bug 1293: Renewed version provided by the Editor
[cacert-devel.git] / www / policy / CAcertCommunityAgreement.php
1 <?='<?xml version="1.0" encoding="utf-8"?>'?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
3 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
4
5 <html xmlns="http://www.w3.org/1999/xhtml">
6 <head>
7 <title>CAcert Community Agreement</title>
8 <style type="text/css">
9 /*<![CDATA[*/
10 .comment {
11 color : steelblue;
12 }
13 .first-does-not-work {
14 color : red;
15 }
16 .q {
17 color : green;
18 font-weight: bold;
19 text-align: center;
20 font-style:italic;
21 }
22 .change {
23 color : blue;
24 font-weight: bold;
25 }
26 .strike {
27 color : blue;
28 text-decoration:line-through;
29 }
30 img.c3 {border-style: none;}
31 a.c2 {color: steelblue;}
32 img.c1 {float: right; border-width: 0}
33 /*]]>*/
34 </style>
35 </head>
36
37 <body>
38 <div class="comment">
39 <table width="100%">
40 <tr>
41 <td rowspan="2">Name: CCA <a class="c2" href=
42 "https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD9</a><br />
43
44 Status: POLICY <a class="c2" href=
45 "https://wiki.cacert.org/PolicyDecisions#p20080109.1_CCA_to_POLICY_status">
46 p20080109.1</a><br />
47 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="draftadd">DRAFT
48 <a class="c2" href=
49 "https://wiki.cacert.org/PolicyDecisions#p20140709_CCA_update_to_DRAFT">
50 p20140709</a></span><br />
51 Editor: <a class="c2" href=
52 "https://wiki.cacert.org/Community/HomePagesMembers/BenediktHeintel">Benedikt</a><br />
53
54 Licence: <a class="c2" href="https://wiki.cacert.org/Policy#Licence"
55 title=
56 "this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy">
57 CC-by-sa+DRP</a><br /></td>
58
59 <td valign="top" align="right"><a href=
60 "https://www.cacert.org/policy/PolicyOnPolicy.php"><img src=
61 "images/cacert-policy.png" alt="CCA Status - POLICY" height="31" width=
62 "88" class="c3" /></a>
63 <!-- XXXXXXXXXXXXXX delete this going to POLICY --><br />
64 <a href="https://www.cacert.org/policy/PolicyOnPolicy.php"><img src=
65 "images/cacert-draft.png" alt="CCA Status - DRAFT" height="31" width=
66 "88" class="c3" /></a></td>
67 </tr>
68 </table>
69 </div>
70
71 <h2>CAcert Community Agreement</h2>
72
73 <h3><a name="0">0.</a> Introduction</h3>
74
75 <p>This agreement is between you, being a registered member ("Member") within
76 CAcert's community at large ("Community") and CAcert Incorporated ("CAcert"),
77 being an operator of services to the Community.</p>
78
79 <h4><a name="0.1">0.1</a> Terms</h4>
80
81 <ol>
82 <li>"CAcert" means CAcert Inc., a non-profit Association of Members
83 incorporated in New South Wales, Australia. Note that Association Members
84 are distinct from the Members defined here</li>
85
86 <li>"Member" means you, a registered participant within CAcert's Community,
87 with an account on the website and the facility to request certificates.
88 Members may be individuals ("natural persons") or organisations ("legal
89 persons").</li>
90
91 <li>"Organisation" is defined under the Organisation Assurance programme,
92 and generally includes corporations and other entities that become Members
93 and become Assured.</li>
94
95 <li>"Community" means all of the Members that are registered by this
96 agreement and other parties by other agreements, all being under CAcert's
97 Arbitration.</li>
98
99 <li>"Non-Related Person" ("NRP"), being someone who is not a Member, is not
100 part of the Community, and has not registered their agreement.</li>
101
102 <li>(withdrawn)</li>
103
104 <li>"Arbitration" is the Community's forum for resolving disputes, or
105 jurisdiction.</li>
106
107 <li>"Dispute Resolution Policy" ("DRP" =&gt; COD7) is the policy and rules
108 for resolving disputes.</li>
109
110 <li>"USE" means the act by your software to conduct its tasks,
111 incorporating the certificates according to software procedures.</li>
112
113 <li>"RELY" means your human act in taking on a risk and liability on the
114 basis of the claim(s) bound within a certificate.</li>
115
116 <li>"OFFER" means the your act of making available your certificate to
117 another person. Generally, you install and configure your software to act
118 as your agent and facilite this and other tasks. OFFER does not imply
119 suggestion of reliance.</li>
120
121 <li>"Issue" means creation of a certificate by CAcert. To create a
122 certificate, CAcert affixes a digital signature from the root onto a public
123 key and other information. This act would generally bind a statement or
124 claim, such as your name, to your key.</li>
125
126 <li>"Root" means CAcert's top level key, used for signing certificates for
127 Members. In this document, the term includes any subroots.</li>
128
129 <li>"CAcert Official Document" ("COD") is an official managed and
130 controlled document (e. g. a Policy) of CAcert.</li>
131
132 <li>"Certification Practice Statement" ("CPS" =&gt; COD6) is the document
133 that controls details about operational matters within CAcert.</li>
134 </ol>
135
136 <h3><a name="1">1.</a> Agreement and Licence</h3>
137
138 <h4><a name="1.1">1.1</a> Agreement</h4>
139
140 <p>You agree to the terms and conditions in this agreement. Your agreement is
141 given by but not limited to</p>
142
143 <ul>
144 <li>your signature on a form to request assurance of identity ("CAP"
145 form),</li>
146
147 <li>your request on the website to join the Community and create an
148 account,</li>
149
150 <li>your request for Organisation Assurance,</li>
151
152 <li>your request for issuing of certificates, or</li>
153
154 <li>if you USE, RELY, or OFFER any certificate issued to you.</li>
155 </ul>
156
157 <p>Your agreement is effective from the date of the first event above that
158 makes this agreement known to you. This Agreement replaces and supersedes any
159 prior agreements.</p>
160
161 <h4><a name="1.2">1.2</a> Licence</h4>
162
163 <p>As part of the Community, CAcert offers you these rights:</p>
164
165 <ol>
166 <li>You may USE any certificates issued by CAcert.</li>
167
168 <li>You may RELY on any certificate issued by CAcert, as explained and
169 limited by CPS (COD6).</li>
170
171 <li>You may OFFER certificates issued to you by CAcert to Members for their
172 RELIANCE.</li>
173
174 <li>You may OFFER certificates issued to you by CAcert to NRPs for their
175 USE, within the general principles of the Community.</li>
176
177 <li>This Licence is free of cost, non-exclusive, and
178 non-transferrable.</li>
179 </ol>
180
181 <h4><a name="1.3">1.3</a> Your Contributions</h4>
182
183 <p>You agree to a non-exclusive non-restrictive non-revokable transfer of
184 Licence to CAcert for your contributions. That is, if you post an idea or
185 comment on a CAcert forum, or email it to other Members, your work can be
186 used freely by the Community for CAcert purposes, including placing under
187 CAcert's licences for wider publication.</p>
188
189 <p>You retain authorship rights, and the rights to also transfer
190 non-exclusive rights to other parties. That is, you can still use your ideas
191 and contributions outside the Community.</p>
192
193 <p>Note that the following exceptions override this clause:</p>
194
195 <ol>
196 <li>Contributions to controlled documents are subject to Policy on Policy
197 ("PoP" =&gt; COD1)</li>
198
199 <li>Source code is subject to an open source licence regime.</li>
200
201 <li>Personal data</li>
202
203 <li>Postings under competing licenses if clearly stated when posted</li>
204 </ol>
205
206 <h4><a name="1.4">1.4</a> Privacy</h4>
207
208 <p>You give rights to CAcert to store, verify and process and publish your
209 data in accordance with policies in force. These rights include shipping the
210 data to foreign countries for system administration, support and processing
211 purposes. Such shipping will only be done among CAcert Community
212 administrators and Assurers.</p>
213
214 <p>Privacy is further covered in the Privacy Policy ("PP" =&gt; COD5).</p>
215
216 <h3><a name="2">2.</a> Your Risks, Liabilities and Obligations</h3>
217
218 <p>As a Member, you have risks, liabilities and obligations within this
219 agreement.</p>
220
221 <h4><a name="2.1">2.1</a> Risks</h4>
222
223 <ol>
224 <li>A certificate may prove unreliable.</li>
225
226 <li>Your account, keys or other security tools may be lost or otherwise
227 compromised.</li>
228
229 <li>You may find yourself subject to Arbitration (DRP =&gt; COD7).</li>
230 </ol>
231
232 <h4><a name="2.2">2.2</a> Liabilities</h4>
233
234 <ol>
235 <li>You are liable for any penalties as awarded against you by the
236 Arbitrator.</li>
237
238 <li>Remedies are as defined in the DRP (COD7). An Arbitrator's ruling may
239 include monetary amounts, awarded against you.</li>
240
241 <li>Your liability is limited to a total maximum of <b>1000 Euros</b>.</li>
242
243 <li>"Foreign Courts" may assert jurisdiction. These include your local
244 courts, and are outside our Arbitration. Foreign Courts will generally
245 refer to the Arbitration Act of their country, which will generally refer
246 civil cases to Arbitration. The Arbitration Act will not apply to criminal
247 cases.</li>
248 </ol>
249
250 <h4><a name="2.3">2.3</a> Obligations</h4>
251
252 <p>You are obliged</p>
253
254 <ol>
255 <li>to provide accurate information as part of Assurance. You give
256 permission for verification of the information using CAcert-approved
257 methods.</li>
258
259 <li>to make no false representations.</li>
260
261 <li>to submit all your disputes to Arbitration (DRP =&gt; COD7).</li>
262
263 <li>to assist the Arbitrator by truthfully providing information, or with
264 any other reasonable request.</li>
265
266 <li>to not share your CAcert account.</li>
267 </ol>
268
269 <h4><a name="2.4">2.4</a> Principles</h4>
270
271 <p>As a Member of CAcert, you are a member of the Community. You are further
272 obliged to work within the spirit of the Principles of the Community. These
273 are described in <a href=
274 "https://svn.cacert.org/CAcert/principles.html">Principles of the
275 Community</a>.</p>
276
277 <h4><a name="2.5">2.5</a> Security</h4>
278
279 <p>CAcert exists to help you to secure yourself. You are primarily
280 responsible for your own security. Your security obligations include</p>
281
282 <ol>
283 <li>to secure yourself and your computing platform (e. g. PC),</li>
284
285 <li>to keep your email account in good working order,</li>
286
287 <li>to secure your CAcert account (e. g., credentials such as username,
288 password),</li>
289
290 <li>to secure your private keys, ensuring that they are only used as
291 indicated by the certificate, or by wider agreement with others,</li>
292
293 <li>to review certificates for accuracy, and</li>
294
295 <li>when in doubt, notify CAcert,</li>
296
297 <li>when in doubt, take other reasonable actions, such as revoking
298 certificates, changing account credentials, and/or generating new
299 keys.</li>
300 </ol>
301
302 <p>Where, above, 'secure' means to protect to a reasonable degree, in
303 proportion with your risks and the risks of others.</p>
304
305 <h3><a name="3">3.</a> Law and Jurisdiction</h3>
306
307 <h4><a name="3.1">3.1</a> Governing Law</h4>
308
309 <p>This agreement is governed under the law of New South Wales, Australia,
310 being the home of the CAcert Inc. Association.</p>
311
312 <h4><a name="3.2">3.2</a> Arbitration as Forum of Dispute Resolution</h4>
313
314 <p>You agree, with CAcert and all of the Community, that all disputes arising
315 out of or in connection to our use of CAcert services shall be referred to
316 and finally resolved by Arbitration under the rules within the Dispute
317 Resolution Policy of CAcert (DRP =&gt; COD7). The rules select a single
318 Arbitrator chosen by CAcert from among senior Members in the Community. The
319 ruling of the Arbitrator is binding and final on Members and CAcert
320 alike.</p>
321
322 <p>In general, the jurisdiction for resolution of disputes is within CAcert's
323 own forum of Arbitration, as defined and controlled by its own rules (DRP
324 =&gt; COD7).</p>
325
326 <p>We use Arbitration for many purposes beyond the strict nature of disputes,
327 such as governance and oversight. A systems administrator may need
328 authorisation to conduct a non-routine action, and Arbitration may provide
329 that authorisation. Thus, you may find yourself party to Arbitration that is
330 simply support actions, and you may file disputes in order to initiate
331 support actions.</p>
332
333 <h4><a name="3.3">3.3</a> Termination</h4>
334
335 <p>The CAcert Community Agreement is terminated</p>
336
337 <ol>
338 <li>based on a Policy Group decision following (PoP =&gt; COD1). This
339 terminates the Agreement with every member.</li>
340
341 <li>with a ruling of the Arbitrator or the completion of a termination
342 process defined by an Arbitrator ruling (DRP =&gt; COD7).</li>
343
344 <li>by the end of existence of a member (i.e. death in the case of
345 individuals).</li>
346 </ol>
347
348 <p>A member may declare the wish to resign from CAcert at any time by writing
349 to <em>support AT cacert.org</em>. This triggers a process for termination of
350 this agreement with the member.</p>
351
352 <h4><a name="3.3">3.3a</a> Consequences of Termination</h4>
353
354 <p>The termination discontinues the right to USE, OFFER and CREATE personal
355 certificates in any account of the former member. Those certificates will be
356 revoked and all services to the former member will be terminated as soon as
357 possible. However, some information will continue to be held for certificate
358 processing purposes.</p>
359
360 <p>The provisions on Arbitration for the time of membership survive any
361 termination. Former members are still bound by the DRP (COD7), and the
362 Arbitrator may reinstate any provision of this agreement or bind them to a
363 ruling.</p>
364
365 <p>As far as Organisations are concerned details are also defined in the
366 Organisation Assurance Policy (OAP =&gt; COD11).</p>
367
368 <p>Every member learning about the death of a member or termination of
369 existence of a member should notify <em>support AT cacert.org</em>.</p>
370
371 <h4><a name="3.4">3.4</a> Changes of Agreement</h4>
372
373 <p>CAcert may from time to time vary the terms of this Agreement. Changes
374 will be done according to the documented CAcert policy for changing policies,
375 and is subject to scrutiny and feedback by the Community. Changes will be
376 notified to you by email to your primary address.</p>
377
378 <p>If you do not agree to the changes, you may terminate as above. Continued
379 use of the service shall be deemed to be agreement by you.</p>
380
381 <h4><a name="3.5">3.5</a> Communication</h4>
382
383 <p>You are responsible for keeping your primary email account in good working
384 order and able to receive emails from CAcert.</p>
385
386 <p>Notifications to CAcert are to be sent by email to the address <em>support
387 AT cacert.org</em>. You should attach a digital signature.</p>
388
389 <h3><a name="4">4.</a> Miscellaneous</h3>
390
391 <h4><a name="4.1">4.1</a> (withdrawn)</h4>
392
393 <h4><a name="4.2">4.2</a> References and Other Binding Documents</h4>
394
395 <p>You are also bound by the Policies of the Community under the control of
396 Policy on Policy ("PoP" =&gt; COD1) and listed in <a href=
397 "https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">Controlled
398 Document List</a>.</p>
399
400 <p>Controlled documents are primary, and may not be replaced or waived except
401 by formal policy channels and Arbitration.</p>
402
403 <p>This agreement is controlled document COD9.</p>
404
405 <h4><a name="4.3">4.3</a> Informative References</h4>
406
407 <p>The governing documents are in English. Documents may be translated for
408 convenience. Because we cannot control the legal effect of translations, the
409 English documents are the ruling ones.</p>
410
411 <p>Beside this Agreement and the Policies, there are other documents, i. e.
412 Policy Guides, Manuals and Handbooks, supporting and explaining this
413 Agreement and the Policies. These documents are not binding and in doubt this
414 Agreement and the Policies are valid.</p>
415
416 <h4><a name="4.4">4.4</a>(withdrawn)</h4>
417 </body>
418 </html>