Arbitration / Training

The Training Course for Case Managers and Arbitrators

Training Home / back

Lesson 20 - Arbitration Case - Delete Account Request

Normal delete account requests are generally treated by Support. The only regular exception are cases where an assurer already has agreed to hand over the CAP forms when leaving CAcert.

This is, because the Assurance Policy only allowes CAP forms to be seen by the assurer, the assuree, or an Arbitrator or a person authorised by Arbitration. Such an authorisation cannot be given in general without checking each case and knowing which person this would be.

There may be other reasons why a case is handed over to Arbitraiton by Support. For example when there the member who wants to leave has additional roles that have to be treated (revoke of access rights), or is involved in an arbitration case.

Basic Checklist for Arbitrators

When an unusual delete account case

On Delete my Account request, the following points may be relevant:

In Detail

References

Relevant cases

There is a long history of how delete accounts were handled. Even as most of them are not active anymore, they may contain helpful information. The most relevant ones for Arbitration are:

Policies

The following policies are relevant in the context of delte account caeses:

Actions for a Support Engineer

The required actions of the process defined in current process

  1. The support case has to be marked as a delete-account request.
  2. The Support-Engineer checks the users account for
    • certificates that are valid
    • certificates that are not expired/revoked for 3 months
    • assurances given within last 7 years
    • assurances given over 7 years ago
  3. The Support-Engineer writes a mail to the user to explain the process and to make sure that the request to get the account delete request is genuine. The mail should contain the following elements (based on the results of Step 2) in a sensible order:
    • [ see below ]
  4. Wait until either the user confirms the deletion request or the deadline expires
  5. If the user was an assurer and did not confirm the point about the CAP forms
    • step 3 and 4 should be repeated 2 more times by the Support-Engineer
    • not all points from step 3 have to be repeated explicitely in the new mails, if it can be assumed that the member is informed about them [for example by a quote]
    • in the last repetition the request for confirmation should be re-worded so that getting no answer can be interpreted as a confirmation
  6. If the user is an assurer and has decided to hand over the CAP forms, the case has to be moved to Arbitration - the automatic Support activity ends in this case
  7. The Support-Engineer revokes any valid certificates
  8. If the user has agreed or requested to an account block the Support-Engineer should block the account
  9. Wait until all certificates are revoked or expired for at least 3 month
  10. Document the deletion of the account as described below as "Documentation"
  11. Close the account as described below at "Account closure"
  12. immediately inform the user about the successful account closure, stating the date of the closure of the account as the CCA termination date for the user.

General:

If a sensible way would be found so that it could be easily checked if the user who requests termination of the account is involved in an arbitration case, so that the membership should not be ended before the case is finished according, this should be checked as step 0. In the case that the Support-Engineer knows that the user is involed in such an Arbitration case the Arbitrator or (i)CM of that case should be addressed before the process of closing the account is continued, if no Arbitrator or CM could be identified or responds, the DRO should be addressed instead. The user should be informed about this. One possible way to proceed would be to allow the closure of the account without terminating the membership. Currently there is no way for Support-Engineer to know for sure that a user is not involved in an arbitration case, so this check cannot be done in a clearly defined manner.

Contents of the Mail

Documentation

Document the delete account issue by adding it to the table at the end of the Audit Section linked into the precedent case a20111128.3 with:

If an account is to be killed ...

Previous working versions (depreciated)

Hijacking accounts

Sometimes, in very special cases - not in the regular process - it is necessary to hijack an account.

Hijacking accounts is a workaround to get informations in special cases. It indeed is a dirty workaround, so the support engineer needs explicit authorisation to do so by an Arbitrator, and an Arbitrator should only give this authorisation if the account is due to deletion or deactivation anyway.

See https://wiki.cacert.org/Support/SE/Manual#About_Deleting_and_Deactivating_Accounts on how to hijack an account.

Calculating of CCA termination date


next


Arbitrations/Training/Lesson20new (last edited 2015-04-14 19:54:36 by EvaStöwe)