Legacy Policy (WIP)

How to deal with Assurance Points and Experience Points from Old (Special) Assurance Programs and Assurance Programs under Deployment

1. Intro

2. Old Assurance Programs

2.1 Thawte Transferred Points (Tverify)

2.2 Trusted Third Parties Points (old program)

2.3 Super-Assurances

2.4 PoJAM before/between/after deployment period

2.4.1. PoJAM in effect, Checkboxes added to Software

2.4.2. PoJAM in effect, Checkboxes not implemented to production

2.4.3. PoJAM WIP period, AP in effect, Checkboxes not implemented to production

2.4.4. PoJAM cases before AP in effect (Checkboxes not implemented to production)

3. Weak Notary Database Records

3.1 Unknown

3.2 <empty>

3.3 Method: Face-2-Face and Location field note(s): TTP, TPP

4. General Points fade out

  1. Assurance Points fade out
    • Ongoing discussions about a general Assurance Points fade out requires a definition by Policy Group
    • i.e. by latest Baseline_Requirements_V1_1 (effective 14 September, 2012) specifications:

      1. 11.3 Age of Certificate Data
        • "that the CA obtained the data or document from a source specified under Section 11 no more than thirty-nine (39) months prior to issuing the Certificate"
      2. 11.6 Data Source Accuracy
    • By following Baseline Requirements Assurance Points have to fade out after 39 months, this effects the Community by giving assurances every 39 months to every assuree. This is a burden to CAcert deserts, were we just started with the new TTP-assisted-assurance program (under deployment). Assuming, that there exist no assurer nearby, the assuree requires a re-assurance by the same assureres as 39 months before (clashes with current AP definition! assurance can be only made once ... With the new points counting schema, this restriction can be lowered, by a new definition, that re-assurance from one assurer over one assuree replaces previous assurance
  2. Experience Points fade out
    • While active in Assurance area, every assurer has the experience required, to do assurances under current set of policy framework. After a sabbatical, assurer requires some update, what have changed in the meanwhile. So it can be assumed, that the assurers experience decreased. To take into account about experience in the assurance area, the count of experience points requires a dynamic update. Eg. vacating assurances for longer then 2 years, requires doing some new assurances, to gain experience again or to recover the experience state as before vacation.
    • Possible measurements are:
      1. time of assurances given
        • Assurances given by the time AP was not in effect, has to count less, as all the requirements by AP aren't in effect (eg check CCA agreement)
        • given assurances in 2009 as AP has been rolled out varies in strength. In the meantime, several changes in Assurance area requires more knowledge by the assurers, a refreshment by training (new CATS test, attending an ATE) makes an experience update prudent
      2. total count of experience points received
        • decreasing 10 EP per year, requires at least 5 new assurances per year to be uptodate with total count of assurances. In CAcert desert areas, this probably can become difficult, as one assurer can only assure the 5 existing assurees again (this may be an option, if AP fade out is also decided)
        • Current AP definition allows only one assurance over one assuree (to meet the requirements, that at least 3 different assurers are required to reach the 100 Assurance Points level).
        • We still have cases, where its practicle, to have a re-assurance over one assuree by an assurer, who assured the member before. That is the Password reset w/ assurance case. Its better to do a re-assurance that a member can recover his account then any other processes. The limitation, you can only assure someone once, needs to be changed to: your assurance over one assuree only counts once - so the newer assurance overwrites older assurances in counting (the assurance records are still in the database, but skipped in counting, similar to the Thawte points removal, the records are still kept in the database, but the points are no longer counted).

PolicyDiscussions/LegacyPolicy (last edited 2015-05-06 18:49:51 by EvaStöwe)