The PoJAM is our Policy on Junior Assurers / Members. It describes how CAcert deals with potential members who are legally minors. This page is the top-level index into all places that have relevence to it, and also the introduction to Parents.
Membership in CAcert is about being part of a world-wide web-of-trust. This is a network of people who can rely on each other for agreed things. Specifically, our web-of-trust is intended to help us issue meaningful certificates. These are digital/cryptographic things which can provide reliable indications of membership and identity. As such they can be used for secure email communications and website login. To get certificates issued by CAcert, you must be a member.
It is our judgement that this process is as good for Juniors as it is for Adults, so we have investigated and documented the ways in which Juniors can participate.
What does this mean for the Parent?
Becoming a CAcert Member includes accepting the CAcert Community Agreement (CCA), which is a legally binding agreement.
In most places in the world, a Parent has to confirm an agreement of the Junior before it becomes legally binding. The details vary widely between countries, and it is up to each Assurer to know the local customs of age and requirements.
The relevant documents
PoJAM is a policy located at PoJAM.
- it is hopefully readable enough to be read by all.
it is in DRAFT status which means some changes can be expected, but it is binding on our members.
PoJAM is a subsidiary policy under our Assurance Policy
Detailed practices for the Assurance are found in the Handbook.
- All of this is bound together by two community documents:
Frequently Asked Questions
What are these certificate things? I'm confused! Read all about Certificates (page needs to be written...)
Does this involve money? Not really, or rarely. Most of the community services are free, and are provided by volunteers working on there own-time and own-costs. Here are some exceptions: An Assurer is permitted to charge for an Assurance, but this must be stated up-front, and generally is only for travel expenses, etc. Fees are sometimes levied for difficult things such as lost passwords. Donations are asked for, but there is no requirement. If you see any request for money, please ask for the specific policy or documentation or proposal to back it up.
What is the member required to do? Not a lot. Assurances are at the Assurer's choice, using certificates is at the Member's choice. There are some obligations in CCA, these are both rules for the Community and good practices for your Internet security.
What is the Member asked to do? First, we ask each Member to get Assured. This involves finding Assurers who check the identity documents of the Member, and verify membership in face to face meetings. Then, we also encourage Members to become Assurers, which requires more Assurances, and also the passing of the Assurer Challenge. After becoming an Assurer, more opportunities open up in volunteer roles.
How much time does all this take? An assurance might take only 10 minutes, but there is no set schedule. Some just want to use certificates, others strive for Assurer status. Some people become Assurer in a day, others take years. Some people do 1000 assurances, others do practically none, but help to administer our machines or write our policies. Each Member finds his or her own pace and place.
What other organisations are you like? Good Question. If we take away the Internet part, we are like any professional society that involves communicating, learning and helping each other, around a common goal. Generally, our goals include promoting Internet security and privacy, specifically, we work to build a Certification Authority, or CA, so we can issue certificates for Internet use, and we issue certificates over OpenPGP keys. We run some courses, tests and qualifications where these help us. By far the biggest part of us is the worldwide web-of-trust made up of our Assurers checking identity and membership over our Members.
What trouble can a Junior Member get into? This falls into two parts: specific to CAcert, and general to the world.
Specific to CAcert, a Member can make a reliable statement that can be later found to be wrong. For example, the identity on the CAP form is often found to be missing a middle name, or in the wrong order. For this, we have a strongly defined procedure (dispute resolution) for getting these things fixed up. The concept of reliable statements, called CARS for CAcert Assurer Reliable Statement is part of our Assurance process, and is also used elsewhere in our Community.
Generally, a Member can get into all the normal means of trouble, but that is normal outside CAcert as well as inside. Because we promote reliable methods and interactions, we would hope that trouble would be less than other places or organisations. Where trouble turns up that can be tied to CAcert directly, we will call on an Arbitrator to deal with it.
What's this Arbitration thing? It sounds scary! Not really, it is far less scary than other methods. The first thing to remember is that because certificates require reliability we have to resolve any disputes, and do so in a legal fashion. Secondly, we expect a lot of our disputes to be across borders; between a member in your country and a member in another country. Then, we would have a real problem deciding which rules and courts to resolve it with. Or, each member would have a real problem.
In order to make things simple, cost-effective, and safe for all our Members, we have one system for all disputes: Arbitration is our one forum for all. This system is staffed by our volunteer Arbitrators who are chosen from our most experienced and senior of our Assurers. It is created by our formal Dispute Resolution Policy, and respected by all the community. Arbitration asks the local courts to refer all relevant disputes to it, so this provides an additional protection for the Member.
PoJam Section 5 ''Arbitration'' has some guidance to help all of us to resolve any disputes involving Juniors.
Where can I ask more questions
The best place is face 2 face in an Assurance.
Assurers are expected to know the basics, but PoJAM is quite new, so also consider asking questions through our many support methods at GettingSupport.