Thus, you may find yourself party to Arbitration
389 that is simply support actions, and you may file disputes in
390 order to initiate support actions.
391 </p>
392
393 <h4> <a id="s3.3"> 3.3 </a> Termination </h4>
394 <p>
395 You may terminate this agreement by resigning
396 from CAcert. You may do this at any time by
397 writing to CAcert's online support forum and
398 filing dispute to resign.
399 All services will be terminated, and your
400 certificates will be revoked.
401 However, some information will continue to
402 be held for certificate processing purposes.
403 </p>
404
405 <p>
406 The provisions on Arbitration survive any termination
407 by you by leaving CAcert.
408 That is, even if you resign from CAcert,
409 you are still bound by the DRP (COD7),
410 and the Arbitrator may reinstate any provision of this
411 agreement or bind you to a ruling.
412 </p>
413
414 <p>
415 Only the Arbitrator may terminate this agreement with you.
416 </p>
417
418 <h4> <a id="s3.4"> 3.4 </a> Changes of Agreement </h4>
419
420 <p>
421 CAcert may from time to time vary the terms of this Agreement.
422 Changes will be done according to the documented CAcert policy
423 for changing policies, and is subject to scrutiny and feedback
424 by the Community.
425 Changes will be notified to you by email to your primary address.
426 </p>
427
428 <p>
429 If you do not agree to the changes, you may terminate as above.
430 Continued use of the service shall be deemed to be agreement
431 by you.
432 </p>
433
434 <h4> <a id="s3.5"> 3.5 </a> Communication </h4>
435
436 <p>
437 Notifications to CAcert are to be sent by
438 email to the address
439 <b>support</b> <i>at</i> CAcert.org.
440 You should attach a digital signature,
441 but need not do so in the event of security
442 or similar urgency.
443 </p>
444
445 <p>
446 Notifications to you are sent
447 by CAcert to the primary email address
448 registered with your account.
449 You are responsible for keeping your email
450 account in good working order and able
451 to receive emails from CAcert.
452 </p>
453
454 <p>
455 Arbitration is generally conducted by email.
456 </p>
457
458 <h3> <a id="s4"> 4. </a> Miscellaneous </h3>
459
460 <h4> <a id="s4.1"> 4.1 </a> Other Parties Within the Community </h4>
461
462 <p>
463 As well as you and other Members in the Community,
464 CAcert forms agreements with third party
465 vendors and others.
466 Thus, such parties will also be in the Community.
467 Such agreements are also controlled by the same
468 policy process as this agreement, and they should
469 mirror and reinforce these terms.
470 </p>
471
472
473 <h4> <a id="s4.2"> 4.2 </a> References and Other Binding Documents </h4>
474
475 <p>
476 This agreement is CAcert Official Document 9 (COD9)
477 and is a controlled document.
478 </p>
479
480 <p>
481 You are also bound by
482 </p>
483
484 <ol><li>
485 <a href="https://www.cacert.org/policy/CertificationPracticeStatement.html">
486 Certification Practice Statement</a> (CPS =&gt; COD6).
487 </li><li>
488 <a href="https://www.cacert.org/policy/DisputeResolutionPolicy.html">
489 Dispute Resolution Policy</a> (DRP =&gt; COD7).
490 </li><li>
491 <a href="https://www.cacert.org/policy/PrivacyPolicy.html">
492 Privacy Policy</a> (PP =&gt; COD5).
493 </li><li>
494 <a href="https://svn.cacert.org/CAcert/principles.html">
495 Principles of the Community</a>.
496 </li></ol>
497
498 <p>
499 Where documents are referred to as <i>=&gt; COD x</i>,
500 they are controlled documents
501 under the control of Policy on Policies (COD1).
502 </p>
503
504 <p>
505 This agreement and controlled documents above are primary,
506 and may not be replaced or waived except
507 by formal policy channels and by Arbitration.
508 </p>
509
510 <h4> <a id="s4.3"> 4.3 </a> Informative References </h4>
511
512 <p>
513 The governing documents are in English.
514 Documents may be translated for convenience.
515 Because we cannot control the legal effect of translations,
516 the English documents are the ruling ones.
517 </p>
518
519 <p>
520 You are encouraged to be familiar with the
521 Assurer Handbook,
522 which provides a more readable introduction for much of
523 the information needed.
524 The Handbook is not however an agreement, and is overruled
525 by this agreement and others listed above.
526 </p>
527
528 <h4> <a id="s4.4"> 4.4 </a> Not Covered in this Agreement </h4>
529
530 <p>
531 <b>Intellectual Property.</b>
532 This Licence does not transfer any intellectual
533 property rights ("IPR") to you. CAcert asserts and
534 maintains its IPR over its roots, issued certificates,
535 brands, logos and other assets.
536 Note that the certificates issued to you
537 are CAcert's intellectual property
538 and you do not have rights other than those stated.
539 </p>
540 <p><a href="http://validator.w3.org/check?uri=referer"><img src="images/valid-html50-blue.png" alt="Valid HTML 5" height="31" width="88"></a></p>
541 </body>
542 </html>