Source code taken from cacert-20141124.tar.bz2
[cacert.git] / www / policy / CAcertCommunityAgreement.php
1 <?='<?xml version="1.0" encoding="utf-8"?>'?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
3 "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
4 <html xmlns="http://www.w3.org/1999/xhtml">
5 <head>
6 <meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" />
7 <title> CAcert Community Agreement </title>
8 <style type="text/css">
9 <!--
10 .comment {
11 color : steelblue;
12 }
13 .first-does-not-work {
14 color : red;
15 }
16 .q {
17 color : green;
18 font-weight: bold;
19 text-align: center;
20 font-style:italic;
21 }
22 .change {
23 color : blue;
24 font-weight: bold;
25 }
26 .change2 {
27 color : blue;
28 font-weight: bold;
29 }
30 .change3 {
31 color : blue;
32 font-weight: bold;
33 }
34 .change4 {
35 color : blue;
36 font-weight: bold;
37 }
38 .change5 {
39 color : blue;
40 font-weight: bold;
41 }
42 .change6 {
43 color : blue;
44 font-weight: bold;
45 }
46 .change7 {
47 color : blue ;
48 font-weight: bold;
49 }
50 .change8 {
51 color : blue;
52 font-weight: bold;
53 }
54 .change9 {
55 color : blue;
56 font-weight: bold;
57 }
58 .change10 {
59 color : blue;
60 font-weight: bold;
61 }
62 .change11 {
63 color : blue;
64 font-weight: bold;
65 }
66 .change12 {
67 color : blue;
68 font-weight: bold;
69 }
70 .change13 {
71 color : blue;
72 font-weight: bold;
73 }
74 .strike {
75 color : blue;
76 text-decoration:line-through;
77 }
78 .strike2 {
79 color : blue;
80 text-decoration:line-through;
81 }
82 .strike4 {
83 color : blue;
84 text-decoration:line-through;
85 }
86 .strike5 {
87 color : blue;
88 text-decoration:line-through;
89 }
90 .strike6 {
91 color : blue;
92 text-decoration:line-through;
93 }
94 .strike7 {
95 color : blue;
96 text-decoration:line-through;
97 }
98 .strike8 {
99 color : blue;
100 text-decoration:line-through;
101 }
102 .strike9 {
103 color : blue;
104 text-decoration:line-through;
105 }
106 .strike10 {
107 color : blue;
108 text-decoration:line-through;
109 }
110 .strike11 {
111 color : blue;
112 text-decoration:line-through;
113 }
114 .strike12 {
115 color : blue;
116 text-decoration:line-through;
117 }
118 .strike13 {
119 color : blue;
120 text-decoration:line-through;
121 }
122 -->
123 </style>
124
125 </head>
126 <body>
127
128 <div class="comment">
129 <table width="100%">
130
131 <tr>
132 <td rowspan="2">
133 Name: CCA <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD9</a><br />
134 Status: POLICY <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20080109.1_CCA_to_POLICY_status">p20080109.1</a><br />
135 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="draftadd">DRAFT <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20140709_CCA_update_to_DRAFT">p20140709</a></span> <br />
136 Editor: <a style="color: steelblue" href="https://wiki.cacert.org/Community/HomePagesMembers/BenediktHeintel">Benedikt</a><br />
137 Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright &copy; CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy">CC-by-sa+DRP</a><br />
138
139 </td>
140 <td valign="top" align="right">
141 <a href="https://www.cacert.org/policy/PolicyOnPolicy.php"><img src="images/cacert-policy.png" alt="CCA Status - POLICY" height="31" width="88" style="border-style: none;" /></a>
142
143 <!-- XXXXXXXXXXXXXX delete this going to POLICY -->
144 <br />
145 <a href="https://www.cacert.org/policy/PolicyOnPolicy.php"><img src="images/cacert-draft.png" alt="CCA Status - DRAFT" height="31" width="88" style="border-style: none;" /></a>
146
147 </td>
148 </tr>
149 </table>
150 </div>
151
152 <h2>CAcert Community Agreement</h2>
153
154 <h3><a name="0">0.</a> Introduction</h3>
155
156 <p>This agreement is between you, being a registered member ("Member") within
157 CAcert's community at large ("Community") and CAcert Incorporated ("CAcert"),
158 being an operator of services to the Community.</p>
159
160 <h4><a name="0.1">0.1</a> Terms</h4>
161
162 <ol>
163 <li>"CAcert" means CAcert Inc., a non-profit Association of Members
164 incorporated in New South Wales, Australia. Note that Association Members
165 are distinct from the Members defined here.</li>
166
167 <li>"Member" means you, a registered participant within CAcert's Community,
168 with an account on the website and the facility to request certificates.
169 Members may be individuals ("natural persons") or organisations ("legal
170 persons").</li>
171
172 <li>"Organisation" is defined under the Organisation Assurance programme,
173 and generally includes corporations and other entities that become Members
174 and become Assured.</li>
175
176 <li>"Community" means all of the Members that are registered by this
177 agreement and other parties by other agreements, all being under CAcert's
178 Arbitration.</li>
179
180 <li>"Non-Related Person" ("NRP"), being someone who is not a Member, is not
181 part of the Community, and has not registered their agreement. <span class=
182 "strike7">Such people are offered the NRP-DaL another agreement allowing
183 the USE of certificates.</span></li>
184
185 <li><span class="strike7">"Non-Related Persons - Disclaimer and Licence"
186 ("NRP-DaL"), another agreement that is offered to persons outside the
187 Community.</span><span class="change7">(withdrawn)</span></li>
188
189 <li>"Arbitration" is the Community's forum for resolving disputes, or
190 jurisdiction.</li>
191
192 <li>"Dispute Resolution Policy" ("DRP" =&gt; COD7) is the policy and rules
193 for resolving disputes.</li>
194
195 <li>"USE" means the act by your software to conduct its tasks,
196 incorporating the certificates according to software procedures.</li>
197
198 <li>"RELY" means your human act in taking on a risk and liability on the
199 basis of the claim(s) bound within a certificate.</li>
200
201 <li>"OFFER" means the your act of making available your certificate to
202 another person. Generally, you install and configure your software to act
203 as your agent and facilite this and other tasks. OFFER does not imply
204 suggestion of reliance.</li>
205
206 <li>"Issue" means creation of a certificate by CAcert. To create a
207 certificate, CAcert affixes a digital signature from the root onto a public
208 key and other information. This act would generally bind a statement or
209 claim, such as your name, to your key.</li>
210
211 <li>"Root" means CAcert's top level key, used for signing certificates for
212 Members. In this document, the term includes any subroots.</li>
213
214 <li>"CAcert Official Document" ("COD" <span class="strike4">=&gt;
215 COD3</span>) <span class="strike4">in a standard format for describing the
216 details of operation and governance essential to a certificate authority.
217 Changes are managed and controlled. CODs define more technical terms. See
218 4.2 for listing of relevant CODs.</span> <span class="change4">is an
219 official managed and controlled document (e. g. a Policy) of
220 CAcert.</span></li>
221
222 <li>"Certification Practice Statement" ("CPS" =&gt; COD6) is the document
223 that controls details about operational matters within CAcert.</li>
224 </ol>
225
226 <h3><a name="1">1.</a> Agreement and Licence</h3>
227
228 <h4><a name="1.1">1.1</a> Agreement</h4>
229
230 <p>You <span class="strike">and CAcert both</span> agree to the terms and
231 conditions in this agreement. Your agreement is given by <span class=
232 "change2">but not limited to</span> <span class="strike2">any of</span></p>
233
234 <ul>
235 <li>your signature on a form to request assurance of identity ("CAP"
236 form),</li>
237
238 <li>your request on the website to join the Community and create an
239 account,</li>
240
241 <li>your request for Organisation Assurance,</li>
242
243 <li>your request for issuing of certificates, or</li>
244
245 <li>if you USE, RELY, or OFFER any certificate issued to you.</li>
246 </ul>
247
248 <p>Your agreement is effective from the date of the first event above that
249 makes this agreement known to you. This Agreement replaces and <span class=
250 "strike2">supercedes prior agreements, including the NRP-DaL.</span>
251 <span class="change2">supersedes any prior agreements.</span></p>
252
253 <h4><a name="1.2">1.2</a> Licence</h4>
254
255 <p>As part of the Community, CAcert offers you these rights:</p>
256
257 <ol>
258 <li>You may USE any certificates issued by CAcert.</li>
259
260 <li>You may RELY on any certificate issued by CAcert, as explained and
261 limited by CPS (COD6).</li>
262
263 <li>You may OFFER certificates issued to you by CAcert to Members for their
264 RELIANCE.</li>
265
266 <li>You may OFFER certificates issued to you by CAcert to NRPs for their
267 USE, within the general principles of the Community.</li>
268
269 <li>This Licence is free of cost, non-exclusive, and
270 non-transferrable.</li>
271 </ol>
272
273 <h4><a name="1.3">1.3</a> Your Contributions</h4>
274
275 <p>You agree to a non-exclusive non-restrictive non-revokable transfer of
276 Licence to CAcert for your contributions. That is, if you post an idea or
277 comment on a CAcert forum, or email it to other Members, your work can be
278 used freely by the Community for CAcert purposes, including placing under
279 CAcert's licences for wider publication.</p>
280
281 <p>You retain authorship rights, and the rights to also transfer
282 non-exclusive rights to other parties. That is, you can still use your ideas
283 and contributions outside the Community.</p>
284
285 <p>Note that the following exceptions override this clause:</p>
286
287 <ol>
288 <li>Contributions to controlled documents are subject to Policy on Policy
289 ("PoP" =&gt; COD1)</li>
290
291 <li>Source code is subject to an open source licence regime.</li>
292
293 <li><span class="change">Personal data</span></li>
294
295 <li><span class="change">Postings under competing licenses if clearly
296 stated when posted</span></li>
297 </ol>
298
299 <h4><a name="1.4">1.4</a> Privacy</h4>
300
301 <p>You give rights to CAcert to store, verify and
302 process and publish your data in accordance with policies in force. These
303 rights include shipping the data to foreign countries for system
304 administration, support and processing purposes. Such shipping will only be
305 done among CAcert Community administrators and Assurers.</p>
306
307 <p>Privacy is further covered in the Privacy Policy ("PP" =&gt; COD5).</p>
308
309 <h3><a name="2">2.</a> Your Risks, Liabilities and Obligations</h3>
310
311 <p>As a Member, you have risks, liabilities and obligations within this agreement.</p>
312
313 <h4><a name="2.1">2.1</a> Risks</h4>
314
315 <ol>
316 <li>A certificate may prove unreliable.</li>
317
318 <li>Your account, keys or other security tools may be
319 lost or otherwise compromised.</li>
320
321 <li>You may find yourself subject to Arbitration (DRP
322 =&gt; COD7).</li>
323 </ol>
324
325 <h4><a name="2.2">2.2</a> Liabilities</h4>
326
327 <ol>
328 <li>You are liable for any penalties as awarded
329 against you by the Arbitrator.</li>
330
331 <li>Remedies are as defined in the DRP (COD7). An
332 Arbitrator's ruling may include monetary amounts, awarded against
333 you.</li>
334
335 <li>Your liability is limited to a total maximum of
336 <b>1000 Euros</b>.</li>
337
338 <li>"Foreign Courts" may assert jurisdiction. These
339 include your local courts, and are outside our Arbitration. Foreign Courts
340 will generally refer to the Arbitration Act of their country, which will
341 generally refer civil cases to Arbitration. The Arbitration Act will not
342 apply to criminal cases.</li>
343 </ol>
344
345 <h4><a name="2.3">2.3</a> Obligations</h4>
346
347 <p>You are obliged</p>
348
349 <ol>
350 <li>to provide accurate information as part of
351 Assurance. You give permission for verification of the information using
352 CAcert-approved methods.</li>
353
354 <li>to make no false representations.</li>
355
356 <li>to submit all your disputes to Arbitration (DRP
357 =&gt; COD7).</li>
358
359 <li><span class="change">to assist the Arbitrator by truthfully providing
360 information, or with any other reasonable request.</span></li>
361
362 <li><span class="change7">to not share your CAcert account.</span></li>
363 </ol>
364
365 <h4><a name="2.4">2.4</a> Principles</h4>
366
367 <p>As a Member of CAcert, you are a member of the Community. You are further
368 obliged to work within the spirit of the Principles of the Community. These
369 are described in <a href=
370 "http://svn.cacert.org/CAcert/principles.html">Principles of the
371 Community</a>.</p>
372
373 <h4><a name="2.5">2.5</a> Security</h4>
374
375 <p>CAcert exists to help you to secure yourself. You are primarily
376 responsible for your own security. Your security obligations include</p>
377
378 <ol>
379 <li>to secure yourself and your computing platform (e. g. PC),</li>
380
381 <li>to keep your email account in good working order,</li>
382
383 <li>to secure your CAcert account (e. g., credentials such as username,
384 password),</li>
385
386 <li>to secure your private keys, <span class="change8">ensuring that they
387 are only used as indicated by the certificate, or by wider agreement with
388 others,</span></li>
389
390 <li>to review certificates for accuracy, and</li>
391
392 <li>when in doubt, notify CAcert,</li>
393
394 <li>when in doubt, take other reasonable actions, such as revoking
395 certificates, changing account credentials, and/or generating new
396 keys.</li>
397 </ol>
398
399 <p>Where, above, 'secure' means to protect to a reasonable degree, in
400 proportion with your risks and the risks of others.</p>
401
402 <h3><a name="3">3.</a> Law and Jurisdiction</h3>
403
404 <h4><a name="3.1">3.1</a> Governing Law</h4>
405
406 <p>This agreement is governed under the law of New South Wales, Australia,
407 being the home of the CAcert Inc. Association.</p>
408
409 <h4><a name="3.2">3.2</a> Arbitration as Forum of Dispute Resolution</h4>
410
411 <p>You agree, with CAcert and all of the Community, that all disputes arising
412 out of or in connection to our use of CAcert services shall be referred to
413 and finally resolved by Arbitration under the rules within the Dispute
414 Resolution Policy of CAcert (DRP =&gt; COD7). The rules select a single
415 Arbitrator chosen by CAcert from among senior Members in the Community. The
416 ruling of the Arbitrator is binding and final on Members and CAcert
417 alike.</p>
418
419 <p>In general, the jurisdiction for resolution of disputes is within CAcert's
420 own forum of Arbitration, as defined and controlled by its own rules (DRP
421 =&gt; COD7).</p>
422
423 <p>We use Arbitration for many purposes beyond the strict nature of disputes,
424 such as governance and oversight. A systems administrator may need
425 authorisation to conduct a non-routine action, and Arbitration may provide
426 that authorisation. Thus, you may find yourself party to Arbitration that is
427 simply support actions, and you may file disputes in order to initiate
428 support actions.</p>
429
430 <h4><a name="3.3">3.3</a> Termination</h4>
431
432 <p><span class="strike12">You may terminate this agreement by resigning from
433 CAcert. You may do this at any time by writing to CAcert's online support
434 forum and filing dispute to resign. All services will be terminated, and your
435 certificates will be revoked. However, some information will continue to be
436 held for certificate processing purposes.</span></p>
437
438 <p><span class="strike12">The provisions on Arbitration survive any
439 termination by you by leaving CAcert. That is, even if you resign from
440 CAcert, you are still bound by the DRP (COD7), and the Arbitrator may
441 reinstate any provision of this agreement or bind you to a ruling.</span></p>
442
443 <p><span class="strike12">Only the Arbitrator may terminate this agreement
444 with you.</span></p>
445
446 <p><span class="change12">The CAcert Community Agreement is
447 terminated</span></p>
448
449 <ol>
450 <li><span class="change12">based on a Policy Group decision following (PoP
451 =&gt; COD1). This terminates the Agreement with every member.</span></li>
452
453 <li><span class="change12">with a ruling of the Arbitrator or the
454 completion of a termination process defined by an Arbitrator ruling (DRP
455 =&gt; COD7).</span></li>
456
457 <li><span class="change12">by the end of existence of a member (i.e. death
458 in the case of individuals).</span></li>
459 </ol>
460
461 <p><span class="change12">A member may declare the wish to resign from CAcert
462 at any time by writing to <em>support AT cacert.org</em>. This triggers a
463 process for termination of this agreement with the member.</span></p>
464
465 <h4><span class="change12"><a name="3.3">3.3a</a> Consequences of
466 Termination</span></h4>
467
468 <p><span class="change12">The termination discontinues the right to USE,
469 OFFER and CREATE personal certificates in any account of the former member.
470 Those certificates will be revoked and all services to the former member will
471 be terminated as soon as possible. However, some information will continue to
472 be held for certificate processing purposes.</span></p>
473
474 <p><span class="change12">The provisions on Arbitration for the time of
475 membership survive any termination. Former members are still bound by the DRP
476 (COD7), and the Arbitrator may reinstate any provision of this agreement or
477 bind them to a ruling.</span></p>
478
479 <p><span class="change12">As far as Organisations are concerned details are
480 also defined in the Organisation Assurance Policy (OAP =&gt;
481 COD11).</span></p>
482
483 <p><span class="change12">Every member learning about the death of a member
484 or termination of existence of a member should notify <em>support AT
485 cacert.org</em>.</span></p>
486
487 <h4><a name="3.4">3.4</a> Changes of Agreement</h4>
488
489 <p>CAcert may from time to time vary the terms of this Agreement. Changes
490 will be done according to the documented CAcert policy for changing policies,
491 and is subject to scrutiny and feedback by the Community. Changes will be
492 notified to you by email to your primary address.</p>
493
494 <p>If you do not agree to the changes, you may terminate as above. Continued
495 use of the service shall be deemed to be agreement by you.</p>
496
497 <h4><a name="3.5">3.5</a> Communication</h4>
498
499 <p><span class="change6">You are responsible for keeping your primary email
500 account in good working order and able to receive emails from
501 CAcert.</span></p>
502
503 <p>Notifications to CAcert are to be sent by email to the address <em>support
504 AT cacert.org</em>. You should attach a digital signature<span class=
505 "strike6">, but need not do so in the event of security or similar
506 urgency</span>.</p>
507
508 <p><span class="strike6">Notifications to you are sent by CAcert to the
509 primary email address registered with your account. You are responsible for
510 keeping your email account in good working order and able to receive emails
511 from CAcert.</span></p>
512
513 <p><span class="strike6">Arbitration is generally conducted by
514 email.</span></p>
515
516 <h3><a name="4">4.</a> Miscellaneous</h3>
517
518 <h4><a name="4.1">4.1</a> <span class="strike10">Other Parties Within the
519 Community</span> <span class="change10">(withdrawn)</span></h4>
520
521 <p class="strike10">As well as you and other Members in the Community, CAcert
522 forms agreements with third party vendors and others. Thus, such parties will
523 also be in the Community. Such agreements are also controlled by the same
524 policy process as this agreement, and they should mirror and reinforce these
525 terms.</p>
526
527 <h4><a name="4.2">4.2</a> References and Other Binding Documents</h4>
528
529 <p class="strike11">This agreement is CAcert Official Document 9 (COD9) and
530 is a controlled document.</p>
531
532 <p>You are also bound by <span class="change11">the Policies of the Community
533 under the control of Policy on Policy ("PoP" =&gt; COD1) and listed in
534 <a href=
535 "https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">Controlled
536 Document List</a>.</span></p>
537
538 <ol>
539 <li><span class="strike11"><a href=
540 "http://www.cacert.org/policy/CertificationPracticeStatement.php">Certification
541 Practice Statement</a> (CPS =&gt; COD6).</span></li>
542
543 <li><span class="strike11"><a href=
544 "http://www.cacert.org/policy/DisputeResolutionPolicy.php">Dispute
545 Resolution Policy</a> (DRP =&gt; COD7).</span></li>
546
547 <li><span class="strike11"><a href="PrivacyPolicy.html">Privacy Policy</a>
548 (PP =&gt; COD5).</span></li>
549
550 <li><span class="strike11"><a href=
551 "http://svn.cacert.org/CAcert/principles.html">Principles of the
552 Community</a>.</span></li>
553 </ol>
554
555 <p class="strike11">Where documents are referred to as <i>=&gt; COD x</i>,
556 they are controlled documents under the control of Policy on Policies
557 (COD1).</p>
558
559 <p class="strike11">This agreement and controlled documents above are
560 primary, and may not be replaced or waived except by formal policy channels
561 and by Arbitration.</p>
562
563 <p class="change11">Controlled documents are primary, and may not be replaced
564 or waived except by formal policy channels and Arbitration.</p>
565
566 <p class="change11">This agreement is controlled document COD9.</p>
567
568 <h4><a name="4.3">4.3</a> Informative References</h4>
569
570 <p>The governing documents are in English. Documents may be translated for
571 convenience. Because we cannot control the legal effect of translations, the
572 English documents are the ruling ones.</p>
573
574 <p class="strike9">You are encouraged to be familiar with the Assurer
575 Handbook, which provides a more readable introduction for much of the
576 information needed. The Handbook is not however an agreement, and is
577 overruled by this agreement and others listed above.</p>
578
579 <p class="change9">Beside this Agreement and the Policies, there are other
580 documents, i. e. Policy Guides, Manuals and Handbooks, supporting and
581 explaining this Agreement and the Policies. These documents are not binding
582 and in doubt this Agreement and the Policies are valid.</p>
583
584 <h4><a name="4.4">4.4</a> <span class="strike9">Not Covered in this
585 Agreement</span> <span class="change9">(withdrawn)</span></h4>
586
587 <p class="strike9"><b>Intellectual Property.</b> This Licence does not
588 transfer any intellectual property rights ("IPR") to you. CAcert asserts and
589 maintains its IPR over its roots, issued certificates, brands, logos and
590 other assets. Note that the certificates issued to you are CAcert's
591 intellectual property and you do not have rights other than those stated.</p>
592 </body>
593 </html>