0422cc7906ec8ad5a0c5538ef82456dba65b7c10
[cacert-devel.git] / www / policy / CAcertCommunityAgreement.php
1 <?='<?xml version="1.0" encoding="utf-8"?>'?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
3 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
4
5 <html xmlns="http://www.w3.org/1999/xhtml">
6 <head>
7 <meta name="generator" content="Bluefish 2.2.5" />
8 <meta name="generator" content="Bluefish 2.2.5" />
9 <meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" />
10
11 <title>CAcert Community Agreement</title>
12 <style type="text/css">
13 /*<![CDATA[*/
14 .comment {
15 color : steelblue;
16 }
17 .first-does-not-work {
18 color : red;
19 }
20 .q {
21 color : green;
22 font-weight: bold;
23 text-align: center;
24 font-style:italic;
25 }
26 .change {
27 color : blue;
28 font-weight: bold;
29 }
30 .strike {
31 color : blue;
32 text-decoration:line-through;
33 }
34 img.c3 {border-style: none;}
35 a.c2 {color: steelblue}
36 img.c1 {float: right; border-width: 0}
37 /*]]>*/
38 </style>
39 </head>
40
41 <body>
42 <div class="comment">
43 <table width="100%">
44 <tr>
45 <td rowspan="2">Name: CCA <a class="c2" href=
46 "https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD9</a><br />
47
48 Status: POLICY <a class="c2" href=
49 "https://wiki.cacert.org/PolicyDecisions#p20080109.1_CCA_to_POLICY_status">
50 p20080109.1</a><br />
51 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="draftadd">DRAFT
52 <a class="c2" href=
53 "https://wiki.cacert.org/PolicyDecisions#p20140709_CCA_update_to_DRAFT">
54 p20140709</a></span><br />
55 Editor: <a class="c2" href=
56 "https://wiki.cacert.org/Community/HomePagesMembers/BenediktHeintel">Benedikt</a><br />
57
58 Licence: <a class="c2" href="https://wiki.cacert.org/Policy#Licence"
59 title=
60 "this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy">
61 CC-by-sa+DRP</a><br /></td>
62
63 <td valign="top" align="right"><a href=
64 "https://www.cacert.org/policy/PolicyOnPolicy.php"><img src=
65 "images/cacert-policy.png" alt="CCA Status - POLICY" height="31" width=
66 "88" class="c3" /></a>
67 <!-- XXXXXXXXXXXXXX delete this going to POLICY --><br />
68 <a href="https://www.cacert.org/policy/PolicyOnPolicy.php"><img src=
69 "images/cacert-draft.png" alt="CCA Status - DRAFT" height="31" width=
70 "88" class="c3" /></a></td>
71 </tr>
72 </table>
73 </div>
74
75 <h2>CAcert Community Agreement</h2>
76
77 <h3><a name="0">0.</a> Introduction</h3>
78
79 <p>This agreement is between you, being a registered member ("Member") within
80 CAcert's community at large ("Community") and CAcert Incorporated ("CAcert"),
81 being an operator of services to the Community.</p>
82
83 <h4><a name="0.1">0.1</a> Terms</h4>
84
85 <ol>
86 <li>"CAcert" means CAcert Inc., a non-profit Association of Members
87 incorporated in New South Wales, Australia. Note that Association Members
88 are distinct from the Members defined here</li>
89
90 <li>"Member" means you, a registered participant within CAcert's Community,
91 with an account on the website and the facility to request certificates.
92 Members may be individuals ("natural persons") or organisations ("legal
93 persons").</li>
94
95 <li>"Organisation" is defined under the Organisation Assurance programme,
96 and generally includes corporations and other entities that become Members
97 and become Assured.</li>
98
99 <li>"Community" means all of the Members that are registered by this
100 agreement and other parties by other agreements, all being under CAcert's
101 Arbitration.</li>
102
103 <li>"Non-Related Person" ("NRP"), being someone who is not a Member, is not
104 part of the Community, and has not registered their agreement.</li>
105
106 <li>(withdrawn)</li>
107
108 <li>"Arbitration" is the Community's forum for resolving disputes, or
109 jurisdiction.</li>
110
111 <li>"Dispute Resolution Policy" ("DRP" =&gt; COD7) is the policy and rules
112 for resolving disputes.</li>
113
114 <li>"USE" means the act by your software to conduct its tasks,
115 incorporating the certificates according to software procedures.</li>
116
117 <li>"RELY" means your human act in taking on a risk and liability on the
118 basis of the claim(s) bound within a certificate.</li>
119
120 <li>"OFFER" means the your act of making available your certificate to
121 another person. Generally, you install and configure your software to act
122 as your agent and facilite this and other tasks. OFFER does not imply
123 suggestion of reliance.</li>
124
125 <li>"Issue" means creation of a certificate by CAcert. To create a
126 certificate, CAcert affixes a digital signature from the root onto a public
127 key and other information. This act would generally bind a statement or
128 claim, such as your name, to your key.</li>
129
130 <li>"Root" means CAcert's top level key, used for signing certificates for
131 Members. In this document, the term includes any subroots.</li>
132
133 <li>"CAcert Official Document" ("COD") is an official managed and
134 controlled document (e. g. a Policy) of CAcert.</li>
135
136 <li>"Certification Practice Statement" ("CPS" =&gt; COD6) is the document
137 that controls details about operational matters within CAcert.</li>
138 </ol>
139
140 <h3><a name="1">1.</a> Agreement and Licence</h3>
141
142 <h4><a name="1.1">1.1</a> Agreement</h4>
143
144 <p>You agree to the terms and conditions in this agreement. Your agreement is
145 given by but not limited to</p>
146
147 <ul>
148 <li>your signature on a form to request assurance of identity ("CAP"
149 form),</li>
150
151 <li>your request on the website to join the Community and create an
152 account,</li>
153
154 <li>your request for Organisation Assurance,</li>
155
156 <li>your request for issuing of certificates, or</li>
157
158 <li>if you USE, RELY, or OFFER any certificate issued to you.</li>
159 </ul>
160
161 <p>Your agreement is effective from the date of the first event above that
162 makes this agreement known to you. This Agreement replaces and supersedes any
163 prior agreements.</p>
164
165 <h4><a name="1.2">1.2</a> Licence</h4>
166
167 <p>As part of the Community, CAcert offers you these rights:</p>
168
169 <ol>
170 <li>You may USE any certificates issued by CAcert.</li>
171
172 <li>You may RELY on any certificate issued by CAcert, as explained and
173 limited by CPS (COD6).</li>
174
175 <li>You may OFFER certificates issued to you by CAcert to Members for their
176 RELIANCE.</li>
177
178 <li>You may OFFER certificates issued to you by CAcert to NRPs for their
179 USE, within the general principles of the Community.</li>
180
181 <li>This Licence is free of cost, non-exclusive, and
182 non-transferrable.</li>
183 </ol>
184
185 <h4><a name="1.3">1.3</a> Your Contributions</h4>
186
187 <p>You agree to a non-exclusive non-restrictive non-revokable transfer of
188 Licence to CAcert for your contributions. That is, if you post an idea or
189 comment on a CAcert forum, or email it to other Members, your work can be
190 used freely by the Community for CAcert purposes, including placing under
191 CAcert's licences for wider publication.</p>
192
193 <p>You retain authorship rights, and the rights to also transfer
194 non-exclusive rights to other parties. That is, you can still use your ideas
195 and contributions outside the Community.</p>
196
197 <p>Note that the following exceptions override this clause:</p>
198
199 <ol>
200 <li>Contributions to controlled documents are subject to Policy on Policy
201 ("PoP" =&gt; COD1)</li>
202
203 <li>Source code is subject to an open source licence regime.</li>
204
205 <li>Personal data</li>
206
207 <li>Postings under competing licenses if clearly stated when posted</li>
208 </ol>
209
210 <h4><a name="1.4">1.4</a> Privacy</h4>
211
212 <p>You give rights to CAcert to store, verify and process and publish your
213 data in accordance with policies in force. These rights include shipping the
214 data to foreign countries for system administration, support and processing
215 purposes. Such shipping will only be done among CAcert Community
216 administrators and Assurers.</p>
217
218 <p>Privacy is further covered in the Privacy Policy ("PP" =&gt; COD5).</p>
219
220 <h3><a name="2">2.</a> Your Risks, Liabilities and Obligations</h3>
221
222 <p>As a Member, you have risks, liabilities and obligations within this
223 agreement.</p>
224
225 <h4><a name="2.1">2.1</a> Risks</h4>
226
227 <ol>
228 <li>A certificate may prove unreliable.</li>
229
230 <li>Your account, keys or other security tools may be lost or otherwise
231 compromised.</li>
232
233 <li>You may find yourself subject to Arbitration (DRP =&gt; COD7).</li>
234 </ol>
235
236 <h4><a name="2.2">2.2</a> Liabilities</h4>
237
238 <ol>
239 <li>You are liable for any penalties as awarded against you by the
240 Arbitrator.</li>
241
242 <li>Remedies are as defined in the DRP (COD7). An Arbitrator's ruling may
243 include monetary amounts, awarded against you.</li>
244
245 <li>Your liability is limited to a total maximum of <b>1000 Euros</b>.</li>
246
247 <li>"Foreign Courts" may assert jurisdiction. These include your local
248 courts, and are outside our Arbitration. Foreign Courts will generally
249 refer to the Arbitration Act of their country, which will generally refer
250 civil cases to Arbitration. The Arbitration Act will not apply to criminal
251 cases.</li>
252 </ol>
253
254 <h4><a name="2.3">2.3</a> Obligations</h4>
255
256 <p>You are obliged</p>
257
258 <ol>
259 <li>to provide accurate information as part of Assurance. You give
260 permission for verification of the information using CAcert-approved
261 methods.</li>
262
263 <li>to make no false representations.</li>
264
265 <li>to submit all your disputes to Arbitration (DRP =&gt; COD7).</li>
266
267 <li>to assist the Arbitrator by truthfully providing information, or with
268 any other reasonable request.</li>
269
270 <li>to not share your CAcert account.</li>
271 </ol>
272
273 <h4><a name="2.4">2.4</a> Principles</h4>
274
275 <p>As a Member of CAcert, you are a member of the Community. You are further
276 obliged to work within the spirit of the Principles of the Community. These
277 are described in <a href=
278 "https://svn.cacert.org/CAcert/principles.html">Principles of the
279 Community</a>.</p>
280
281 <h4><a name="2.5">2.5</a> Security</h4>
282
283 <p>CAcert exists to help you to secure yourself. You are primarily
284 responsible for your own security. Your security obligations include</p>
285
286 <ol>
287 <li>to secure yourself and your computing platform (e. g. PC),</li>
288
289 <li>to keep your email account in good working order,</li>
290
291 <li>to secure your CAcert account (e. g., credentials such as username,
292 password),</li>
293
294 <li>to secure your private keys, ensuring that they are only used as
295 indicated by the certificate, or by wider agreement with others,</li>
296
297 <li>to review certificates for accuracy, and</li>
298
299 <li>when in doubt, notify CAcert,</li>
300
301 <li>when in doubt, take other reasonable actions, such as revoking
302 certificates, changing account credentials, and/or generating new
303 keys.</li>
304 </ol>
305
306 <p>Where, above, 'secure' means to protect to a reasonable degree, in
307 proportion with your risks and the risks of others.</p>
308
309 <h3><a name="3">3.</a> Law and Jurisdiction</h3>
310
311 <h4><a name="3.1">3.1</a> Governing Law</h4>
312
313 <p>This agreement is governed under the law of New South Wales, Australia,
314 being the home of the CAcert Inc. Association.</p>
315
316 <h4><a name="3.2">3.2</a> Arbitration as Forum of Dispute Resolution</h4>
317
318 <p>You agree, with CAcert and all of the Community, that all disputes arising
319 out of or in connection to our use of CAcert services shall be referred to
320 and finally resolved by Arbitration under the rules within the Dispute
321 Resolution Policy of CAcert (DRP =&gt; COD7). The rules select a single
322 Arbitrator chosen by CAcert from among senior Members in the Community. The
323 ruling of the Arbitrator is binding and final on Members and CAcert
324 alike.</p>
325
326 <p>In general, the jurisdiction for resolution of disputes is within CAcert's
327 own forum of Arbitration, as defined and controlled by its own rules (DRP
328 =&gt; COD7).</p>
329
330 <p>We use Arbitration for many purposes beyond the strict nature of disputes,
331 such as governance and oversight. A systems administrator may need
332 authorisation to conduct a non-routine action, and Arbitration may provide
333 that authorisation. Thus, you may find yourself party to Arbitration that is
334 simply support actions, and you may file disputes in order to initiate
335 support actions.</p>
336
337 <h4><a name="3.3">3.3</a> Termination</h4>
338
339 <p>The CAcert Community Agreement is terminated</p>
340
341 <ol>
342 <li>based on a Policy Group decision following (PoP =&gt; COD1). This
343 terminates the Agreement with every member.</li>
344
345 <li>with a ruling of the Arbitrator or the completion of a termination
346 process defined by an Arbitrator ruling (DRP =&gt; COD7).</li>
347
348 <li>by the end of existence of a member (i.e. death in the case of
349 individuals).</li>
350 </ol>
351
352 <p>A member may declare the wish to resign from CAcert at any time by writing
353 to <em>support AT cacert.org</em>. This triggers a process for termination of
354 this agreement with the member.</p>
355
356 <h4><a name="3.3">3.3a</a> Consequences of Termination</h4>
357
358 <p>The termination discontinues the right to USE, OFFER and CREATE personal
359 certificates in any account of the former member. Those certificates will be
360 revoked and all services to the former member will be terminated as soon as
361 possible. However, some information will continue to be held for certificate
362 processing purposes.</p>
363
364 <p>The provisions on Arbitration for the time of membership survive any
365 termination. Former members are still bound by the DRP (COD7), and the
366 Arbitrator may reinstate any provision of this agreement or bind them to a
367 ruling.</p>
368
369 <p>As far as Organisations are concerned details are also defined in the
370 Organisation Assurance Policy (OAP =&gt; COD11).</p>
371
372 <p>Every member learning about the death of a member or termination of
373 existence of a member should notify <em>support AT cacert.org</em>.</p>
374
375 <h4><a name="3.4">3.4</a> Changes of Agreement</h4>
376
377 <p>CAcert may from time to time vary the terms of this Agreement. Changes
378 will be done according to the documented CAcert policy for changing policies,
379 and is subject to scrutiny and feedback by the Community. Changes will be
380 notified to you by email to your primary address.</p>
381
382 <p>If you do not agree to the changes, you may terminate as above. Continued
383 use of the service shall be deemed to be agreement by you.</p>
384
385 <h4><a name="3.5">3.5</a> Communication</h4>
386
387 <p>You are responsible for keeping your primary email account in good working
388 order and able to receive emails from CAcert.</p>
389
390 <p>Notifications to CAcert are to be sent by email to the address <em>support
391 AT cacert.org</em>. You should attach a digital signature.</p>
392
393 <h3><a name="4">4.</a> Miscellaneous</h3>
394
395 <h4><a name="4.1">4.1</a> (withdrawn)</h4>
396
397 <h4><a name="4.2">4.2</a> References and Other Binding Documents</h4>
398
399 <p>You are also bound by the Policies of the Community under the control of
400 Policy on Policy ("PoP" =&gt; COD1) and listed in <a href=
401 "https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">Controlled
402 Document List</a>.</p>
403
404 <p>Controlled documents are primary, and may not be replaced
405 or waived except by formal policy channels and Arbitration.</p>
406
407 <p>This agreement is controlled document COD9.</p>
408
409 <h4><a name="4.3">4.3</a> Informative References</h4>
410
411 <p>The governing documents are in English. Documents may be translated for
412 convenience. Because we cannot control the legal effect of translations, the
413 English documents are the ruling ones.</p>
414
415 <p>Beside this Agreement and the Policies, there are other
416 documents, i. e. Policy Guides, Manuals and Handbooks, supporting and
417 explaining this Agreement and the Policies. These documents are not binding
418 and in doubt this Agreement and the Policies are valid.</p>
419
420 <h4><a name="4.4">4.4</a>(withdrawn)</h4>
421
422 </body>
423 </html>