## page was renamed from PolicyDrafts/AssurancePolicy
= Assurance Policy Discussion Page =

[[http://www.cacert.org/policy/AssurancePolicy.php|Assurance Policy]] is now POLICY.  This current page is the discussion + suggested text only:

 * questions related to the policy are now in normal font
 * other comments in italics.

||text for policy is in boxes.||

See the [[http://www.cacert.org/policy/AssurancePolicy.php|Assurance Policy]] for formal text.

== Assurance Policy History ==
 * 2008-07-12 [[PolicyDecisions#p20080712.1_Assurance_Policy|p20080712.1]] Assurance Policy
  . Proposal for Assurance Policy to move from WIP to DRAFT status.
  . Votes: 9 Ayes, 1 Nay, 4 Abstentions.

 * 2009-01-05 [[PolicyDecisions#p20090105.2_Assurance_Policy_status:_POLICY|p20090105.2]] Assurance Policy status: POLICY
  . Proposal to accept Assurance Policy as POLICY has been voted on. Votes ended 24th of December 2008.
  . AYE: 5 - Nay: 0
  . (AP is now on main website.)

 * 2009-09-12 [[https://community.cacert.org/board/motions.php?motion=m20090912.1|m20090912.1]] - m20090912.1
  . Approved 2009-09-20 00:00:03 UTC m20090912.1
  . Assurance under Assurance Policy only
  . Resolved, that this committee, officers and all Assurers are charged to
  . ensure that all assurance follows Assurance Policy, made binding DRAFT
  . p20080712.1 and POLICY p20090105.2.
  . Further resolved, to cease all assurance activity outside Assurance
  . Policy.  Old programmes not as yet translated into the new Assurance Policy
  . regime of subsidiary policies include:
  . - super-assurance
  . - TVerify
  . - assurances by and of Juniors
  . - TTP
  . These are to cease immediately, and be only restarted when the appropriate
  . subsidiary policy under AP is passed into DRAFT by policy group.

  . This committee notes with concern that any assurance conducted outside AP
  . (after its passing into binding DRAFT) is subject to reversal and worse by
  . the Arbitrator.
  . Due: 2009-09-19 23:59:59 UTC
  . Proposed: Ian Grigg (2009-09-12 13:44:44 UTC)
  . Vote type: veto
  . Aye|Naye|Abstain: 5|0|0

 * 2009-09-14 [[https://community.cacert.org/board/motions.php?motion=m20090914.2|m20090914.2]] - Confirm Motion m20090912.1


== Related Changes ==
Changes that have to be made to current Assurance practices to meet new assurance requirements:

 * Add sentance to CAP form such as above the signature for both Assurer and Member:
   * "'''I agree to the terms & conditions of the CAcert Community Agreement [''' ''tick'' ''']'''" 
 * Expand the CAP form for a reciprocal assurance for a non-Assurer Member.
 * Shift privacy information to the privacy policy and refer to it if necessary.

== 6. Privacy ==

Suggested changes for Privacy section:

{{{
...The primary purpose for collecting Personal Information is to make claims within the certificates requested by Members, as described in detail in 1. Purpose, above....

The Member's personal information can be accessed under these circumstances:

    * From the Member's own certificates
    * Under Arbitrator ruling, in a duly filed dispute (Dispute Resolution Policy => COD7)
    * An Assurer in the process of an Assurance, as permitted by this policy and as requested by the Member.
    * CAcert support administration and CAcert systems administration when operating under the authority of Arbitrator or under CAcert policy.

The status of assurance is available to other Members.  Information requested by the Member in certificates is for privacy purposes to be considered as published by the Member.
}}}

Notes:
 * the Privacy Policy is somewhat needy of revision, and there are some things that aren't reflected there.  For this reason it is probably good to put the additional parts in the AP.
 * there appears to a big hole in the Privacy Policy: it does not talk about Assurance information at all.
 * Moved the obligation to Assurer's section: ''to maintain the personal information secure and private.''  Need to think about it a bit.
 * the statement on assurance level is added.  It could be public, or it could be Members only.  Currently it is "assurers only" but that breaches the principle of reciprocity as well as opens the door for identity theft;  the Member needs to be able to check the Assurer as well.

----
 . CategoryAudit
 . CategoryPolicy
 . CategoryAssurance