e715aaceb39d850dda11f44d1c08f3487570fa80
[cacert-devel.git] / www / policy / CAcertCommunityAgreement.html
1 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
2
3 <html>
4 <head><title>CAcert Community Agreement</title></head>
5 <body>
6
7 <div class="comment">
8 <table width="100%">
9
10 <tr>
11 <td rowspan="2">
12 Name: CCA <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD9</a><br />
13 Status: POLICY <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20080109">p20080109</a><br />
14 Editor: <a style="color: steelblue" href="https://wiki.cacert.org/Iang">Iang</a><br />
15 Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright &copy; CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br />
16
17 </td>
18 <td valign="top" align="right">
19 <a href="https://www.cacert.org/policy/PolicyOnPolicy.html"><img src="images/cacert-policy.png" alt="CCA Status - POLICY" height="31" width="88" style="border-style: none;" /></a>
20
21 </td>
22 </tr>
23 </table>
24 </div>
25
26 <h2> CAcert Community Agreement </h2>
27
28
29
30 <h3> <a name="s0"> 0. </a> Introduction </h3>
31
32 <p>
33 This agreement is between
34 you, being a registered member ("Member")
35 within CAcert's community at large ("Community")
36 and CAcert Incorporated ("CAcert"),
37 being an operator of services to the Community.
38 </p>
39
40 <h4> <a name="s0.1"> 0.1 </a> Terms </h4>
41 <ol><li>
42 "CAcert"
43 means CAcert Inc.,
44 a non-profit Association of Members incorporated in
45 New South Wales, Australia.
46 Note that Association Members are distinct from
47 the Members defined here.
48 </li><li>
49 "Member"
50 means you, a registered participant within CAcert's Community,
51 with an account on the website and the
52 facility to request certificates.
53 Members may be individuals ("natural persons")
54 or organisations ("legal persons").
55 </li><li>
56 "Organisation"
57 is defined under the Organisation Assurance programme,
58 and generally includes corporations and other entities
59 that become Members and become Assured.
60 </li><li>
61 "Community"
62 means all of the Members
63 that are registered by this agreement
64 and other parties by other agreements,
65 all being under CAcert's Arbitration.
66 </li><li>
67 "Non-Related Person" ("NRP"),
68 being someone who is not a
69 Member, is not part of the Community,
70 and has not registered their agreement.
71 Such people are offered the NRP-DaL
72 another agreement allowing the USE of certificates.
73 </li><li>
74 "Non-Related Persons - Disclaimer and Licence" ("NRP-DaL"),
75 another agreement that is offered to persons outside the
76 Community.
77 </li><li>
78 "Arbitration"
79 is the Community's forum for
80 resolving disputes, or jurisdiction.
81 </li><li>
82 "Dispute Resolution Policy" ("DRP" => COD7)
83 is the policy and
84 rules for resolving disputes.
85 </li><li>
86 "USE"
87 means the act by your software
88 to conduct its tasks, incorporating
89 the certificates according to software procedures.
90 </li><li>
91 "RELY"
92 means your human act in taking on a
93 risk and liability on the basis of the claim(s)
94 bound within a certificate.
95 </li><li>
96 "OFFER"
97 means the your act
98 of making available your certificate to another person.
99 Generally, you install and configure your software
100 to act as your agent and facilite this and other tasks.
101 OFFER does not imply suggestion of reliance.
102 </li><li>
103 "Issue"
104 means creation of a certificate by CAcert.
105 To create a certificate,
106 CAcert affixes a digital signature from the root
107 onto a public key and other information.
108 This act would generally bind a statement or claim,
109 such as your name, to your key.
110 </li><li>
111 "Root"
112 means CAcert's top level key,
113 used for signing certificates for Members.
114 In this document, the term includes any subroots.
115 </li><li>
116 "CAcert Official Document" ("COD" => COD3)
117 in a standard format for describing the details of
118 operation and governance essential to a certificate authority.
119 Changes are managed and controlled.
120 CODs define more technical terms.
121 See 4.2 for listing of relevant CODs.
122 </li><li>
123 "Certification Practice Statement" ("CPS" => COD6)
124 is the document that controls details
125 about operational matters within CAcert.
126 </li></ol>
127
128
129 <h3> <a name="s1"> 1. </a> Agreement and Licence </h3>
130
131 <h4> <a name="s1.1"> 1.1 </a> Agreement </h4>
132
133 <p>
134 You and CAcert both agree to the terms and conditions
135 in this agreement.
136 Your agreement is given by any of
137 </p>
138
139 <ul><li>
140 your signature on a form to request assurance of identity
141 ("CAP" form),
142 </li><li>
143 your request on the website
144 to join the Community and create an account,
145 </li><li>
146 your request for Organisation Assurance,
147 </li><li>
148 your request for issuing of certificates, or
149 </li><li>
150 if you USE, RELY, or OFFER
151 any certificate issued to you.
152 </li></ul>
153
154 <p>
155 Your agreement
156 is effective from the date of the first event above
157 that makes this agreement known to you.
158 This Agreement
159 replaces and supercedes prior agreements,
160 including the NRP-DaL.
161 </p>
162
163
164 <h4> <a name="s1.2"> 1.2 </a> Licence </h4>
165
166 <p>
167 As part of the Community, CAcert offers you these rights:
168 </p>
169
170 <ol><li>
171 You may USE any certificates issued by CAcert.
172 </li><li>
173 You may RELY on any certificate issued by CAcert,
174 as explained and limited by CPS (COD6).
175 </li><li>
176 You may OFFER certificates issued to you by CAcert
177 to Members for their RELIANCE.
178 </li><li>
179 You may OFFER certificates issued to you by CAcert
180 to NRPs for their USE, within the general principles
181 of the Community.
182 </li><li>
183 This Licence is free of cost,
184 non-exclusive, and non-transferrable.
185 </li></ol>
186
187 <h4> <a name="s1.3"> 1.3 </a> Your Contributions </h4>
188
189
190 <p>
191 You agree to a non-exclusive non-restrictive non-revokable
192 transfer of Licence to CAcert for your contributions.
193 That is, if you post an idea or comment on a CAcert forum,
194 or email it to other Members,
195 your work can be used freely by the Community for
196 CAcert purposes, including placing under CAcert's licences
197 for wider publication.
198 </p>
199
200 <p>
201 You retain authorship rights, and the rights to also transfer
202 non-exclusive rights to other parties.
203 That is, you can still use your
204 ideas and contributions outside the Community.
205 </p>
206
207 <p>
208 Note that the following exceptions override this clause:
209 </p>
210
211 <ol><li>
212 Contributions to controlled documents are subject to
213 Policy on Policy ("PoP" => COD1)
214 </li><li>
215 Source code is subject to an open source licence regime.
216 </li></ol>
217
218 <h4> <a name="s1.4"> 1.4 </a> Privacy </h4>
219
220
221 <p>
222 You give rights to CAcert to store, verify and process
223 and publish your data in accordance with policies in force.
224 These rights include shipping the data to foreign countries
225 for system administration, support and processing purposes.
226 Such shipping will only be done among
227 CAcert Community administrators and Assurers.
228 </p>
229
230 <p>
231 Privacy is further covered in the Privacy Policy ("PP" => COD5).
232 </p>
233
234 <h3> <a name="s2"> 2. </a> Your Risks, Liabilities and Obligations </h3>
235
236 <p>
237 As a Member, you have risks, liabilities
238 and obligations within this agreement.
239 </p>
240
241 <h4> <a name="s2.1"> 2.1 </a> Risks </h4>
242
243 <ol><li>
244 A certificate may prove unreliable.
245 </li><li>
246 Your account, keys or other security tools may be
247 lost or otherwise compromised.
248 </li><li>
249 You may find yourself subject to Arbitration
250 (DRP => COD7).
251 </li></ol>
252
253 <h4> <a name="s2.2"> 2.2 </a> Liabilities </h4>
254
255 <ol><li>
256 You are liable for any penalties
257 as awarded against you by the Arbitrator.
258 </li><li>
259 Remedies are as defined in the DRP (COD7).
260 An Arbitrator's ruling may
261 include monetary amounts, awarded against you.
262 </li><li>
263 Your liability is limited to
264 a total maximum of
265 <b>1000 Euros</b>.
266 </li><li>
267 "Foreign Courts" may assert jurisdiction.
268 These include your local courts, and are outside our Arbitration.
269 Foreign Courts will generally refer to the Arbitration
270 Act of their country, which will generally refer
271 civil cases to Arbitration.
272 The Arbitration Act will not apply to criminal cases.
273 </li></ol>
274
275 <h4> <a name="s2.3"> 2.3 </a> Obligations </h4>
276
277 <p>
278 You are obliged
279 </p>
280
281 <ol><li>
282 to provide accurate information
283 as part of Assurance.
284 You give permission for verification of the information
285 using CAcert-approved methods.
286 </li><li>
287 to make no false representations.
288 </li><li>
289 to submit all your disputes to Arbitration
290 (DRP => COD7).
291 </li></ol>
292
293 <h4> <a name="s2.4"> 2.4 </a> Principles </h4>
294
295 <p>
296 As a Member of CAcert, you are a member of
297 the Community.
298 You are further obliged to
299 work within the spirit of the Principles
300 of the Community.
301 These are described in
302 <a href="https://svn.cacert.org/CAcert/principles.html">Principles of the Community</a>.
303 </p>
304
305 <h4> <a name="s2.5"> 2.5 </a> Security </h4>
306 <p>
307 CAcert exists to help you to secure yourself.
308 You are primarily responsible for your own security.
309 Your security obligations include
310 </p>
311
312 <ol><li>
313 to secure yourself and your computing platform (e.g., PC),
314 </li><li>
315 to keep your email account in good working order,
316 </li><li>
317 to secure your CAcert account
318 (e.g., credentials such as username, password),
319 </li><li>
320 to secure your private keys,
321 </li><li>
322 to review certificates for accuracy,
323 and
324 </li><li>
325 when in doubt, notify CAcert,
326 </li><li>
327 when in doubt, take other reasonable actions, such as
328 revoking certificates,
329 changing account credentials,
330 and/or generating new keys.
331 </li></ol>
332
333 <p>
334 Where, above, 'secure' means to protect to a reasonable
335 degree, in proportion with your risks and the risks of
336 others.
337 </p>
338
339 <h3> <a name="s3"> 3. </a> Law and Jurisdiction </h3>
340
341 <h4> <a name="s3.1"> 3.1 </a> Governing Law </h4>
342
343 <p>
344 This agreement is governed under the law of
345 New South Wales, Australia,
346 being the home of the CAcert Inc. Association.
347 </p>
348
349 <h4> <a name="s3.2"> 3.2 </a> Arbitration as Forum of Dispute Resolution </h4>
350
351 <p>
352 You agree, with CAcert and all of the Community,
353 that all disputes arising out
354 of or in connection to our use of CAcert services
355 shall be referred to and finally resolved
356 by Arbitration under the rules within the
357 Dispute Resolution Policy of CAcert
358 (DRP => COD7).
359 The rules select a single Arbitrator chosen by CAcert
360 from among senior Members in the Community.
361 The ruling of the Arbitrator is binding and
362 final on Members and CAcert alike.
363 </p>
364
365 <p>
366 In general, the jurisdiction for resolution of disputes
367 is within CAcert's own forum of Arbitration,
368 as defined and controlled by its own rules (DRP => COD7).
369 </p>
370
371 <p>
372 We use Arbitration for many purposes beyond the strict
373 nature of disputes, such as governance and oversight.
374 A systems administrator may
375 need authorisation to conduct a non-routine action,
376 and Arbitration may provide that authorisation.
377 Thus, you may find yourself party to Arbitration
378 that is simply support actions, and you may file disputes in
379 order to initiate support actions.
380 </p>
381
382 <h4> <a name="s3.3"> 3.3 </a> Termination </h4>
383 <p>
384 You may terminate this agreement by resigning
385 from CAcert. You may do this at any time by
386 writing to CAcert's online support forum and
387 filing dispute to resign.
388 All services will be terminated, and your
389 certificates will be revoked.
390 However, some information will continue to
391 be held for certificate processing purposes.
392 </p>
393
394 <p>
395 The provisions on Arbitration survive any termination
396 by you by leaving CAcert.
397 That is, even if you resign from CAcert,
398 you are still bound by the DRP (COD7),
399 and the Arbitrator may reinstate any provision of this
400 agreement or bind you to a ruling.
401 </p>
402
403 <p>
404 Only the Arbitrator may terminate this agreement with you.
405 </p>
406
407 <h4> <a name="s3.4"> 3.4 </a> Changes of Agreement </h4>
408
409 <p>
410 CAcert may from time to time vary the terms of this Agreement.
411 Changes will be done according to the documented CAcert policy
412 for changing policies, and is subject to scrutiny and feedback
413 by the Community.
414 Changes will be notified to you by email to your primary address.
415 </p>
416
417 <p>
418 If you do not agree to the changes, you may terminate as above.
419 Continued use of the service shall be deemed to be agreement
420 by you.
421 </p>
422
423 <h4> <a name="s3.5"> 3.5 </a> Communication </h4>
424
425 <p>
426 Notifications to CAcert are to be sent by
427 email to the address
428 <b>support</b> <i>at</i> CAcert.org.
429 You should attach a digital signature,
430 but need not do so in the event of security
431 or similar urgency.
432 </p>
433
434 <p>
435 Notifications to you are sent
436 by CAcert to the primary email address
437 registered with your account.
438 You are responsible for keeping your email
439 account in good working order and able
440 to receive emails from CAcert.
441 </p>
442
443 <p>
444 Arbitration is generally conducted by email.
445 </p>
446
447 <h3> <a name="s4"> 4. </a> Miscellaneous </h3>
448
449 <h4> <a name="s4.1"> 4.1 </a> Other Parties Within the Community </h4>
450
451 <p>
452 As well as you and other Members in the Community,
453 CAcert forms agreements with third party
454 vendors and others.
455 Thus, such parties will also be in the Community.
456 Such agreements are also controlled by the same
457 policy process as this agreement, and they should
458 mirror and reinforce these terms.
459 </p>
460
461
462 <h4> <a name="s4.2"> 4.2 </a> References and Other Binding Documents </h4>
463
464 <p>
465 This agreement is CAcert Official Document 9 (COD9)
466 and is a controlled document.
467 </p>
468
469 <p>
470 You are also bound by
471 </p>
472
473 <ol><li>
474 <a href="https://www.cacert.org/policy/CertificationPracticeStatement.html">
475 Certification Practice Statement</a> (CPS => COD6).
476 </li><li>
477 <a href="https://www.cacert.org/policy/DisputeResolutionPolicy.html">
478 Dispute Resolution Policy</a> (DRP => COD7).
479 </li><li>
480 <a href="https://www.cacert.org/policy/PrivacyPolicy.html">
481 Privacy Policy</a> (PP => COD5).
482 </li><li>
483 <a href="https://svn.cacert.org/CAcert/principles.html">
484 Principles of the Community</a>.
485 </li></ol>
486
487 <p>
488 Where documents are referred to as <i>=> COD x</i>,
489 they are controlled documents
490 under the control of Policy on Policies (COD1).
491 </p>
492
493 <p>
494 This agreement and controlled documents above are primary,
495 and may not be replaced or waived except
496 by formal policy channels and by Arbitration.
497 </p>
498
499 <h4> <a name="s4.3"> 4.3 </a> Informative References </h4>
500
501 <p>
502 The governing documents are in English.
503 Documents may be translated for convenience.
504 Because we cannot control the legal effect of translations,
505 the English documents are the ruling ones.
506 </p>
507
508 <p>
509 You are encouraged to be familiar with the
510 Assurer Handbook,
511 which provides a more readable introduction for much of
512 the information needed.
513 The Handbook is not however an agreement, and is overruled
514 by this agreement and others listed above.
515 </p>
516
517 <h4> <a name="s4.4"> 4.4 </a> Not Covered in this Agreement </h4>
518
519 <p>
520 <b>Intellectual Property.</b>
521 This Licence does not transfer any intellectual
522 property rights ("IPR") to you. CAcert asserts and
523 maintains its IPR over its roots, issued certificates,
524 brands, logos and other assets.
525 Note that the certificates issued to you
526 are CAcert's intellectual property
527 and you do not have rights other than those stated.
528 </p>
529 <p><a href="http://validator.w3.org/check?uri=referer"><img src="images/valid-html401-blue.png" alt="Valid HTML 4.01 Transitional" align="bottom" border="0" height="31" width="88"></a></p>
530 </body>
531 </html>