a85922d518a15f8141f3a614d5b31343d2ba02da
[cacert-devel.git] / www / policy / CAcertCommunityAgreement.php
1 <?xml version="1.0" encoding="utf-8"?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
3 "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
4 <html xmlns="http://www.w3.org/1999/xhtml">
5 <head>
6 <meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" />
7 <title> CAcert Community Agreement </title>
8 <style type="text/css">
9 <!--
10 .comment {
11 color : steelblue;
12 }
13 .first-does-not-work {
14 color : red;
15 }
16 .q {
17 color : green;
18 font-weight: bold;
19 text-align: center;
20 font-style:italic;
21 }
22 .change {
23 color : blue;
24 font-weight: bold;
25 }
26 .change2 {
27 color : blue;
28 font-weight: bold;
29 }
30 .change3 {
31 color : blue;
32 font-weight: bold;
33 }
34 .change4 {
35 color : blue;
36 font-weight: bold;
37 }
38 .change5 {
39 color : blue;
40 font-weight: bold;
41 }
42 .change6 {
43 color : blue;
44 font-weight: bold;
45 }
46 .change7 {
47 color : blue ;
48 font-weight: bold;
49 }
50 .change8 {
51 color : blue;
52 font-weight: bold;
53 }
54 .change9 {
55 color : blue;
56 font-weight: bold;
57 }
58 .change10 {
59 color : blue;
60 font-weight: bold;
61 }
62 .change11 {
63 color : blue;
64 font-weight: bold;
65 }
66 .change12 {
67 color : blue;
68 font-weight: bold;
69 }
70 .change13 {
71 color : blue;
72 font-weight: bold;
73 }
74 .strike {
75 color : blue;
76 text-decoration:line-through;
77 }
78 .strike2 {
79 color : blue;
80 text-decoration:line-through;
81 }
82 .strike4 {
83 color : blue;
84 text-decoration:line-through;
85 }
86 .strike5 {
87 color : blue;
88 text-decoration:line-through;
89 }
90 .strike6 {
91 color : blue;
92 text-decoration:line-through;
93 }
94 .strike7 {
95 color : blue;
96 text-decoration:line-through;
97 }
98 .strike8 {
99 color : blue;
100 text-decoration:line-through;
101 }
102 .strike9 {
103 color : blue;
104 text-decoration:line-through;
105 }
106 .strike10 {
107 color : blue;
108 text-decoration:line-through;
109 }
110 .strike11 {
111 color : blue;
112 text-decoration:line-through;
113 }
114 .strike12 {
115 color : blue;
116 text-decoration:line-through;
117 }
118 .strike13 {
119 color : blue;
120 text-decoration:line-through;
121 }
122 -->
123 </style>
124
125 </head>
126 <body>
127 <a href="http://validator.w3.org/check?uri=referer"><img style="float: right; border-width: 0" src="http://www.w3.org/Icons/valid-xhtml11" alt="Valid XHTML 1.1" height="31" width="88" /></a>
128 <hr />
129
130 <div class="comment">
131 <table width="100%">
132
133 <tr>
134 <td rowspan="2">
135 Name: CCA <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD9</a><br />
136 Status: POLICY <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20080109.1_CCA_to_POLICY_status">p20080109.1</a><br />
137 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <span class="draftadd">DRAFT <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20140709_CCA_update_to_DRAFT">p20140709</a></span> <br />
138 Editor: <a style="color: steelblue" href="https://wiki.cacert.org/Community/HomePagesMembers/BenediktHeintel">Benedikt</a><br />
139 Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright &copy; CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy">CC-by-sa+DRP</a><br />
140
141 </td>
142 <td valign="top" align="right">
143 <a href="https://www.cacert.org/policy/PolicyOnPolicy.php"><img src="images/cacert-policy.png" alt="CCA Status - POLICY" height="31" width="88" style="border-style: none;" /></a>
144
145 <!-- XXXXXXXXXXXXXX delete this going to POLICY -->
146 <br />
147 <a href="https://www.cacert.org/policy/PolicyOnPolicy.php"><img src="images/cacert-draft.png" alt="CCA Status - DRAFT" height="31" width="88" style="border-style: none;" /></a>
148
149 </td>
150 </tr>
151 </table>
152 </div>
153
154 <h2> CAcert Community Agreement </h2>
155
156 <h3> <a name="0"> 0. </a> Introduction </h3>
157
158 <p>
159 This agreement is between
160 you, being a registered member ("Member")
161 within CAcert's community at large ("Community")
162 and CAcert Incorporated ("CAcert"),
163 being an operator of services to the Community.
164 </p>
165
166 <h4> <a name="0.1"> 0.1 </a> Terms </h4>
167 <ol><li>
168 "CAcert"
169 means CAcert Inc.,
170 a non-profit Association of Members incorporated in
171 New South Wales, Australia.
172 Note that Association Members are distinct from
173 the Members defined here.
174 </li><li>
175 "Member"
176 means you, a registered participant within CAcert's Community,
177 with an account on the website and the
178 facility to request certificates.
179 Members may be individuals ("natural persons")
180 or organisations ("legal persons").
181 </li><li>
182 "Organisation"
183 is defined under the Organisation Assurance programme,
184 and generally includes corporations and other entities
185 that become Members and become Assured.
186 </li><li>
187 "Community"
188 means all of the Members
189 that are registered by this agreement
190 and other parties by other agreements,
191 all being under CAcert's Arbitration.
192 </li><li>
193 "Non-Related Person" ("NRP"),
194 being someone who is not a
195 Member, is not part of the Community,
196 and has not registered their agreement.
197 <span class="strike7">Such people are offered the NRP-DaL
198 another agreement allowing the USE of certificates.</span>
199 </li><li>
200 <span class="strike7">"Non-Related Persons - Disclaimer and Licence" ("NRP-DaL"),
201 another agreement that is offered to persons outside the
202 Community.</span><span class="change7">(withdrawn)</span>
203 </li><li>
204 "Arbitration"
205 is the Community's forum for
206 resolving disputes, or jurisdiction.
207 </li><li>
208 "Dispute Resolution Policy" ("DRP" => COD7)
209 is the policy and
210 rules for resolving disputes.
211 </li><li>
212 "USE"
213 means the act by your software
214 to conduct its tasks, incorporating
215 the certificates according to software procedures.
216 </li><li>
217 "RELY"
218 means your human act in taking on a
219 risk and liability on the basis of the claim(s)
220 bound within a certificate.
221 </li><li>
222 "OFFER"
223 means the your act
224 of making available your certificate to another person.
225 Generally, you install and configure your software
226 to act as your agent and facilite this and other tasks.
227 OFFER does not imply suggestion of reliance.
228 </li><li>
229 "Issue"
230 means creation of a certificate by CAcert.
231 To create a certificate,
232 CAcert affixes a digital signature from the root
233 onto a public key and other information.
234 This act would generally bind a statement or claim,
235 such as your name, to your key.
236 </li><li>
237 "Root"
238 means CAcert's top level key,
239 used for signing certificates for Members.
240 In this document, the term includes any subroots.
241 </li><li>
242 "CAcert Official Document" ("COD" <span class="strike4">=> COD3</span>)
243 <span class="strike4">in a standard format for describing the details of
244 operation and governance essential to a certificate authority.
245 Changes are managed and controlled.
246 CODs define more technical terms.
247 See 4.2 for listing of relevant CODs.</span>
248 <span class="change4"> is an official managed and
249 controlled document (e. g. a Policy) of CAcert.</span>
250 </li><li>
251 "Certification Practice Statement" ("CPS" => COD6)
252 is the document that controls details
253 about operational matters within CAcert.
254 </li></ol>
255
256
257 <h3> <a name="1"> 1. </a> Agreement and Licence </h3>
258
259 <h4> <a name="1.1"> 1.1 </a> Agreement </h4>
260
261 <p>You <span class="strike">and CAcert both</span> agree to the terms and conditions in this agreement. Your agreement is given by <span class="change2"> but not limited to</span> <span class="strike2">any of</span></p>
262
263 <ul><li>
264 your signature on a form to request assurance of identity
265 ("CAP" form),
266 </li><li>
267 your request on the website
268 to join the Community and create an account,
269 </li><li>
270 your request for Organisation Assurance,
271 </li><li>
272 your request for issuing of certificates, or
273 </li><li>
274 if you USE, RELY, or OFFER
275 any certificate issued to you.
276 </li></ul>
277
278 <p>
279 Your agreement
280 is effective from the date of the first event above
281 that makes this agreement known to you.
282 This Agreement
283 replaces and <span class="strike2"> supercedes prior agreements,
284 including the NRP-DaL.</span> <span class="change2">supersedes any prior agreements.</span>
285 </p>
286
287
288 <h4> <a name="1.2"> 1.2 </a> Licence </h4>
289
290 <p>
291 As part of the Community, CAcert offers you these rights:
292 </p>
293
294 <ol><li>
295 You may USE any certificates issued by CAcert.
296 </li><li>
297 You may RELY on any certificate issued by CAcert,
298 as explained and limited by CPS (COD6).
299 </li><li>
300 You may OFFER certificates issued to you by CAcert
301 to Members for their RELIANCE.
302 </li><li>
303 You may OFFER certificates issued to you by CAcert
304 to NRPs for their USE, within the general principles
305 of the Community.
306 </li><li>
307 This Licence is free of cost,
308 non-exclusive, and non-transferrable.
309 </li></ol>
310
311 <h4> <a name="1.3"> 1.3 </a> Your Contributions </h4>
312
313
314 <p>
315 You agree to a non-exclusive non-restrictive non-revokable
316 transfer of Licence to CAcert for your contributions.
317 That is, if you post an idea or comment on a CAcert forum,
318 or email it to other Members,
319 your work can be used freely by the Community for
320 CAcert purposes, including placing under CAcert's licences
321 for wider publication.
322 </p>
323
324 <p>
325 You retain authorship rights, and the rights to also transfer
326 non-exclusive rights to other parties.
327 That is, you can still use your
328 ideas and contributions outside the Community.
329 </p>
330
331 <p>
332 Note that the following exceptions override this clause:
333 </p>
334
335 <ol><li>
336 Contributions to controlled documents are subject to
337 Policy on Policy ("PoP" => COD1)
338 </li><li>
339 Source code is subject to an open source licence regime.
340 </li>
341 <li><span class="change">Personal data</span></li>
342 <li><span class="change">Postings under competing licenses if clearly stated when posted<span></li>
343 </ol>
344
345 <h4> <a name="1.4"> 1.4 </a> Privacy </h4>
346
347
348 <p>
349 You give rights to CAcert to store, verify and process
350 and publish your data in accordance with policies in force.
351 These rights include shipping the data to foreign countries
352 for system administration, support and processing purposes.
353 Such shipping will only be done among
354 CAcert Community administrators and Assurers.
355 </p>
356
357 <p>
358 Privacy is further covered in the Privacy Policy ("PP" => COD5).
359 </p>
360
361 <h3> <a name="2"> 2. </a> Your Risks, Liabilities and Obligations </h3>
362
363 <p>
364 As a Member, you have risks, liabilities
365 and obligations within this agreement.
366 </p>
367
368 <h4> <a name="2.1"> 2.1 </a> Risks </h4>
369
370 <ol><li>
371 A certificate may prove unreliable.
372 </li><li>
373 Your account, keys or other security tools may be
374 lost or otherwise compromised.
375 </li><li>
376 You may find yourself subject to Arbitration
377 (DRP => COD7).
378 </li></ol>
379
380 <h4> <a name="2.2"> 2.2 </a> Liabilities </h4>
381
382 <ol><li>
383 You are liable for any penalties
384 as awarded against you by the Arbitrator.
385 </li><li>
386 Remedies are as defined in the DRP (COD7).
387 An Arbitrator's ruling may
388 include monetary amounts, awarded against you.
389 </li><li>
390 Your liability is limited to
391 a total maximum of
392 <b>1000 Euros</b>.
393 </li><li>
394 "Foreign Courts" may assert jurisdiction.
395 These include your local courts, and are outside our Arbitration.
396 Foreign Courts will generally refer to the Arbitration
397 Act of their country, which will generally refer
398 civil cases to Arbitration.
399 The Arbitration Act will not apply to criminal cases.
400 </li></ol>
401
402 <h4> <a name="2.3"> 2.3 </a> Obligations </h4>
403
404 <p>
405 You are obliged
406 </p>
407
408 <ol><li>
409 to provide accurate information
410 as part of Assurance.
411 You give permission for verification of the information
412 using CAcert-approved methods.
413 </li><li>
414 to make no false representations.
415 </li><li>
416 to submit all your disputes to Arbitration
417 (DRP => COD7).
418 </li><span class="change3"><li>
419 to assist the Arbitrator by truthfully providing information, or with any other reasonable request.
420 </li></span>
421 <span class="change7"><li>
422 to not share your CAcert account.
423 </li></span></ol>
424
425 <h4> <a name="2.4"> 2.4 </a> Principles </h4>
426
427 <p>
428 As a Member of CAcert, you are a member of
429 the Community.
430 You are further obliged to
431 work within the spirit of the Principles
432 of the Community.
433 These are described in
434 <a href="http://svn.cacert.org/CAcert/principles.html">Principles of the Community</a>.
435 </p>
436
437 <h4> <a name="2.5"> 2.5 </a> Security </h4>
438 <p>
439 CAcert exists to help you to secure yourself.
440 You are primarily responsible for your own security.
441 Your security obligations include
442 </p>
443
444 <ol><li>
445 to secure yourself and your computing platform (e. g. PC),
446 </li><li>
447 to keep your email account in good working order,
448 </li><li>
449 to secure your CAcert account
450 (e. g., credentials such as username, password),
451 </li><li>
452 to secure your private keys,<span class="change8"> ensuring that they are
453 only used as indicated by the certificate, or by wider agreement with others,</span>
454 </li><li>
455 to review certificates for accuracy,
456 and
457 </li><li>
458 when in doubt, notify CAcert,
459 </li><li>
460 when in doubt, take other reasonable actions, such as
461 revoking certificates,
462 changing account credentials,
463 and/or generating new keys.
464 </li></ol>
465
466 <p>
467 Where, above, 'secure' means to protect to a reasonable
468 degree, in proportion with your risks and the risks of
469 others.
470 </p>
471
472 <h3> <a name="3"> 3. </a> Law and Jurisdiction </h3>
473
474 <h4> <a name="3.1"> 3.1 </a> Governing Law </h4>
475
476 <p>
477 This agreement is governed under the law of
478 New South Wales, Australia,
479 being the home of the CAcert Inc. Association.
480 </p>
481
482 <h4> <a name="3.2"> 3.2 </a> Arbitration as Forum of Dispute Resolution </h4>
483
484 <p>
485 You agree, with CAcert and all of the Community,
486 that all disputes arising out
487 of or in connection to our use of CAcert services
488 shall be referred to and finally resolved
489 by Arbitration under the rules within the
490 Dispute Resolution Policy of CAcert
491 (DRP => COD7).
492 The rules select a single Arbitrator chosen by CAcert
493 from among senior Members in the Community.
494 The ruling of the Arbitrator is binding and
495 final on Members and CAcert alike.
496 </p>
497
498 <p>
499 In general, the jurisdiction for resolution of disputes
500 is within CAcert's own forum of Arbitration,
501 as defined and controlled by its own rules (DRP => COD7).
502 </p>
503
504 <p>
505 We use Arbitration for many purposes beyond the strict
506 nature of disputes, such as governance and oversight.
507 A systems administrator may
508 need authorisation to conduct a non-routine action,
509 and Arbitration may provide that authorisation.
510 Thus, you may find yourself party to Arbitration
511 that is simply support actions, and you may file disputes in
512 order to initiate support actions.
513 </p>
514
515
516 <h4> <a name="3.3"> 3.3 </a> Termination </h4>
517 <span class="strike12">
518 <p>
519 You may terminate this agreement by resigning from CAcert. You may do this at any time by
520 writing to CAcert's online support forum and filing dispute to resign.
521 All services will be terminated, and your certificates will be revoked.
522 However, some information will continue to be held for certificate processing purposes.
523 </p>
524
525 <p>
526 The provisions on Arbitration survive any termination by you by leaving CAcert.
527 That is, even if you resign from CAcert, you are still bound by the DRP (COD7),
528 and the Arbitrator may reinstate any provision of this agreement or bind you to a ruling.
529 </p>
530
531 <p>
532 Only the Arbitrator may terminate this agreement with you.
533 </p>
534 </span>
535
536 <span class="change12">
537 <p>The CAcert Community Agreement is terminated</p>
538
539 <ol>
540 <li>based on a Policy Group decision following (PoP => COD1). This
541 terminates the Agreement with every member.</li>
542
543 <li>with a ruling of the Arbitrator or the completion of a termination
544 process defined by an Arbitrator ruling (DRP => COD7).</li>
545
546 <li>by the end of existence of a member (i.e. death in the case of
547 individuals).</li>
548 </ol>
549
550 <p>A member may declare the wish to resign from CAcert at any time by
551 writing to <em>support AT cacert.org</em>. This triggers a process for
552 termination of this agreement with the member.</p>
553
554 <h4> <a name="3.3"> 3.3a </a> Consequences of Termination </h4>
555
556 <p>The termination discontinues the right to USE, OFFER and CREATE
557 personal certificates in any account of the former member. Those
558 certificates will be revoked and all services to the former member will
559 be terminated as soon as possible. However, some information will
560 continue to be held for certificate processing purposes.</p>
561
562 <p>The provisions on Arbitration for the time of membership survive any
563 termination. Former members
564 are still bound by the DRP (COD7), and the Arbitrator may reinstate any
565 provision of this agreement or bind them to a ruling.</p>
566
567 <p>As far as Organisations are concerned details are also defined in the
568 Organisation Assurance Policy (OAP => COD11).</p>
569
570 <p>Every member learning about the death of a member or termination of
571 existence of a member should notify <em>support AT cacert.org</em>.</p>
572 </span>
573
574
575
576
577 <h4> <a name="3.4"> 3.4 </a> Changes of Agreement </h4>
578
579 <p>
580 CAcert may from time to time vary the terms of this Agreement.
581 Changes will be done according to the documented CAcert policy
582 for changing policies, and is subject to scrutiny and feedback
583 by the Community.
584 Changes will be notified to you by email to your primary address.
585 </p>
586
587 <p>
588 If you do not agree to the changes, you may terminate as above.
589 Continued use of the service shall be deemed to be agreement
590 by you.
591 </p>
592
593 <h4> <a name="3.5"> 3.5 </a> Communication </h4>
594
595 <p><span class="change6">
596 You are responsible for keeping your primary email account in good working order and able to receive emails from CAcert.</span></p>
597
598 <p>Notifications to CAcert are to be sent by email to the address <em>support AT cacert.org</em>. You should attach a digital signature<span class="strike6">, but need not do so in the event of security or similar urgency</span>.</p>
599
600 <span class="strike6">
601 <p>Notifications to you are sent by CAcert to the primary email address registered with your account. You are responsible for keeping your email account in good working order and able to receive emails from CAcert.</p>
602
603 <p>Arbitration is generally conducted by email.</p></span>
604
605 <h3> <a name="4"> 4. </a> Miscellaneous </h3>
606
607 <h4> <a name="4.1"> 4.1 </a> <span class="strike10">Other Parties Within the Community</span> <span class="change10">(withdrawn)</span></h4>
608
609 <p class="strike10">
610 As well as you and other Members in the Community,
611 CAcert forms agreements with third party
612 vendors and others.
613 Thus, such parties will also be in the Community.
614 Such agreements are also controlled by the same
615 policy process as this agreement, and they should
616 mirror and reinforce these terms.
617 </p>
618
619 <h4> <a name="4.2"> 4.2 </a> References and Other Binding Documents </h4>
620
621 <p class="strike11">
622 This agreement is CAcert Official Document 9 (COD9)
623 and is a controlled document.
624 </p>
625
626 <p>
627 You are also bound by
628 <span class="change11">
629 the Policies of the Community under the control of Policy on Policy ("PoP" => COD1) and listed in
630 <a href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">Controlled Document List</a>.
631 </span>
632 </p>
633
634 <span class="strike11">
635 <ol><li>
636 <a href="http://www.cacert.org/policy/CertificationPracticeStatement.php">
637 Certification Practice Statement</a> (CPS => COD6).
638 </li><li>
639 <a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">
640 Dispute Resolution Policy</a> (DRP => COD7).
641 </li><li>
642 <a href="PrivacyPolicy.html">
643 Privacy Policy</a> (PP => COD5).
644 </li><li>
645 <a href="http://svn.cacert.org/CAcert/principles.html">
646 Principles of the Community</a>.
647 </li></ol>
648 </span>
649
650 <p class="strike11">
651 Where documents are referred to as <i>=> COD x</i>,
652 they are controlled documents
653 under the control of Policy on Policies (COD1).
654 </p>
655
656 <p class ="strike11">
657 This agreement and controlled documents above are primary,
658 and may not be replaced or waived except
659 by formal policy channels and by Arbitration.
660 </p>
661
662 <p class="change11">
663 Controlled documents are primary, and may not be replaced or waived except by formal policy
664 channels and Arbitration.
665 </p>
666
667 <p class="change11">
668 This agreement is controlled document COD9.
669 </p>
670
671 <h4> <a name="4.3"> 4.3 </a> Informative References </h4>
672
673 <p>
674 The governing documents are in English. Documents may be translated for convenience.
675 Because we cannot control the legal effect of translations, the English documents are the ruling ones.
676 </p>
677
678 <p class="strike9">
679 You are encouraged to be familiar with the Assurer Handbook,
680 which provides a more readable introduction for much of the information needed.
681 The Handbook is not however an agreement, and is overruled
682 by this agreement and others listed above.
683 </p>
684
685 <p class="change9">
686 Beside this Agreement and the Policies, there are other documents, i.
687 e. Policy Guides, Manuals and Handbooks, supporting and explaining this
688 Agreement and the Policies. These documents are not binding and in doubt
689 this Agreement and the Policies are valid.</p>
690
691 <h4> <a name="4.4"> 4.4 </a> <span class="strike9">Not Covered in this Agreement</span> <span class="change9">(withdrawn)</span></h4>
692
693 <p class="strike9">
694 <b>Intellectual Property.</b>
695 This Licence does not transfer any intellectual property rights ("IPR") to you. CAcert asserts and
696 maintains its IPR over its roots, issued certificates, brands, logos and other assets.
697 Note that the certificates issued to you are CAcert's intellectual property
698 and you do not have rights other than those stated.
699 </p>
700
701 </body>
702 </html>