bug 1293: Remove the icon according to W3C guidelines
[cacert-devel.git] / www / policy / CAcertCommunityAgreement.php
1 <!DOCTYPE html>
2 <html xmlns="http://www.w3.org/1999/xhtml">
3 <head>
4 <meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" />
5 <title> CAcert Community Agreement </title>
6 <style type="text/css">
7 <!--
8 .comment {
9 color : steelblue;
10 }
11 .first-does-not-work {
12 color : red;
13 }
14 .q {
15 color : green;
16 font-weight: bold;
17 text-align: center;
18 font-style:italic;
19 }
20 .change {
21 color : blue;
22 font-weight: bold;
23 }
24 .change2 {
25 color : blue;
26 font-weight: bold;
27 }
28 .change3 {
29 color : blue;
30 font-weight: bold;
31 }
32 .change4 {
33 color : blue;
34 font-weight: bold;
35 }
36 .change5 {
37 color : blue;
38 font-weight: bold;
39 }
40 .change6 {
41 color : blue;
42 font-weight: bold;
43 }
44 .change7 {
45 color : blue ;
46 font-weight: bold;
47 }
48 .change8 {
49 color : blue;
50 font-weight: bold;
51 }
52 .change9 {
53 color : blue;
54 font-weight: bold;
55 }
56 .change10 {
57 color : blue;
58 font-weight: bold;
59 }
60 .change11 {
61 color : blue;
62 font-weight: bold;
63 }
64 .change12 {
65 color : blue;
66 font-weight: bold;
67 }
68 .change13 {
69 color : blue;
70 font-weight: bold;
71 }
72 .strike {
73 color : blue;
74 text-decoration:line-through;
75 }
76 .strike2 {
77 color : blue;
78 text-decoration:line-through;
79 }
80 .strike4 {
81 color : blue;
82 text-decoration:line-through;
83 }
84 .strike5 {
85 color : blue;
86 text-decoration:line-through;
87 }
88 .strike6 {
89 color : blue;
90 text-decoration:line-through;
91 }
92 .strike7 {
93 color : blue;
94 text-decoration:line-through;
95 }
96 .strike8 {
97 color : blue;
98 text-decoration:line-through;
99 }
100 .strike9 {
101 color : blue;
102 text-decoration:line-through;
103 }
104 .strike10 {
105 color : blue;
106 text-decoration:line-through;
107 }
108 .strike11 {
109 color : blue;
110 text-decoration:line-through;
111 }
112 .strike12 {
113 color : blue;
114 text-decoration:line-through;
115 }
116 .strike13 {
117 color : blue;
118 text-decoration:line-through;
119 }
120 -->
121 </style>
122
123 </head>
124 <body>
125 <div class="comment">
126 <table width="100%">
127
128 <tr>
129 <td rowspan="2">
130 Name: CCA <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD9</a><br />
131 Status: POLICY <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20080109.1_CCA_to_POLICY_status">p20080109.1</a><br />
132 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <span class="draftadd">DRAFT <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20140709_CCA_update_to_DRAFT">p20140709</a></span> <br />
133 Editor: <a style="color: steelblue" href="https://wiki.cacert.org/Community/HomePagesMembers/BenediktHeintel">Benedikt</a><br />
134 Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright &copy; CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy">CC-by-sa+DRP</a><br />
135
136 </td>
137 <td valign="top" align="right">
138 <a href="https://www.cacert.org/policy/PolicyOnPolicy.php"><img src="images/cacert-policy.png" alt="CCA Status - POLICY" height="31" width="88" style="border-style: none;" /></a>
139
140 <!-- XXXXXXXXXXXXXX delete this going to POLICY -->
141 <br />
142 <a href="https://www.cacert.org/policy/PolicyOnPolicy.php"><img src="images/cacert-draft.png" alt="CCA Status - DRAFT" height="31" width="88" style="border-style: none;" /></a>
143
144 </td>
145 </tr>
146 </table>
147 </div>
148
149 <h2> CAcert Community Agreement </h2>
150
151 <h3> <a name="0"> 0. </a> Introduction </h3>
152
153 <p>
154 This agreement is between
155 you, being a registered member ("Member")
156 within CAcert's community at large ("Community")
157 and CAcert Incorporated ("CAcert"),
158 being an operator of services to the Community.
159 </p>
160
161 <h4> <a name="0.1"> 0.1 </a> Terms </h4>
162 <ol><li>
163 "CAcert"
164 means CAcert Inc.,
165 a non-profit Association of Members incorporated in
166 New South Wales, Australia.
167 Note that Association Members are distinct from
168 the Members defined here.
169 </li><li>
170 "Member"
171 means you, a registered participant within CAcert's Community,
172 with an account on the website and the
173 facility to request certificates.
174 Members may be individuals ("natural persons")
175 or organisations ("legal persons").
176 </li><li>
177 "Organisation"
178 is defined under the Organisation Assurance programme,
179 and generally includes corporations and other entities
180 that become Members and become Assured.
181 </li><li>
182 "Community"
183 means all of the Members
184 that are registered by this agreement
185 and other parties by other agreements,
186 all being under CAcert's Arbitration.
187 </li><li>
188 "Non-Related Person" ("NRP"),
189 being someone who is not a
190 Member, is not part of the Community,
191 and has not registered their agreement.
192 <span class="strike7">Such people are offered the NRP-DaL
193 another agreement allowing the USE of certificates.</span>
194 </li><li>
195 <span class="strike7">"Non-Related Persons - Disclaimer and Licence" ("NRP-DaL"),
196 another agreement that is offered to persons outside the
197 Community.</span><span class="change7">(withdrawn)</span>
198 </li><li>
199 "Arbitration"
200 is the Community's forum for
201 resolving disputes, or jurisdiction.
202 </li><li>
203 "Dispute Resolution Policy" ("DRP" => COD7)
204 is the policy and
205 rules for resolving disputes.
206 </li><li>
207 "USE"
208 means the act by your software
209 to conduct its tasks, incorporating
210 the certificates according to software procedures.
211 </li><li>
212 "RELY"
213 means your human act in taking on a
214 risk and liability on the basis of the claim(s)
215 bound within a certificate.
216 </li><li>
217 "OFFER"
218 means the your act
219 of making available your certificate to another person.
220 Generally, you install and configure your software
221 to act as your agent and facilite this and other tasks.
222 OFFER does not imply suggestion of reliance.
223 </li><li>
224 "Issue"
225 means creation of a certificate by CAcert.
226 To create a certificate,
227 CAcert affixes a digital signature from the root
228 onto a public key and other information.
229 This act would generally bind a statement or claim,
230 such as your name, to your key.
231 </li><li>
232 "Root"
233 means CAcert's top level key,
234 used for signing certificates for Members.
235 In this document, the term includes any subroots.
236 </li><li>
237 "CAcert Official Document" ("COD" <span class="strike4">=> COD3</span>)
238 <span class="strike4">in a standard format for describing the details of
239 operation and governance essential to a certificate authority.
240 Changes are managed and controlled.
241 CODs define more technical terms.
242 See 4.2 for listing of relevant CODs.</span>
243 <span class="change4"> is an official managed and
244 controlled document (e. g. a Policy) of CAcert.</span>
245 </li><li>
246 "Certification Practice Statement" ("CPS" => COD6)
247 is the document that controls details
248 about operational matters within CAcert.
249 </li></ol>
250
251
252 <h3> <a name="1"> 1. </a> Agreement and Licence </h3>
253
254 <h4> <a name="1.1"> 1.1 </a> Agreement </h4>
255
256 <p>You <span class="strike">and CAcert both</span> agree to the terms and conditions in this agreement. Your agreement is given by <span class="change2"> but not limited to</span> <span class="strike2">any of</span></p>
257
258 <ul><li>
259 your signature on a form to request assurance of identity
260 ("CAP" form),
261 </li><li>
262 your request on the website
263 to join the Community and create an account,
264 </li><li>
265 your request for Organisation Assurance,
266 </li><li>
267 your request for issuing of certificates, or
268 </li><li>
269 if you USE, RELY, or OFFER
270 any certificate issued to you.
271 </li></ul>
272
273 <p>
274 Your agreement
275 is effective from the date of the first event above
276 that makes this agreement known to you.
277 This Agreement
278 replaces and <span class="strike2"> supercedes prior agreements,
279 including the NRP-DaL.</span> <span class="change2">supersedes any prior agreements.</span>
280 </p>
281
282
283 <h4> <a name="1.2"> 1.2 </a> Licence </h4>
284
285 <p>
286 As part of the Community, CAcert offers you these rights:
287 </p>
288
289 <ol><li>
290 You may USE any certificates issued by CAcert.
291 </li><li>
292 You may RELY on any certificate issued by CAcert,
293 as explained and limited by CPS (COD6).
294 </li><li>
295 You may OFFER certificates issued to you by CAcert
296 to Members for their RELIANCE.
297 </li><li>
298 You may OFFER certificates issued to you by CAcert
299 to NRPs for their USE, within the general principles
300 of the Community.
301 </li><li>
302 This Licence is free of cost,
303 non-exclusive, and non-transferrable.
304 </li></ol>
305
306 <h4> <a name="1.3"> 1.3 </a> Your Contributions </h4>
307
308
309 <p>
310 You agree to a non-exclusive non-restrictive non-revokable
311 transfer of Licence to CAcert for your contributions.
312 That is, if you post an idea or comment on a CAcert forum,
313 or email it to other Members,
314 your work can be used freely by the Community for
315 CAcert purposes, including placing under CAcert's licences
316 for wider publication.
317 </p>
318
319 <p>
320 You retain authorship rights, and the rights to also transfer
321 non-exclusive rights to other parties.
322 That is, you can still use your
323 ideas and contributions outside the Community.
324 </p>
325
326 <p>
327 Note that the following exceptions override this clause:
328 </p>
329
330 <ol><li>
331 Contributions to controlled documents are subject to
332 Policy on Policy ("PoP" => COD1)
333 </li><li>
334 Source code is subject to an open source licence regime.
335 </li>
336 <li><span class="change">Personal data</span></li>
337 <li><span class="change">Postings under competing licenses if clearly stated when posted<span></li>
338 </ol>
339
340 <h4> <a name="1.4"> 1.4 </a> Privacy </h4>
341
342
343 <p>
344 You give rights to CAcert to store, verify and process
345 and publish your data in accordance with policies in force.
346 These rights include shipping the data to foreign countries
347 for system administration, support and processing purposes.
348 Such shipping will only be done among
349 CAcert Community administrators and Assurers.
350 </p>
351
352 <p>
353 Privacy is further covered in the Privacy Policy ("PP" => COD5).
354 </p>
355
356 <h3> <a name="2"> 2. </a> Your Risks, Liabilities and Obligations </h3>
357
358 <p>
359 As a Member, you have risks, liabilities
360 and obligations within this agreement.
361 </p>
362
363 <h4> <a name="2.1"> 2.1 </a> Risks </h4>
364
365 <ol><li>
366 A certificate may prove unreliable.
367 </li><li>
368 Your account, keys or other security tools may be
369 lost or otherwise compromised.
370 </li><li>
371 You may find yourself subject to Arbitration
372 (DRP => COD7).
373 </li></ol>
374
375 <h4> <a name="2.2"> 2.2 </a> Liabilities </h4>
376
377 <ol><li>
378 You are liable for any penalties
379 as awarded against you by the Arbitrator.
380 </li><li>
381 Remedies are as defined in the DRP (COD7).
382 An Arbitrator's ruling may
383 include monetary amounts, awarded against you.
384 </li><li>
385 Your liability is limited to
386 a total maximum of
387 <b>1000 Euros</b>.
388 </li><li>
389 "Foreign Courts" may assert jurisdiction.
390 These include your local courts, and are outside our Arbitration.
391 Foreign Courts will generally refer to the Arbitration
392 Act of their country, which will generally refer
393 civil cases to Arbitration.
394 The Arbitration Act will not apply to criminal cases.
395 </li></ol>
396
397 <h4> <a name="2.3"> 2.3 </a> Obligations </h4>
398
399 <p>
400 You are obliged
401 </p>
402
403 <ol><li>
404 to provide accurate information
405 as part of Assurance.
406 You give permission for verification of the information
407 using CAcert-approved methods.
408 </li><li>
409 to make no false representations.
410 </li><li>
411 to submit all your disputes to Arbitration
412 (DRP => COD7).
413 </li><span class="change3"><li>
414 to assist the Arbitrator by truthfully providing information, or with any other reasonable request.
415 </li></span>
416 <span class="change7"><li>
417 to not share your CAcert account.
418 </li></span></ol>
419
420 <h4> <a name="2.4"> 2.4 </a> Principles </h4>
421
422 <p>
423 As a Member of CAcert, you are a member of
424 the Community.
425 You are further obliged to
426 work within the spirit of the Principles
427 of the Community.
428 These are described in
429 <a href="http://svn.cacert.org/CAcert/principles.html">Principles of the Community</a>.
430 </p>
431
432 <h4> <a name="2.5"> 2.5 </a> Security </h4>
433 <p>
434 CAcert exists to help you to secure yourself.
435 You are primarily responsible for your own security.
436 Your security obligations include
437 </p>
438
439 <ol><li>
440 to secure yourself and your computing platform (e. g. PC),
441 </li><li>
442 to keep your email account in good working order,
443 </li><li>
444 to secure your CAcert account
445 (e. g., credentials such as username, password),
446 </li><li>
447 to secure your private keys,<span class="change8"> ensuring that they are
448 only used as indicated by the certificate, or by wider agreement with others,</span>
449 </li><li>
450 to review certificates for accuracy,
451 and
452 </li><li>
453 when in doubt, notify CAcert,
454 </li><li>
455 when in doubt, take other reasonable actions, such as
456 revoking certificates,
457 changing account credentials,
458 and/or generating new keys.
459 </li></ol>
460
461 <p>
462 Where, above, 'secure' means to protect to a reasonable
463 degree, in proportion with your risks and the risks of
464 others.
465 </p>
466
467 <h3> <a name="3"> 3. </a> Law and Jurisdiction </h3>
468
469 <h4> <a name="3.1"> 3.1 </a> Governing Law </h4>
470
471 <p>
472 This agreement is governed under the law of
473 New South Wales, Australia,
474 being the home of the CAcert Inc. Association.
475 </p>
476
477 <h4> <a name="3.2"> 3.2 </a> Arbitration as Forum of Dispute Resolution </h4>
478
479 <p>
480 You agree, with CAcert and all of the Community,
481 that all disputes arising out
482 of or in connection to our use of CAcert services
483 shall be referred to and finally resolved
484 by Arbitration under the rules within the
485 Dispute Resolution Policy of CAcert
486 (DRP => COD7).
487 The rules select a single Arbitrator chosen by CAcert
488 from among senior Members in the Community.
489 The ruling of the Arbitrator is binding and
490 final on Members and CAcert alike.
491 </p>
492
493 <p>
494 In general, the jurisdiction for resolution of disputes
495 is within CAcert's own forum of Arbitration,
496 as defined and controlled by its own rules (DRP => COD7).
497 </p>
498
499 <p>
500 We use Arbitration for many purposes beyond the strict
501 nature of disputes, such as governance and oversight.
502 A systems administrator may
503 need authorisation to conduct a non-routine action,
504 and Arbitration may provide that authorisation.
505 Thus, you may find yourself party to Arbitration
506 that is simply support actions, and you may file disputes in
507 order to initiate support actions.
508 </p>
509
510
511 <h4> <a name="3.3"> 3.3 </a> Termination </h4>
512 <span class="strike12">
513 <p>
514 You may terminate this agreement by resigning from CAcert. You may do this at any time by
515 writing to CAcert's online support forum and filing dispute to resign.
516 All services will be terminated, and your certificates will be revoked.
517 However, some information will continue to be held for certificate processing purposes.
518 </p>
519
520 <p>
521 The provisions on Arbitration survive any termination by you by leaving CAcert.
522 That is, even if you resign from CAcert, you are still bound by the DRP (COD7),
523 and the Arbitrator may reinstate any provision of this agreement or bind you to a ruling.
524 </p>
525
526 <p>
527 Only the Arbitrator may terminate this agreement with you.
528 </p>
529 </span>
530
531 <span class="change12">
532 <p>The CAcert Community Agreement is terminated</p>
533
534 <ol>
535 <li>based on a Policy Group decision following (PoP => COD1). This
536 terminates the Agreement with every member.</li>
537
538 <li>with a ruling of the Arbitrator or the completion of a termination
539 process defined by an Arbitrator ruling (DRP => COD7).</li>
540
541 <li>by the end of existence of a member (i.e. death in the case of
542 individuals).</li>
543 </ol>
544
545 <p>A member may declare the wish to resign from CAcert at any time by
546 writing to <em>support AT cacert.org</em>. This triggers a process for
547 termination of this agreement with the member.</p>
548
549 <h4> <a name="3.3"> 3.3a </a> Consequences of Termination </h4>
550
551 <p>The termination discontinues the right to USE, OFFER and CREATE
552 personal certificates in any account of the former member. Those
553 certificates will be revoked and all services to the former member will
554 be terminated as soon as possible. However, some information will
555 continue to be held for certificate processing purposes.</p>
556
557 <p>The provisions on Arbitration for the time of membership survive any
558 termination. Former members
559 are still bound by the DRP (COD7), and the Arbitrator may reinstate any
560 provision of this agreement or bind them to a ruling.</p>
561
562 <p>As far as Organisations are concerned details are also defined in the
563 Organisation Assurance Policy (OAP => COD11).</p>
564
565 <p>Every member learning about the death of a member or termination of
566 existence of a member should notify <em>support AT cacert.org</em>.</p>
567 </span>
568
569
570
571
572 <h4> <a name="3.4"> 3.4 </a> Changes of Agreement </h4>
573
574 <p>
575 CAcert may from time to time vary the terms of this Agreement.
576 Changes will be done according to the documented CAcert policy
577 for changing policies, and is subject to scrutiny and feedback
578 by the Community.
579 Changes will be notified to you by email to your primary address.
580 </p>
581
582 <p>
583 If you do not agree to the changes, you may terminate as above.
584 Continued use of the service shall be deemed to be agreement
585 by you.
586 </p>
587
588 <h4> <a name="3.5"> 3.5 </a> Communication </h4>
589
590 <p><span class="change6">
591 You are responsible for keeping your primary email account in good working order and able to receive emails from CAcert.</span></p>
592
593 <p>Notifications to CAcert are to be sent by email to the address <em>support AT cacert.org</em>. You should attach a digital signature<span class="strike6">, but need not do so in the event of security or similar urgency</span>.</p>
594
595 <span class="strike6">
596 <p>Notifications to you are sent by CAcert to the primary email address registered with your account. You are responsible for keeping your email account in good working order and able to receive emails from CAcert.</p>
597
598 <p>Arbitration is generally conducted by email.</p></span>
599
600 <h3> <a name="4"> 4. </a> Miscellaneous </h3>
601
602 <h4> <a name="4.1"> 4.1 </a> <span class="strike10">Other Parties Within the Community</span> <span class="change10">(withdrawn)</span></h4>
603
604 <p class="strike10">
605 As well as you and other Members in the Community,
606 CAcert forms agreements with third party
607 vendors and others.
608 Thus, such parties will also be in the Community.
609 Such agreements are also controlled by the same
610 policy process as this agreement, and they should
611 mirror and reinforce these terms.
612 </p>
613
614 <h4> <a name="4.2"> 4.2 </a> References and Other Binding Documents </h4>
615
616 <p class="strike11">
617 This agreement is CAcert Official Document 9 (COD9)
618 and is a controlled document.
619 </p>
620
621 <p>
622 You are also bound by
623 <span class="change11">
624 the Policies of the Community under the control of Policy on Policy ("PoP" => COD1) and listed in
625 <a href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">Controlled Document List</a>.
626 </span>
627 </p>
628
629 <span class="strike11">
630 <ol><li>
631 <a href="http://www.cacert.org/policy/CertificationPracticeStatement.php">
632 Certification Practice Statement</a> (CPS => COD6).
633 </li><li>
634 <a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">
635 Dispute Resolution Policy</a> (DRP => COD7).
636 </li><li>
637 <a href="PrivacyPolicy.html">
638 Privacy Policy</a> (PP => COD5).
639 </li><li>
640 <a href="http://svn.cacert.org/CAcert/principles.html">
641 Principles of the Community</a>.
642 </li></ol>
643 </span>
644
645 <p class="strike11">
646 Where documents are referred to as <i>=> COD x</i>,
647 they are controlled documents
648 under the control of Policy on Policies (COD1).
649 </p>
650
651 <p class ="strike11">
652 This agreement and controlled documents above are primary,
653 and may not be replaced or waived except
654 by formal policy channels and by Arbitration.
655 </p>
656
657 <p class="change11">
658 Controlled documents are primary, and may not be replaced or waived except by formal policy
659 channels and Arbitration.
660 </p>
661
662 <p class="change11">
663 This agreement is controlled document COD9.
664 </p>
665
666 <h4> <a name="4.3"> 4.3 </a> Informative References </h4>
667
668 <p>
669 The governing documents are in English. Documents may be translated for convenience.
670 Because we cannot control the legal effect of translations, the English documents are the ruling ones.
671 </p>
672
673 <p class="strike9">
674 You are encouraged to be familiar with the Assurer Handbook,
675 which provides a more readable introduction for much of the information needed.
676 The Handbook is not however an agreement, and is overruled
677 by this agreement and others listed above.
678 </p>
679
680 <p class="change9">
681 Beside this Agreement and the Policies, there are other documents, i.
682 e. Policy Guides, Manuals and Handbooks, supporting and explaining this
683 Agreement and the Policies. These documents are not binding and in doubt
684 this Agreement and the Policies are valid.</p>
685
686 <h4> <a name="4.4"> 4.4 </a> <span class="strike9">Not Covered in this Agreement</span> <span class="change9">(withdrawn)</span></h4>
687
688 <p class="strike9">
689 <b>Intellectual Property.</b>
690 This Licence does not transfer any intellectual property rights ("IPR") to you. CAcert asserts and
691 maintains its IPR over its roots, issued certificates, brands, logos and other assets.
692 Note that the certificates issued to you are CAcert's intellectual property
693 and you do not have rights other than those stated.
694 </p>
695
696 </body>
697 </html>