• Brain
• Study
• COrbitCA

• NOTA BENE - WORK IN PROGRESS - Your Inputs & Thoughts

• To Brain Study - To Brain Study - Overview Projects - To Technology Laboratory COrbitCA - To comma Workbench COrbitCA

COrbitCA - CAcert.org Account Holders CCA Completing Campaign - Brain Background

• COrbitCA, short for CAcert.org Account Holders CCA Completing Campaign - short: CCA-Rollout

• In order to get all CAcert.org Account Holders under CCA for Audit purpose, Technology will develop / patch necessary

• This list of changes is now at version 9. Much stuff is done, see bottom.

Project Flow

• Bullets Description

Preamble

• There are two major changes that we need to get out to the world: The RDL distributed and the CCA to our members.

• Audit-blocking summary:

  1.	RDL to replace NRP's old D a L everywhere
  2.	Certs request needs "I agree" text
  3.	old psuedo-contract text to go
  4.	Members to be notified of CCA

• The above are required by audit. (See AuditToDo for others.)

• Now read on for more explanation.

1. RDL

• Root Distribution License (replaced NRP's old D a L in July 2010)

• The Root Distribution License defines how the Roots can be distributed, that Non-Members are prevented to rely on Certificates. To rely on Certificates, users have to become a member.

• See RDL action page.

2. CAcert Community Agreement

• The second issue is our agreement, the CCA. This regime of community documents and policies was agreed fundamentally at the TOP in September 2007.

• It needs to be put into place everywhere. The CAcert Community Agreement has to be made part and parcel of all processes. CCA1.1 specifies where agreement has to be got from the user, and these changes need to be implemented:

•   1.1  Agreement
  
  You and CAcert both agree to the terms and conditions in this agreement. Your agreement is given by any of
  
      * your signature on a form to request assurance of identity ("CAP" form),
      * your request on the website to join the Community and create an account,
      * your request for Organisation Assurance,
      * '''your request for issuing of certificates''', or
      * if you USE, RELY, or OFFER any certificate issued to you. 

• For this we need words like:

•           I agree to the CAcert Community Agreement [ ]

• in various places, see below. I suggest you stick to those words above exactly because (a) they are simple words, easy to understand, and good enough to get the message across, and (b) translation issues means we have to be consistent with the text for a long period of time, else everyone ends up with English.

Main Website (Software Changes)

Totally Urgent and Important

• These two fixes are holding back AUDIT

• Change 2. Certificate creation page (e.g., client certs)

  • when certs are created there needs to be a "I agree" checkbox as above
  • the old psuedo-agreement text needs to be cleaned out of that page.

  • both server cert page (#10) and client cert (#3), the first 4 paras.

  • Something like this text could replace the four paragraphs.

•     Your use of a certificate is controlled by the CAcert Community Agreement, the CPS and other policies.  Please see /policy/

• Change 3. Old psuedo-contract text needs to be cleaned out from the website. This is a bit more difficult because it needs to be identified and replaced with something else. (E.g., see example in 2. above.) Let's look at this when the above 2 parts are done, or see the bugs filed on this issue.

Not Absolutely urgent but still quite important

• These are not audit issues, but important business issues. They remove unprofessionalisms and confusions, and replace with certainty and clarity:
• Policies
  • Privacy Policy
    • needs to be moved into the /policy/ framework

    • and away from http://www.cacert.org/index.php?id=10 ; drop that page

    • fix up the link at bottom of page to point to new /policy/
• Also, for all those buttons/pages, can you put on a PRINT button that prepares a HTML page that doesn't include the advertising and the menu items to the right?
  • The raw HTML policies should be in that directory as that is the agreed format in the Document Standard.
  • there should be some meta data on the /policy/ page.

• add a link under the About to Principles of the Community pointing to the svn page?

• Points System

  • Please DROP the Point System from the main page menu, as it is neither a Rule nor Policy page, and is out of date. (it is in the Miscellaneous ... should be on the wiki anyway, deferring to the Assurance Handbook.)
  • Alternatively change the title to "Types of Certificates"
  • Should ask Ted to review and rewrite that page?

• COAP form should be adjusted to include the new "I agree to CCA" and reference to Assurance Policy or OAP inserted. It needs to be clear that both the Organisation Assurer and the Organisation itself accept and understand the issue. Also, OAP4.3 puts the onus on the Assurer to really make sure this part is covered, and that also needs to be recorded on the COAP form.

• Also see the bugs system for another reading of the things that are needed (no time right now to cross-reference them).

CCA-patches Testing

• 2009-07-07 added CCA-patches to test1.cacert.at by dirk

• 2009-08-31 added CCA-patches tests reporting page

• 2009-11-20 patches removed by dirk. Details on CCA-patches tests reporting page

Filed bugs

• Bugs can also be searched: CCA

• bug #505 CCA agree mark

• bug #590 better text "join cacert" page

• bug #589 deprecated agreement text "new certs" page

• bug #715 mass-mail assurers

Closed:

• bug #673 wot.php text => AP, Arb

Additional Changes noted

• help page includes stuff that is better on the wiki. Probably the only thing that needs to be there is a pointer to help pages on the wiki, the mailing lists, the support email address, and a disclaimer.

• Why is [ bugs database] in the About list? If it requires a login to access, it is not a general info for the public.

• Move SSO help to wiki.

• About CAcert.org
  • Is this: About the CAcert Community ?
  • Or About the Community?

  • or just make it About to avoid complications...

  • Association needs a link to its own page, separated clearly from Community .. somewhere

Change 4. Notifications of Change

• All Members need to be notified of the CCA

• This is a standard business requirement.
  • If this is not done, then the CCA and the Members are in legal limbo where a user (not Member?!) has never seen it.
  • This weakens the power of the Arbitration to resolve issues, and increases the trauma and costs when problems occur.
• This can be done by sending out an email to all Members
  • Has this ever been tried? (No, but Assurers have been notified 20090522.)
  • An old working practice (one hesitates to say "policy") was that no email would ever be sent out without a user initiation. This has to be struck down; business needs drive policy, not spammers.
  • A text is needed.
  • A mailout may require a significant support effort!
• Potentially it could also be done by
  • initiating a check whenever some user turns up on the website,

  • and zeroing out the old users.

  • as the last step is unlikely to happen any time soon, this is probably not a serious fashion.
  • however, this last step should probably happen some time anyway.
• Software team prefers to put in place a patch that records the agreements of the CCA. Currently delayed.
• This step has implications with account terminations.
  • Likely this will result in may requests to terminate accounts.
  • This may need to be incorporated in the announcement.
  • Arbitration should be consulted about the work flow.
  • Software should be consulted about patches to make this easier.

• Also note this related but non-CCA issue: All Assurers need to be notified of the new AP. This in effect may have happened on 20090522.

Complete!

• 20101010 Root page got much-needed reference to RDL

• 20091201 (related) bug #673 closed, completed: wot.php page has new text referring to Arbitration and Assurance Policy.

• 20091120 mega-patch testing programme

  • S T O P P E D

• 20090831 added test reports for CCA patches page

• 20090707 new CCA-patches to test1 machine . Thanks dirk!

• old CAP form was adjusted to include "I agree" and "assurance to AP". Thanks Dirk!

• old Assurers were notified of the Challenge 20090522.

• Assurers without the Challenge were turned off.

• Assurance Policy moved to the main website

• within the About CAcert menu main page, changed the title of NRP's old D a L to fuller words.

• Join page
  • On Join page there must be a question to effect of:
  • "I agree to the CAcert Community Agreement [ ]"

• Policies: Policy on Policy added to /policy/ as http://www.cacert.org/policy/PolicyOnPolicy.php

• Main page: Intro text rewritten (the whole first 4/5 paras)
• fixed minor URL bug in CCA, now points to POLICY DRP.

• from Join menu, CCA linked with title Community Agreement

• link from main About menu points to /policy/ title named "Policies"
• Following policies now in /policy/ directory:
  • Non-related Persons - Disclaimer and Licence

    • with this URL: http://www.cacert.org/policy/NRPDisclaimerAndLicence.php

  • CAcert Community Agreement

    • http://www.cacert.org/policy/CAcertCommunityAgreement.php

  • Dispute Resolution Policy

    • http://www.cacert.org/policy/DisputeResolutionPolicy.php

  • Organisation Assurance Policy

    • http://www.cacert.org/policy/OrganisationAssurancePolicy.php

• (Contact info, postal address is now changed!)

Inputs & Thoughts

• YYYYMMDD-YourName

• Text / Your Statements, thoughts and e-mail snippets, Please

• YYYYMMDD-YourName

• Text / Your Statements, thoughts and e-mail snippets, Please

Category or Categories

CategoryAudit
CategoryPolicy
CategoryAssurance