## page was renamed from AuditWishList
== Audit Criteria Management Package ==

Currently there is [[http://svn.cacert.org/CAcert/Audit/DRC/|some PHP glue code]] that runs as a [[https://audit.cacert.org/drc/browser.php|browser of criteria]].  Blech.

We could do better with a package.  Meanwhile here are some requirements.

 * Search.
 * ability to add
  * auditor comments
  * auditor verification statements, per criteria
  * community comments
    * including responsibility marks
  * community member verification statements, per criteria
    * including client-signed attestation
 * view templates
  * add and drop comments, statements, etc
 * relationship columns from drc to webtrust, etc
 * horizontal reports
  * "blocked by" top 10.
 * ability to extract URLs for saving and sharing

== Criteria ==

Although the DRC advance the state of the art dramatically, there are some potential flaws.

 * no criteria on
   * architecture,
   * security model, threat model?
   * business model?
 * no criteria on competence
   * cryptography, x.509, certs, PKI, OpenPGP, etc
   * software, implementation
   * law, contracts, liability, insurance, risks
   * general business
   * policy and management
 * disputes
   * need a criteria that discusses jurisdiction and relying parties + subscribers
     * should specify that an RPA is needed
   * need a criteria on the process for filing a dispute
     * could be a postal delivery of mail
     * or physical service
     * or net service
   * hmmm, A.3.b probably covers this.

Any of these things could be a bug or a bonus.

== CrowdIt ==
 * [2010-10-06] Current modified DRP browser is named [[https://dev.fiddle.it/app/crowdit/search|CrowdIt]]

----
CategoryAudit