View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001146 | Main CAcert Website | website content | public | 2013-02-11 14:46 | 2015-09-01 19:34 |
Reporter | Uli60 | Assigned To | NEOatNHNG | ||
Priority | normal | Severity | major | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Fixed in Version | 2015 Q1 | ||||
Summary | 0001146: push the clean DRAFT TTP-assisted-assurance Sub policy onto the main website | ||||
Description | https://svn.cacert.org/CAcert/Policies/TTPAssistedAssurancePolicy.html including fix all links to .html instead of .php documents | ||||
Additional Information | links in TTP-assisted-assurance policy that needs to be fixed before transfer 1. PolicyOnPolicy.php 2. AssurancePolicy.php | ||||
Tags | No tags attached. | ||||
Attached Files | TTPAssistedAssurancePolicy.html (7,150 bytes)
<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> CAcert -- TTP-Assisted Assurance Policy </title> <style type="text/css"> <!-- .comment { color : steelblue; } --> </style> </head> <body> <div class="comment"> <table width="100%"> <tr> <td> Name: TTP-Assist <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD13.2</a><br /> Status: DRAFT <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20100913">p20100913</a><br /> Editor: <a style="color: steelblue" href="//wiki.cacert.org/UlrichSchroeter">Ulrich Schroeter</a><br /> Licence: <a style="color: steelblue" href="//wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br /> </td> <td valign="top" align="right"> <a href="//www.cacert.org/policy/PolicyOnPolicy.php"><img src="images/cacert-draft.png" alt="TTP-Assist Status - DRAFT" height="31" width="88" style="border-style: none;" /></a> </td> </tr> </table> </div> <h1> TTP-Assisted Assurance Policy </h1> <h2 id="s0"> 0. Preliminaries </h2> <p> This sub-policy extends the <a href="//www.cacert.org/policy/AssurancePolicy.php"> Assurance Policy</a> ("AP" => COD13) by specifying how Assurers can be assisted by outsourcing the identity documents verification component of assurance to trusted third parties (TTPs). Other definitions and terms can be found in AP or in <a href="//wiki.cacert.org/AssuranceHandbook">Assurance Handbook</a> ("AH"). </p> <h2 id="s1"> 1. Scope </h2> <p> This sub-policy is restricted to members located in areas not well-served with Assurers. It serves a goal of promoting both Assurers and Members in those areas. </p> <h2 id="s2"> 2. Roles </h2> <h3 id="s2.1"> 2.1 Trusted Third Party </h3> <p> A Trusted Third Party ("TTP") is a person who is traditionally respected for making reliable statements to others, especially over identification documents. Typically, notaries public (anglo), Notaries (European), bank managers, accountants and lawyers. </p> <h3 id="s2.2"> 2.2 The Assurer (aka TTP-admin) </h3> <p> To employ a TTP in an assurance, the Assurer must be a <a href="//wiki.cacert.org/SeniorAssurer">Senior Assurer</a>. The Assurer must be familiar with the local language and customs. </p> <h3 id="s2.3"> 2.3 Member </h3> <p> A Member ("assuree") who is located in a place not well-served by Assurers may use the TTP-assisted assurance. </p> <h2 id="s3"> 3. The Assurance </h2> <p> Assurance assisted by TTP must meet these requirements: </p> <ol style="list-style-type: lower-alpha;"><li id="s3.a"> The Assurer must positively confirm the identity and suitability of the TTP. </li><li id="s3.b"> The TTP and the Member must meet face-to-face. </li><li id="s3.c"> The TTP confirms the details supporting the Assurance Statement. </li><li id="s3.d"> The Assurer makes a reliable statement to confirm the Assurance Statement. </li><li id="s3.e"> Assurance must be marked as TTP-Assisted (e.g., by use of TTPAdmin flag). </li></ol> <h2 id="s4"> 4. Assurance Officer ("AO") </h2> <p> The Board routinely delegates its responsibilities to the Assurance Officer (and this section assumes that, but does not require it). </p> <p> A report is requested annually from the Assurance Officer on performance of this policy for the association's annual report. </p> <h3 id="s4.1"> 4.1 Practice </h3> <p> Assurance Officer should prepare a <a href="//wiki.cacert.org/TTP">detailed documentation</a> under <a href="//wiki.cacert.org/AssuranceHandbook">AH</a> that meets the needs of this policy, including: </p> <ul><li> Form for TTPs </li><li> Guide for TTPs. </li><li> Form for TTP-assisted assurance (used by Assurer) </li><li> Guide and protocol for Assurers. </li><li> Mechanisms for contacting Assurers available for TTP-assisted assurances. </li><li> Definition of <a href="//wiki.cacert.org/SeniorAssurer"> Senior Assurer</a>. </li></ul> <h3 id="s4.2"> 4.2 Deserts </h3> <p> The Assurance Officer maintains a <a href="//wiki.cacert.org/deserts">list of regions</a> that are designated as '<i>deserts,</i>' being areas that are so short of Assurers as to render face-to-face Assurance impractical. In each region, approved types of TTP are listed (e.g., Notary). The list is expected to vary according to the different juridical traditions of different regions. Changes to the regional lists are prepared by either an Organisation Assurer for that region (as described by OAP) or by two Assurers familiar with the traditions in that region. Changes are then submitted to the Board for approval. </p> <p> Use of a type of TTP not on the list must be approved by AO and notified to Board. It is an explicit goal to reduce the usage of TTP-assisted assurances in favour of face-to-face Assurance. </p> <p> In coordination with internal and external auditors, the Assurance Officer shall design and implement a suitable programme to meet the needs of audit. Where approved by auditors or Board, the Assurance Officer may document and implement minor variations to this policy. </p> <h2 id="s5"> 5. Topup Assurance </h2> <p> AO is to operate a <cite>Topup Assurance Programme</cite> to help seed deserts with Assurers. A topup assurance will add additional Assurance Points to those gained from two previously conducted TTP-assisted assurances, in order for a Member to reach 100 Assurance Points for the express purpose of becoming an Assurer. </p> <p> A topup assurance is conducted by a third Senior Assurer according to the following requirements: </p> <ol><li id="s5.1"> Assurer Challenge must be completed as passed by Member. </li><li id="s5.2"> The topup must be requested by Member for purpose of enabling the Member to reach Assurer level. </li><li id="s5.3"> Topup Assurer must be a Senior Assurer, and must be independent of the TTP-assist Assurers. </li><li id="s5.4"> The Topup Assurer reviews the two TTP-assisted assurances, and conducts other checks as set by the Assurance Officer. The normal face-to-face meeting is not conducted. </li><li id="s5.5"> Topup Assurer may award up to 35 points. </li><li id="s5.6"> Assurance must be marked as Topup (e.g., by use of new feature with TTPAdmin flag). </li></ol> <p> Each topup is to be reported to AO. Topup is only available in designated deserts. </p> </body> </html> TTPAssistedAssurancePolicy-20130211.html (7,152 bytes)
<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> CAcert -- TTP-Assisted Assurance Policy </title> <style type="text/css"> <!-- .comment { color : steelblue; } --> </style> </head> <body> <div class="comment"> <table width="100%"> <tr> <td> Name: TTP-Assist <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD13.2</a><br /> Status: DRAFT <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20100913">p20100913</a><br /> Editor: <a style="color: steelblue" href="//wiki.cacert.org/UlrichSchroeter">Ulrich Schroeter</a><br /> Licence: <a style="color: steelblue" href="//wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br /> </td> <td valign="top" align="right"> <a href="//www.cacert.org/policy/PolicyOnPolicy.html"><img src="images/cacert-draft.png" alt="TTP-Assist Status - DRAFT" height="31" width="88" style="border-style: none;" /></a> </td> </tr> </table> </div> <h1> TTP-Assisted Assurance Policy </h1> <h2 id="s0"> 0. Preliminaries </h2> <p> This sub-policy extends the <a href="//www.cacert.org/policy/AssurancePolicy.html"> Assurance Policy</a> ("AP" => COD13) by specifying how Assurers can be assisted by outsourcing the identity documents verification component of assurance to trusted third parties (TTPs). Other definitions and terms can be found in AP or in <a href="//wiki.cacert.org/AssuranceHandbook">Assurance Handbook</a> ("AH"). </p> <h2 id="s1"> 1. Scope </h2> <p> This sub-policy is restricted to members located in areas not well-served with Assurers. It serves a goal of promoting both Assurers and Members in those areas. </p> <h2 id="s2"> 2. Roles </h2> <h3 id="s2.1"> 2.1 Trusted Third Party </h3> <p> A Trusted Third Party ("TTP") is a person who is traditionally respected for making reliable statements to others, especially over identification documents. Typically, notaries public (anglo), Notaries (European), bank managers, accountants and lawyers. </p> <h3 id="s2.2"> 2.2 The Assurer (aka TTP-admin) </h3> <p> To employ a TTP in an assurance, the Assurer must be a <a href="//wiki.cacert.org/SeniorAssurer">Senior Assurer</a>. The Assurer must be familiar with the local language and customs. </p> <h3 id="s2.3"> 2.3 Member </h3> <p> A Member ("assuree") who is located in a place not well-served by Assurers may use the TTP-assisted assurance. </p> <h2 id="s3"> 3. The Assurance </h2> <p> Assurance assisted by TTP must meet these requirements: </p> <ol style="list-style-type: lower-alpha;"><li id="s3.a"> The Assurer must positively confirm the identity and suitability of the TTP. </li><li id="s3.b"> The TTP and the Member must meet face-to-face. </li><li id="s3.c"> The TTP confirms the details supporting the Assurance Statement. </li><li id="s3.d"> The Assurer makes a reliable statement to confirm the Assurance Statement. </li><li id="s3.e"> Assurance must be marked as TTP-Assisted (e.g., by use of TTPAdmin flag). </li></ol> <h2 id="s4"> 4. Assurance Officer ("AO") </h2> <p> The Board routinely delegates its responsibilities to the Assurance Officer (and this section assumes that, but does not require it). </p> <p> A report is requested annually from the Assurance Officer on performance of this policy for the association's annual report. </p> <h3 id="s4.1"> 4.1 Practice </h3> <p> Assurance Officer should prepare a <a href="//wiki.cacert.org/TTP">detailed documentation</a> under <a href="//wiki.cacert.org/AssuranceHandbook">AH</a> that meets the needs of this policy, including: </p> <ul><li> Form for TTPs </li><li> Guide for TTPs. </li><li> Form for TTP-assisted assurance (used by Assurer) </li><li> Guide and protocol for Assurers. </li><li> Mechanisms for contacting Assurers available for TTP-assisted assurances. </li><li> Definition of <a href="//wiki.cacert.org/SeniorAssurer"> Senior Assurer</a>. </li></ul> <h3 id="s4.2"> 4.2 Deserts </h3> <p> The Assurance Officer maintains a <a href="//wiki.cacert.org/deserts">list of regions</a> that are designated as '<i>deserts,</i>' being areas that are so short of Assurers as to render face-to-face Assurance impractical. In each region, approved types of TTP are listed (e.g., Notary). The list is expected to vary according to the different juridical traditions of different regions. Changes to the regional lists are prepared by either an Organisation Assurer for that region (as described by OAP) or by two Assurers familiar with the traditions in that region. Changes are then submitted to the Board for approval. </p> <p> Use of a type of TTP not on the list must be approved by AO and notified to Board. It is an explicit goal to reduce the usage of TTP-assisted assurances in favour of face-to-face Assurance. </p> <p> In coordination with internal and external auditors, the Assurance Officer shall design and implement a suitable programme to meet the needs of audit. Where approved by auditors or Board, the Assurance Officer may document and implement minor variations to this policy. </p> <h2 id="s5"> 5. Topup Assurance </h2> <p> AO is to operate a <cite>Topup Assurance Programme</cite> to help seed deserts with Assurers. A topup assurance will add additional Assurance Points to those gained from two previously conducted TTP-assisted assurances, in order for a Member to reach 100 Assurance Points for the express purpose of becoming an Assurer. </p> <p> A topup assurance is conducted by a third Senior Assurer according to the following requirements: </p> <ol><li id="s5.1"> Assurer Challenge must be completed as passed by Member. </li><li id="s5.2"> The topup must be requested by Member for purpose of enabling the Member to reach Assurer level. </li><li id="s5.3"> Topup Assurer must be a Senior Assurer, and must be independent of the TTP-assist Assurers. </li><li id="s5.4"> The Topup Assurer reviews the two TTP-assisted assurances, and conducts other checks as set by the Assurance Officer. The normal face-to-face meeting is not conducted. </li><li id="s5.5"> Topup Assurer may award up to 35 points. </li><li id="s5.6"> Assurance must be marked as Topup (e.g., by use of new feature with TTPAdmin flag). </li></ol> <p> Each topup is to be reported to AO. Topup is only available in designated deserts. </p> </body> </html> | ||||
Reviewed by | |||||
Test Instructions | |||||
related to | 0001131 | closed | NEOatNHNG | Rename _all_ Policies from .php to .html and fix all links (was: Rename PolicyOnPolicy.php to .html) |
related to | 0000941 | needs work | Uli60 | Policy Repository Migration |
related to | 0001147 | closed | NEOatNHNG | push the clean POLICY PoJAM Sub policy onto the main website |
related to | 0001319 | closed | BenBE | Replace policies (CPS, CCA, DRP) with clean and consolidated versions (i.e. without historical comments, etc.) |
|
attachment TTPAssistedAssurancePolicy-20130211.html includes fixed links according to bug 0001131 |
|
by default DRAFT policies resides in the SVN may go to the policy directory newTTP policy has started early 2013 in practice so in the meantime we've received some experience, that no big bug is in the content of the policy that requires a quick fix. So nothing prevents to transfer the TTP-assisted-assurance subpol to the central policy directory AO |
|
The TTP-Assist has reached POLICY status with the policy decision p20140731. The document of this bug is deprecated by this policy decision (as it is the DRAFT version) so it should not be moved to the production server, like this. |
|
There was a new version of the TTP-AssistedAssurancePolicy introduced in the context of bug 0001131. As this sub-policy now is POLICY and currently no DRAFT version can be placed on the website, I suggest to close this bug. |
|
fixed in 1131 |
Date Modified | Username | Field | Change |
---|---|---|---|
2013-02-11 14:46 | Uli60 | New Issue | |
2013-02-11 14:47 | Uli60 | Relationship added | related to 0001131 |
2013-02-11 14:55 | Uli60 | Additional Information Updated | |
2013-02-11 14:56 | Uli60 | File Added: TTPAssistedAssurancePolicy.html | |
2013-02-11 15:00 | Uli60 | File Added: TTPAssistedAssurancePolicy-20130211.html | |
2013-02-11 15:02 | Uli60 | Note Added: 0003744 | |
2013-02-11 15:02 | Uli60 | Assigned To | => Uli60 |
2013-02-11 15:02 | Uli60 | Status | new => fix available |
2013-02-11 21:54 | Uli60 | Relationship added | related to 0001147 |
2013-02-11 21:59 | Uli60 | Assigned To | Uli60 => BenBE |
2013-09-10 21:03 | Uli60 | Note Added: 0004303 | |
2013-09-17 20:58 | BenBE | Relationship added | related to 0000941 |
2013-10-29 22:39 | BenBE | Assigned To | BenBE => NEOatNHNG |
2014-08-17 14:51 | Eva | Note Added: 0004957 | |
2014-09-24 05:39 | Eva | Note Added: 0005028 | |
2014-10-31 06:15 | INOPIAE | Relationship added | related to 0001319 |
2015-02-16 09:33 | Uli60 | Note Added: 0005323 | |
2015-02-16 09:33 | Uli60 | Status | fix available => solved? |
2015-02-16 09:33 | Uli60 | Resolution | open => fixed |
2015-09-01 19:34 | INOPIAE | Status | solved? => closed |
2015-09-01 19:34 | INOPIAE | Fixed in Version | => 2015 Q1 |