bug 1293: Updated latest CCA version by Benedikt 2014-08-19 20:56
[cacert-devel.git] / www / policy / CAcertCommunityAgreement.php
1 <?='<?xml version="1.0" encoding="utf-8"?>'?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
3 "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
4 <html xmlns="http://www.w3.org/1999/xhtml">
5 <head>
6 <meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" />
7 <title> CAcert Community Agreement </title>
8 <style type="text/css">
9 <!--
10 .comment {
11 color : steelblue;
12 }
13 .first-does-not-work {
14 color : red;
15 }
16 .q {
17 color : green;
18 font-weight: bold;
19 text-align: center;
20 font-style:italic;
21 }
22 .change {
23 color : blue;
24 font-weight: bold;
25 }
26 .change2 {
27 color : blue;
28 font-weight: bold;
29 }
30 .change3 {
31 color : blue;
32 font-weight: bold;
33 }
34 .change4 {
35 color : blue;
36 font-weight: bold;
37 }
38 .change5 {
39 color : blue;
40 font-weight: bold;
41 }
42 .change6 {
43 color : blue;
44 font-weight: bold;
45 }
46 .change7 {
47 color : blue ;
48 font-weight: bold;
49 }
50 .change8 {
51 color : blue;
52 font-weight: bold;
53 }
54 .change9 {
55 color : blue;
56 font-weight: bold;
57 }
58 .change10 {
59 color : blue;
60 font-weight: bold;
61 }
62 .change11 {
63 color : blue;
64 font-weight: bold;
65 }
66 .change12 {
67 color : blue;
68 font-weight: bold;
69 }
70 .change13 {
71 color : blue;
72 font-weight: bold;
73 }
74 .strike {
75 color : blue;
76 text-decoration:line-through;
77 }
78 .strike2 {
79 color : blue;
80 text-decoration:line-through;
81 }
82 .strike4 {
83 color : blue;
84 text-decoration:line-through;
85 }
86 .strike5 {
87 color : blue;
88 text-decoration:line-through;
89 }
90 .strike6 {
91 color : blue;
92 text-decoration:line-through;
93 }
94 .strike7 {
95 color : blue;
96 text-decoration:line-through;
97 }
98 .strike8 {
99 color : blue;
100 text-decoration:line-through;
101 }
102 .strike9 {
103 color : blue;
104 text-decoration:line-through;
105 }
106 .strike10 {
107 color : blue;
108 text-decoration:line-through;
109 }
110 .strike11 {
111 color : blue;
112 text-decoration:line-through;
113 }
114 .strike12 {
115 color : blue;
116 text-decoration:line-through;
117 }
118 .strike13 {
119 color : blue;
120 text-decoration:line-through;
121 }
122 -->
123 </style>
124
125 </head>
126 <body>
127
128 <div class="comment">
129 <table width="100%">
130
131 <tr>
132 <td rowspan="2">
133 Name: CCA <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD9</a><br />
134 Status: POLICY <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20080109.1_CCA_to_POLICY_status">p20080109.1</a><br />
135 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="draftadd">DRAFT <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20140709_CCA_update_to_DRAFT">p20140709</a></span> <br />
136 Editor: <a style="color: steelblue" href="https://wiki.cacert.org/Community/HomePagesMembers/BenediktHeintel">Benedikt</a><br />
137 Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright &copy; CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy">CC-by-sa+DRP</a><br />
138
139 </td>
140 <td valign="top" align="right">
141 <a href="https://www.cacert.org/policy/PolicyOnPolicy.php"><img src="images/cacert-policy.png" alt="CCA Status - POLICY" height="31" width="88" style="border-style: none;" /></a>
142
143 <!-- XXXXXXXXXXXXXX delete this going to POLICY -->
144 <br />
145 <a href="https://www.cacert.org/policy/PolicyOnPolicy.php"><img src="images/cacert-draft.png" alt="CCA Status - DRAFT" height="31" width="88" style="border-style: none;" /></a>
146
147 </td>
148 </tr>
149 </table>
150 </div>
151
152 <h2>CAcert Community Agreement</h2>
153
154 <h3><a name="0">0.</a> Introduction</h3>
155
156 <p>This agreement is between you, being a registered member ("Member") within
157 CAcert's community at large ("Community") and CAcert Incorporated ("CAcert"),
158 being an operator of services to the Community.</p>
159
160 <h4><a name="0.1">0.1</a> Terms</h4>
161
162 <ol>
163 <li>"CAcert" means CAcert Inc., a non-profit Association of Members
164 incorporated in New South Wales, Australia. Note that Association Members
165 are distinct from the Members defined here.</li>
166
167 <li>"Member" means you, a registered participant within CAcert's Community,
168 with an account on the website and the facility to request certificates.
169 Members may be individuals ("natural persons") or organisations ("legal
170 persons").</li>
171
172 <li>"Organisation" is defined under the Organisation Assurance programme,
173 and generally includes corporations and other entities that become Members
174 and become Assured.</li>
175
176 <li>"Community" means all of the Members that are registered by this
177 agreement and other parties by other agreements, all being under CAcert's
178 Arbitration.</li>
179
180 <li>"Non-Related Person" ("NRP"), being someone who is not a Member, is not
181 part of the Community, and has not registered their agreement. <span class=
182 "strike7">Such people are offered the NRP-DaL another agreement allowing
183 the USE of certificates.</span></li>
184
185 <li><span class="strike7">"Non-Related Persons - Disclaimer and Licence"
186 ("NRP-DaL"), another agreement that is offered to persons outside the
187 Community.</span><span class="change7">(withdrawn)</span></li>
188
189 <li>"Arbitration" is the Community's forum for resolving disputes, or
190 jurisdiction.</li>
191
192 <li>"Dispute Resolution Policy" ("DRP" =&gt; COD7) is the policy and rules
193 for resolving disputes.</li>
194
195 <li>"USE" means the act by your software to conduct its tasks,
196 incorporating the certificates according to software procedures.</li>
197
198 <li>"RELY" means your human act in taking on a risk and liability on the
199 basis of the claim(s) bound within a certificate.</li>
200
201 <li>"OFFER" means the your act of making available your certificate to
202 another person. Generally, you install and configure your software to act
203 as your agent and facilite this and other tasks. OFFER does not imply
204 suggestion of reliance.</li>
205
206 <li>"Issue" means creation of a certificate by CAcert. To create a
207 certificate, CAcert affixes a digital signature from the root onto a public
208 key and other information. This act would generally bind a statement or
209 claim, such as your name, to your key.</li>
210
211 <li>"Root" means CAcert's top level key, used for signing certificates for
212 Members. In this document, the term includes any subroots.</li>
213
214 <li>"CAcert Official Document" ("COD" <span class="strike4">=&gt;
215 COD3</span>) <span class="strike4">in a standard format for describing the
216 details of operation and governance essential to a certificate authority.
217 Changes are managed and controlled. CODs define more technical terms. See
218 4.2 for listing of relevant CODs.</span> <span class="change4">is an
219 official managed and controlled document (e. g. a Policy) of
220 CAcert.</span></li>
221
222 <li>"Certification Practice Statement" ("CPS" =&gt; COD6) is the document
223 that controls details about operational matters within CAcert.</li>
224 </ol>
225
226 <h3><a name="1">1.</a> Agreement and Licence</h3>
227
228 <h4><a name="1.1">1.1</a> Agreement</h4>
229
230 <p>You <span class="strike">and CAcert both</span> agree to the terms and
231 conditions in this agreement. Your agreement is given by <span class=
232 "change2">but not limited to</span> <span class="strike2">any of</span></p>
233
234 <ul>
235 <li>your signature on a form to request assurance of identity ("CAP"
236 form),</li>
237
238 <li>your request on the website to join the Community and create an
239 account,</li>
240
241 <li>your request for Organisation Assurance,</li>
242
243 <li>your request for issuing of certificates, or</li>
244
245 <li>if you USE, RELY, or OFFER any certificate issued to you.</li>
246 </ul>
247
248 <p>Your agreement is effective from the date of the first event above that
249 makes this agreement known to you. This Agreement replaces and <span class=
250 "strike2">supercedes prior agreements, including the NRP-DaL.</span>
251 <span class="change2">supersedes any prior agreements.</span></p>
252
253 <h4><a name="1.2">1.2</a> Licence</h4>
254
255 <p>As part of the Community, CAcert offers you these rights:</p>
256
257 <ol>
258 <li>You may USE any certificates issued by CAcert.</li>
259
260 <li>You may RELY on any certificate issued by CAcert, as explained and
261 limited by CPS (COD6).</li>
262
263 <li>You may OFFER certificates issued to you by CAcert to Members for their
264 RELIANCE.</li>
265
266 <li>You may OFFER certificates issued to you by CAcert to NRPs for their
267 USE, within the general principles of the Community.</li>
268
269 <li>This Licence is free of cost, non-exclusive, and
270 non-transferrable.</li>
271 </ol>
272
273 <h4><a name="1.3">1.3</a> Your Contributions</h4>
274
275 <p>You agree to a non-exclusive non-restrictive non-revokable transfer of
276 Licence to CAcert for your contributions. That is, if you post an idea or
277 comment on a CAcert forum, or email it to other Members, your work can be
278 used freely by the Community for CAcert purposes, including placing under
279 CAcert's licences for wider publication.</p>
280
281 <p>You retain authorship rights, and the rights to also transfer
282 non-exclusive rights to other parties. That is, you can still use your ideas
283 and contributions outside the Community.</p>
284
285 <p>Note that the following exceptions override this clause:</p>
286
287 <ol>
288 <li>Contributions to controlled documents are subject to Policy on Policy
289 ("PoP" =&gt; COD1)</li>
290
291 <li>Source code is subject to an open source licence regime.</li>
292
293 <li><span class="change">Personal data</span></li>
294
295 <li><span class="change">Postings under competing licenses if clearly
296 stated when posted</span></li>
297 </ol>
298
299 <h4><span class="change"><a name="1.4">1.4</a> Privacy</span></h4>
300
301 <p><span class="change">You give rights to CAcert to store, verify and
302 process and publish your data in accordance with policies in force. These
303 rights include shipping the data to foreign countries for system
304 administration, support and processing purposes. Such shipping will only be
305 done among CAcert Community administrators and Assurers.</span></p>
306
307 <p><span class="change">Privacy is further covered in the Privacy Policy
308 ("PP" =&gt; COD5).</span></p>
309
310 <h3><span class="change"><a name="2">2.</a> Your Risks, Liabilities and
311 Obligations</span></h3>
312
313 <p><span class="change">As a Member, you have risks, liabilities and
314 obligations within this agreement.</span></p>
315
316 <h4><span class="change"><a name="2.1">2.1</a> Risks</span></h4>
317
318 <ol>
319 <li><span class="change">A certificate may prove unreliable.</span></li>
320
321 <li><span class="change">Your account, keys or other security tools may be
322 lost or otherwise compromised.</span></li>
323
324 <li><span class="change">You may find yourself subject to Arbitration (DRP
325 =&gt; COD7).</span></li>
326 </ol>
327
328 <h4><span class="change"><a name="2.2">2.2</a> Liabilities</span></h4>
329
330 <ol>
331 <li><span class="change">You are liable for any penalties as awarded
332 against you by the Arbitrator.</span></li>
333
334 <li><span class="change">Remedies are as defined in the DRP (COD7). An
335 Arbitrator's ruling may include monetary amounts, awarded against
336 you.</span></li>
337
338 <li><span class="change">Your liability is limited to a total maximum of
339 <b>1000 Euros</b>.</span></li>
340
341 <li><span class="change">"Foreign Courts" may assert jurisdiction. These
342 include your local courts, and are outside our Arbitration. Foreign Courts
343 will generally refer to the Arbitration Act of their country, which will
344 generally refer civil cases to Arbitration. The Arbitration Act will not
345 apply to criminal cases.</span></li>
346 </ol>
347
348 <h4><span class="change"><a name="2.3">2.3</a> Obligations</span></h4>
349
350 <p><span class="change">You are obliged</span></p>
351
352 <ol>
353 <li><span class="change">to provide accurate information as part of
354 Assurance. You give permission for verification of the information using
355 CAcert-approved methods.</span></li>
356
357 <li><span class="change">to make no false representations.</span></li>
358
359 <li><span class="change">to submit all your disputes to Arbitration (DRP
360 =&gt; COD7).</span></li>
361
362 <li><span class="change">to assist the Arbitrator by truthfully providing
363 information, or with any other reasonable request.</span></li>
364
365 <li><span class="change7">to not share your CAcert account.</span></li>
366 </ol>
367
368 <h4><a name="2.4">2.4</a> Principles</h4>
369
370 <p>As a Member of CAcert, you are a member of the Community. You are further
371 obliged to work within the spirit of the Principles of the Community. These
372 are described in <a href=
373 "http://svn.cacert.org/CAcert/principles.html">Principles of the
374 Community</a>.</p>
375
376 <h4><a name="2.5">2.5</a> Security</h4>
377
378 <p>CAcert exists to help you to secure yourself. You are primarily
379 responsible for your own security. Your security obligations include</p>
380
381 <ol>
382 <li>to secure yourself and your computing platform (e. g. PC),</li>
383
384 <li>to keep your email account in good working order,</li>
385
386 <li>to secure your CAcert account (e. g., credentials such as username,
387 password),</li>
388
389 <li>to secure your private keys, <span class="change8">ensuring that they
390 are only used as indicated by the certificate, or by wider agreement with
391 others,</span></li>
392
393 <li>to review certificates for accuracy, and</li>
394
395 <li>when in doubt, notify CAcert,</li>
396
397 <li>when in doubt, take other reasonable actions, such as revoking
398 certificates, changing account credentials, and/or generating new
399 keys.</li>
400 </ol>
401
402 <p>Where, above, 'secure' means to protect to a reasonable degree, in
403 proportion with your risks and the risks of others.</p>
404
405 <h3><a name="3">3.</a> Law and Jurisdiction</h3>
406
407 <h4><a name="3.1">3.1</a> Governing Law</h4>
408
409 <p>This agreement is governed under the law of New South Wales, Australia,
410 being the home of the CAcert Inc. Association.</p>
411
412 <h4><a name="3.2">3.2</a> Arbitration as Forum of Dispute Resolution</h4>
413
414 <p>You agree, with CAcert and all of the Community, that all disputes arising
415 out of or in connection to our use of CAcert services shall be referred to
416 and finally resolved by Arbitration under the rules within the Dispute
417 Resolution Policy of CAcert (DRP =&gt; COD7). The rules select a single
418 Arbitrator chosen by CAcert from among senior Members in the Community. The
419 ruling of the Arbitrator is binding and final on Members and CAcert
420 alike.</p>
421
422 <p>In general, the jurisdiction for resolution of disputes is within CAcert's
423 own forum of Arbitration, as defined and controlled by its own rules (DRP
424 =&gt; COD7).</p>
425
426 <p>We use Arbitration for many purposes beyond the strict nature of disputes,
427 such as governance and oversight. A systems administrator may need
428 authorisation to conduct a non-routine action, and Arbitration may provide
429 that authorisation. Thus, you may find yourself party to Arbitration that is
430 simply support actions, and you may file disputes in order to initiate
431 support actions.</p>
432
433 <h4><a name="3.3">3.3</a> Termination</h4>
434
435 <p><span class="strike12">You may terminate this agreement by resigning from
436 CAcert. You may do this at any time by writing to CAcert's online support
437 forum and filing dispute to resign. All services will be terminated, and your
438 certificates will be revoked. However, some information will continue to be
439 held for certificate processing purposes.</span></p>
440
441 <p><span class="strike12">The provisions on Arbitration survive any
442 termination by you by leaving CAcert. That is, even if you resign from
443 CAcert, you are still bound by the DRP (COD7), and the Arbitrator may
444 reinstate any provision of this agreement or bind you to a ruling.</span></p>
445
446 <p><span class="strike12">Only the Arbitrator may terminate this agreement
447 with you.</span></p>
448
449 <p><span class="change12">The CAcert Community Agreement is
450 terminated</span></p>
451
452 <ol>
453 <li><span class="change12">based on a Policy Group decision following (PoP
454 =&gt; COD1). This terminates the Agreement with every member.</span></li>
455
456 <li><span class="change12">with a ruling of the Arbitrator or the
457 completion of a termination process defined by an Arbitrator ruling (DRP
458 =&gt; COD7).</span></li>
459
460 <li><span class="change12">by the end of existence of a member (i.e. death
461 in the case of individuals).</span></li>
462 </ol>
463
464 <p><span class="change12">A member may declare the wish to resign from CAcert
465 at any time by writing to <em>support AT cacert.org</em>. This triggers a
466 process for termination of this agreement with the member.</span></p>
467
468 <h4><span class="change12"><a name="3.3">3.3a</a> Consequences of
469 Termination</span></h4>
470
471 <p><span class="change12">The termination discontinues the right to USE,
472 OFFER and CREATE personal certificates in any account of the former member.
473 Those certificates will be revoked and all services to the former member will
474 be terminated as soon as possible. However, some information will continue to
475 be held for certificate processing purposes.</span></p>
476
477 <p><span class="change12">The provisions on Arbitration for the time of
478 membership survive any termination. Former members are still bound by the DRP
479 (COD7), and the Arbitrator may reinstate any provision of this agreement or
480 bind them to a ruling.</span></p>
481
482 <p><span class="change12">As far as Organisations are concerned details are
483 also defined in the Organisation Assurance Policy (OAP =&gt;
484 COD11).</span></p>
485
486 <p><span class="change12">Every member learning about the death of a member
487 or termination of existence of a member should notify <em>support AT
488 cacert.org</em>.</span></p>
489
490 <h4><a name="3.4">3.4</a> Changes of Agreement</h4>
491
492 <p>CAcert may from time to time vary the terms of this Agreement. Changes
493 will be done according to the documented CAcert policy for changing policies,
494 and is subject to scrutiny and feedback by the Community. Changes will be
495 notified to you by email to your primary address.</p>
496
497 <p>If you do not agree to the changes, you may terminate as above. Continued
498 use of the service shall be deemed to be agreement by you.</p>
499
500 <h4><a name="3.5">3.5</a> Communication</h4>
501
502 <p><span class="change6">You are responsible for keeping your primary email
503 account in good working order and able to receive emails from
504 CAcert.</span></p>
505
506 <p>Notifications to CAcert are to be sent by email to the address <em>support
507 AT cacert.org</em>. You should attach a digital signature<span class=
508 "strike6">, but need not do so in the event of security or similar
509 urgency</span>.</p>
510
511 <p><span class="strike6">Notifications to you are sent by CAcert to the
512 primary email address registered with your account. You are responsible for
513 keeping your email account in good working order and able to receive emails
514 from CAcert.</span></p>
515
516 <p><span class="strike6">Arbitration is generally conducted by
517 email.</span></p>
518
519 <h3><a name="4">4.</a> Miscellaneous</h3>
520
521 <h4><a name="4.1">4.1</a> <span class="strike10">Other Parties Within the
522 Community</span> <span class="change10">(withdrawn)</span></h4>
523
524 <p class="strike10">As well as you and other Members in the Community, CAcert
525 forms agreements with third party vendors and others. Thus, such parties will
526 also be in the Community. Such agreements are also controlled by the same
527 policy process as this agreement, and they should mirror and reinforce these
528 terms.</p>
529
530 <h4><a name="4.2">4.2</a> References and Other Binding Documents</h4>
531
532 <p class="strike11">This agreement is CAcert Official Document 9 (COD9) and
533 is a controlled document.</p>
534
535 <p>You are also bound by <span class="change11">the Policies of the Community
536 under the control of Policy on Policy ("PoP" =&gt; COD1) and listed in
537 <a href=
538 "https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">Controlled
539 Document List</a>.</span></p>
540
541 <ol>
542 <li><span class="strike11"><a href=
543 "http://www.cacert.org/policy/CertificationPracticeStatement.php">Certification
544 Practice Statement</a> (CPS =&gt; COD6).</span></li>
545
546 <li><span class="strike11"><a href=
547 "http://www.cacert.org/policy/DisputeResolutionPolicy.php">Dispute
548 Resolution Policy</a> (DRP =&gt; COD7).</span></li>
549
550 <li><span class="strike11"><a href="PrivacyPolicy.html">Privacy Policy</a>
551 (PP =&gt; COD5).</span></li>
552
553 <li><span class="strike11"><a href=
554 "http://svn.cacert.org/CAcert/principles.html">Principles of the
555 Community</a>.</span></li>
556 </ol>
557
558 <p class="strike11">Where documents are referred to as <i>=&gt; COD x</i>,
559 they are controlled documents under the control of Policy on Policies
560 (COD1).</p>
561
562 <p class="strike11">This agreement and controlled documents above are
563 primary, and may not be replaced or waived except by formal policy channels
564 and by Arbitration.</p>
565
566 <p class="change11">Controlled documents are primary, and may not be replaced
567 or waived except by formal policy channels and Arbitration.</p>
568
569 <p class="change11">This agreement is controlled document COD9.</p>
570
571 <h4><a name="4.3">4.3</a> Informative References</h4>
572
573 <p>The governing documents are in English. Documents may be translated for
574 convenience. Because we cannot control the legal effect of translations, the
575 English documents are the ruling ones.</p>
576
577 <p class="strike9">You are encouraged to be familiar with the Assurer
578 Handbook, which provides a more readable introduction for much of the
579 information needed. The Handbook is not however an agreement, and is
580 overruled by this agreement and others listed above.</p>
581
582 <p class="change9">Beside this Agreement and the Policies, there are other
583 documents, i. e. Policy Guides, Manuals and Handbooks, supporting and
584 explaining this Agreement and the Policies. These documents are not binding
585 and in doubt this Agreement and the Policies are valid.</p>
586
587 <h4><a name="4.4">4.4</a> <span class="strike9">Not Covered in this
588 Agreement</span> <span class="change9">(withdrawn)</span></h4>
589
590 <p class="strike9"><b>Intellectual Property.</b> This Licence does not
591 transfer any intellectual property rights ("IPR") to you. CAcert asserts and
592 maintains its IPR over its roots, issued certificates, brands, logos and
593 other assets. Note that the certificates issued to you are CAcert's
594 intellectual property and you do not have rights other than those stated.</p>
595 </body>
596 </html>