<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
 "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
  <title> CAcert -- TTP-Assisted Assurance Policy </title>
<style type="text/css">
<!--
.comment {
        color : steelblue;
}
-->
</style>

</head>
<body>
<div class="comment">
<table width="100%">

<tr>
<td>
  Name: TTP-Assist <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD13.2</a><br />
  Status: DRAFT <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20100913">p20100913</a><br />
  Editor: <a style="color: steelblue" href="//wiki.cacert.org/UlrichSchroeter">Ulrich Schroeter</a><br />
   Licence: <a style="color: steelblue" href="//wiki.cacert.org/Policy#Licence" title="this document is Copyright &copy; CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP.  More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br />
</td>
<td valign="top" align="right">
  <a href="//www.cacert.org/policy/PolicyOnPolicy.php"><img src="images/cacert-draft.png" alt="TTP-Assist Status - DRAFT" height="31" width="88" style="border-style: none;" /></a>

</td>
</tr>
</table>
</div>

  <h1> TTP-Assisted Assurance Policy </h1>

  <h2 id="s0"> 0. Preliminaries </h2>
  <p>
   This sub-policy extends the
   <a href="//www.cacert.org/policy/AssurancePolicy.php">
   Assurance Policy</a> ("AP" => COD13)
   by specifying how Assurers can be assisted by
   outsourcing the identity documents verification
   component of assurance to trusted third parties (TTPs).
   Other definitions and terms can be found in AP or in
   <a href="//wiki.cacert.org/AssuranceHandbook">Assurance Handbook</a>
   ("AH").
  </p>

  <h2 id="s1"> 1. Scope </h2>
  <p>
   This sub-policy is restricted to members located
   in areas not well-served with Assurers.
   It serves a goal of promoting both Assurers and Members in those areas.
  </p>

  <h2 id="s2"> 2. Roles </h2>

  <h3 id="s2.1"> 2.1 Trusted Third Party </h3>
  <p>
   A Trusted Third Party ("TTP") is a person who is traditionally respected
   for making reliable statements to others, especially over identification
   documents.  Typically, notaries public (anglo),
   Notaries (European), bank managers, accountants
   and lawyers.
  </p>

  <h3 id="s2.2"> 2.2 The Assurer (aka TTP-admin) </h3>
  <p>
   To employ a TTP in an assurance,
   the Assurer must be a <a href="//wiki.cacert.org/SeniorAssurer">Senior Assurer</a>.
   The Assurer must be familiar with the local
   language and customs.
  </p>

  <h3 id="s2.3"> 2.3 Member </h3>

  <p>
   A Member ("assuree") who is located in a place not well-served
   by Assurers may use the TTP-assisted assurance.
  </p>

  <h2 id="s3"> 3. The Assurance </h2>

  <p>
  Assurance assisted by TTP must meet these requirements:
  </p>
  <ol style="list-style-type: lower-alpha;"><li id="s3.a">
      The Assurer must positively confirm the identity and
      suitability of the TTP.
    </li><li id="s3.b">
      The TTP and the Member must meet face-to-face.
    </li><li id="s3.c">
      The TTP confirms the details supporting the Assurance Statement.
    </li><li id="s3.d">
      The Assurer makes a reliable statement to confirm the
      Assurance Statement.
    </li><li id="s3.e">
      Assurance must be marked as TTP-Assisted
      (e.g., by use of TTPAdmin flag).
  </li></ol>



  <h2 id="s4"> 4. Assurance Officer ("AO") </h2>
  <p>
   The Board routinely delegates its responsibilities to the
   Assurance Officer (and this section assumes that, but does
   not require it).
  </p>

  <p>
   A report is requested annually from the Assurance Officer
   on performance of this policy for the association's
   annual report.
  </p>
  <h3 id="s4.1"> 4.1 Practice </h3>
  <p>
   Assurance Officer should prepare a
     <a href="//wiki.cacert.org/TTP">detailed documentation</a>
   under
     <a href="//wiki.cacert.org/AssuranceHandbook">AH</a>
     that meets the needs of this policy, including:
  </p>
  <ul><li>
     Form for TTPs
    </li><li>
     Guide for TTPs.
    </li><li>
     Form for TTP-assisted assurance (used by Assurer)
    </li><li>
     Guide and protocol for Assurers.
    </li><li>
     Mechanisms for contacting Assurers available for
     TTP-assisted assurances.
    </li><li>
     Definition of
     <a href="//wiki.cacert.org/SeniorAssurer">
     Senior Assurer</a>.
  </li></ul>

  <h3 id="s4.2"> 4.2 Deserts </h3>
  <p>
    The Assurance Officer maintains a 
     <a href="//wiki.cacert.org/deserts">list of regions</a>
    that are designated as '<i>deserts,</i>' being areas that are so short
    of Assurers as to render face-to-face Assurance impractical.
    In each region, approved types of TTP are listed (e.g., Notary).
    The list is expected to vary according to the
    different juridical traditions of different regions.
    Changes to the regional lists are prepared by
    either an Organisation Assurer for that region
    (as described by OAP)
    or by two Assurers familiar with the traditions
    in that region.
    Changes are then submitted to the Board for approval.
  </p>
  <p>
    Use of a type of TTP not on the list must be approved by
    AO and notified to Board.
    It is an explicit goal to reduce the usage of
    TTP-assisted assurances in favour of face-to-face Assurance.
  </p>

  <p>
    In coordination with internal and external auditors,
    the Assurance Officer shall design and implement a
    suitable programme to meet the needs of audit.
    Where approved by auditors or Board, the Assurance
    Officer may document and implement minor variations to this policy.
  </p>

  <h2 id="s5"> 5. Topup Assurance </h2>

  <p>
    AO is to operate a <cite>Topup Assurance Programme</cite>
    to help seed deserts with Assurers.
    A topup assurance will add additional Assurance Points
    to those gained from two previously conducted TTP-assisted assurances,
    in order for a Member to reach 100 Assurance Points
    for the express purpose of becoming an Assurer.
  </p>

  <p>
    A topup assurance is conducted by a third Senior Assurer
    according to the following requirements:
  </p>

  <ol><li id="s5.1">
      Assurer Challenge must be completed as passed by Member.
    </li><li id="s5.2">
      The topup must be requested by Member for
      purpose of enabling the Member to reach Assurer level.
    </li><li id="s5.3">
      Topup Assurer must be a Senior Assurer,
      and must be independent of the TTP-assist Assurers.
    </li><li id="s5.4">
      The Topup Assurer reviews the two TTP-assisted assurances,
      and conducts other checks as set by the Assurance Officer.
      The normal face-to-face meeting is not conducted.
    </li><li id="s5.5">
      Topup Assurer may award up to 35 points.
    </li><li id="s5.6">
        Assurance must be marked as Topup
        (e.g., by use of new feature with TTPAdmin flag).
  </li></ol>

  <p>
    Each topup is to be reported to AO.
    Topup is only available in designated deserts.
  </p>

</body>
</html>

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
 "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
  <title> CAcert -- TTP-Assisted Assurance Policy </title>
<style type="text/css">
<!--
.comment {
        color : steelblue;
}
-->
</style>

</head>
<body>
<div class="comment">
<table width="100%">

<tr>
<td>
  Name: TTP-Assist <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD13.2</a><br />
  Status: DRAFT <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20100913">p20100913</a><br />
  Editor: <a style="color: steelblue" href="//wiki.cacert.org/UlrichSchroeter">Ulrich Schroeter</a><br />
   Licence: <a style="color: steelblue" href="//wiki.cacert.org/Policy#Licence" title="this document is Copyright &copy; CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP.  More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br />
</td>
<td valign="top" align="right">
  <a href="//www.cacert.org/policy/PolicyOnPolicy.html"><img src="images/cacert-draft.png" alt="TTP-Assist Status - DRAFT" height="31" width="88" style="border-style: none;" /></a>

</td>
</tr>
</table>
</div>

  <h1> TTP-Assisted Assurance Policy </h1>

  <h2 id="s0"> 0. Preliminaries </h2>
  <p>
   This sub-policy extends the
   <a href="//www.cacert.org/policy/AssurancePolicy.html">
   Assurance Policy</a> ("AP" => COD13)
   by specifying how Assurers can be assisted by
   outsourcing the identity documents verification
   component of assurance to trusted third parties (TTPs).
   Other definitions and terms can be found in AP or in
   <a href="//wiki.cacert.org/AssuranceHandbook">Assurance Handbook</a>
   ("AH").
  </p>

  <h2 id="s1"> 1. Scope </h2>
  <p>
   This sub-policy is restricted to members located
   in areas not well-served with Assurers.
   It serves a goal of promoting both Assurers and Members in those areas.
  </p>

  <h2 id="s2"> 2. Roles </h2>

  <h3 id="s2.1"> 2.1 Trusted Third Party </h3>
  <p>
   A Trusted Third Party ("TTP") is a person who is traditionally respected
   for making reliable statements to others, especially over identification
   documents.  Typically, notaries public (anglo),
   Notaries (European), bank managers, accountants
   and lawyers.
  </p>

  <h3 id="s2.2"> 2.2 The Assurer (aka TTP-admin) </h3>
  <p>
   To employ a TTP in an assurance,
   the Assurer must be a <a href="//wiki.cacert.org/SeniorAssurer">Senior Assurer</a>.
   The Assurer must be familiar with the local
   language and customs.
  </p>

  <h3 id="s2.3"> 2.3 Member </h3>

  <p>
   A Member ("assuree") who is located in a place not well-served
   by Assurers may use the TTP-assisted assurance.
  </p>

  <h2 id="s3"> 3. The Assurance </h2>

  <p>
  Assurance assisted by TTP must meet these requirements:
  </p>
  <ol style="list-style-type: lower-alpha;"><li id="s3.a">
      The Assurer must positively confirm the identity and
      suitability of the TTP.
    </li><li id="s3.b">
      The TTP and the Member must meet face-to-face.
    </li><li id="s3.c">
      The TTP confirms the details supporting the Assurance Statement.
    </li><li id="s3.d">
      The Assurer makes a reliable statement to confirm the
      Assurance Statement.
    </li><li id="s3.e">
      Assurance must be marked as TTP-Assisted
      (e.g., by use of TTPAdmin flag).
  </li></ol>



  <h2 id="s4"> 4. Assurance Officer ("AO") </h2>
  <p>
   The Board routinely delegates its responsibilities to the
   Assurance Officer (and this section assumes that, but does
   not require it).
  </p>

  <p>
   A report is requested annually from the Assurance Officer
   on performance of this policy for the association's
   annual report.
  </p>
  <h3 id="s4.1"> 4.1 Practice </h3>
  <p>
   Assurance Officer should prepare a
     <a href="//wiki.cacert.org/TTP">detailed documentation</a>
   under
     <a href="//wiki.cacert.org/AssuranceHandbook">AH</a>
     that meets the needs of this policy, including:
  </p>
  <ul><li>
     Form for TTPs
    </li><li>
     Guide for TTPs.
    </li><li>
     Form for TTP-assisted assurance (used by Assurer)
    </li><li>
     Guide and protocol for Assurers.
    </li><li>
     Mechanisms for contacting Assurers available for
     TTP-assisted assurances.
    </li><li>
     Definition of
     <a href="//wiki.cacert.org/SeniorAssurer">
     Senior Assurer</a>.
  </li></ul>

  <h3 id="s4.2"> 4.2 Deserts </h3>
  <p>
    The Assurance Officer maintains a 
     <a href="//wiki.cacert.org/deserts">list of regions</a>
    that are designated as '<i>deserts,</i>' being areas that are so short
    of Assurers as to render face-to-face Assurance impractical.
    In each region, approved types of TTP are listed (e.g., Notary).
    The list is expected to vary according to the
    different juridical traditions of different regions.
    Changes to the regional lists are prepared by
    either an Organisation Assurer for that region
    (as described by OAP)
    or by two Assurers familiar with the traditions
    in that region.
    Changes are then submitted to the Board for approval.
  </p>
  <p>
    Use of a type of TTP not on the list must be approved by
    AO and notified to Board.
    It is an explicit goal to reduce the usage of
    TTP-assisted assurances in favour of face-to-face Assurance.
  </p>

  <p>
    In coordination with internal and external auditors,
    the Assurance Officer shall design and implement a
    suitable programme to meet the needs of audit.
    Where approved by auditors or Board, the Assurance
    Officer may document and implement minor variations to this policy.
  </p>

  <h2 id="s5"> 5. Topup Assurance </h2>

  <p>
    AO is to operate a <cite>Topup Assurance Programme</cite>
    to help seed deserts with Assurers.
    A topup assurance will add additional Assurance Points
    to those gained from two previously conducted TTP-assisted assurances,
    in order for a Member to reach 100 Assurance Points
    for the express purpose of becoming an Assurer.
  </p>

  <p>
    A topup assurance is conducted by a third Senior Assurer
    according to the following requirements:
  </p>

  <ol><li id="s5.1">
      Assurer Challenge must be completed as passed by Member.
    </li><li id="s5.2">
      The topup must be requested by Member for
      purpose of enabling the Member to reach Assurer level.
    </li><li id="s5.3">
      Topup Assurer must be a Senior Assurer,
      and must be independent of the TTP-assist Assurers.
    </li><li id="s5.4">
      The Topup Assurer reviews the two TTP-assisted assurances,
      and conducts other checks as set by the Assurance Officer.
      The normal face-to-face meeting is not conducted.
    </li><li id="s5.5">
      Topup Assurer may award up to 35 points.
    </li><li id="s5.6">
        Assurance must be marked as Topup
        (e.g., by use of new feature with TTPAdmin flag).
  </li></ol>

  <p>
    Each topup is to be reported to AO.
    Topup is only available in designated deserts.
  </p>

</body>
</html>