Note concernant votre accord de souscription au service «Trusted Certificate Service» (TCS)
|
|
|
- Philomena Robbins
- 8 years ago
- Views:
Transcription
1 Note concernant votre accord de souscription au service «Trusted Certificate Service» (TCS) Veuillez vérifier les éléments suivants avant de nous soumettre votre accord : 1. Vous avez bien lu et paraphé le «TCS Model Subscriber Agreement» à chaque page. 2. Le signataire est bien le responsable légal de l établissement (Président, Directeur, ) ou à défaut il dispose d une délégation de signature. Dans ce dernier cas, la signature doit être précédée de la mention de cette délégation. 3. Le nom du responsable légal est bien complété sur les différentes pages. 4. Les courriels des contacts administratifs désignés sont sans faute de frappe. Après vérification, nous vous prions d envoyer les formulaires dûment remplis et signés ensemble avec le document TCS Model Subscriber Agreement paraphé à l adresse suivante: Fondation RESTENA 2, avenue de l Université L-4365 Esch-sur-Alzette Téléphone : Fax :
2 Souscription au service «Trusted Certificate Service» (TCS) Établissement: Adresse: Code Postal: Ville : Téléphone: Fax : Nom du représentant légal: L établissement doit obligatoirement informer la Fondation RESTENA par courriel (admin@restena.lu) de tout changement concernant les coordonnées de l établissement et s engage à renvoyer par courrier, le feuillet Désignation des contacts administratifs. La désignation des contacts administratifs initiaux (voir page suivante) entre en vigueur à la date de signature de cet accord de souscription. Fait à le Nom du signataire (titre du signataire) Signature manuscrite du représentant et cachet Page 1 of 2
3 Désignation des contacts administratifs Établissement: désigne le(s) contact(s) administratifs(s) suivants(s) : Contacts autorisés à gérer les demandes de certificats TCS (serveurs, personnels et de signature de code) auprès de la Fondation RESTENA, localisée: Fondation RESTENA, 2 avenue de l Université du Luxembourg, L-4365 Esch-sur-Alzette, Luxembourg. Ces contacts administratifs autorisés peuvent, au nom du soussigné, demander, valider, faire tout ce qui est requis et nécessaire pour obtenir ou révoquer un certificat électronique TCS au nom de son établissement. Ils peuvent notamment gérer l ensemble des contacts administratifs de l établissement ainsi que des utilisateurs autorisés à demander des certificats pour leur établissement. Contact administratif 1 Nom: choix du rôle: Prénom: «Certificate Administrator» «SAML Administrator» Téléphone : Contact administratif 2 Nom: choix du rôle : Prénom: «Certificate Administrator» «SAML Administrator» Téléphone: Fait à le Nom du signataire (titre du signataire) Signature manuscrite du représentant et cachet Page 2 of 2
4 TCSModelSubscriberAgreement v3.0%rev%03 Page1/4 TCSModelSubscriberAgreement Version%3%rev%03% % % TCSModelSubscriberAgreement...1 Preamble...1 ModelSubscriberAgreement...2 Preamble TheTrustedCertificateService(TCS),whichismanagedbytheGÉANTAssociation samsterdam office(formerlyterena)forthecommunityoftheassociation smembers,providespubliclytrusted andcommunityospecificpublickeyinfrastructurecredentialstosubscribers.itsoperationsand practicesaregovernedbythecontractbetweenthegéantassociationandthecaoperator (DigiCert,Inc.ofLehi,Utah,USA),bytheTCSCertificationPracticeStatement(TCSCPS),andits ancillarydocuments.inparticular,thecontractbetweenthegéantassociationanddigicert stipulatesanumberofrequiredcontractualtermsthatmustbeincludedintheagreementbetween GÉANTanditsMembers,andtheagreementbetweenMembersandSubscribers. AMemberisaNationalResearchandEducationNetworkingorganization(NREN)thathasentered intoanagreementwithgéantassociationtoprovidetcsserverandcodesigningcaservicestoits Subscribers. SubscribersareResearchand/orEducationalorganizationand/ornonOcommercialmembersofan NRENrequestingaCertificatethroughanAccountattheCAOperator. ApplicantsareindividualsfromtheconstituencyofaSubscriberthatOthroughapplyingviathat SubscriberOareallowedtoapplyforaCertificateonbehalfoftheSubscriber. SomeMemberorganisationsmayalreadyhavemoregeneralcontractsinplacewitheachoftheir connectedinstitutionsandmaywanttoaddthestipulationsofthesubscriberagreementtothat contract.othernationalgeantassociationmemberorganisationsmaywishtohaveseparate SubscriberAgreementswiththeirSubscribers.Itistobeexpectedthatinmostcasesthesecontracts willbeinthelocallanguage.asregardsthesubscriberagreements,therewillthereforebealotof TheGÉANTAssociationisregisteredwiththeChamberofCommerceinAmsterdam:registrationnumber
5 TCS Model Subscriber Agreement Page 2/4 varietybetweencountries.nevertheless,thefollowingissuesshouldinanycasebeincorporatedin thecontractsthatserveassubscriberagreements: SUBJECT/REFERENCE thatthesubscriberwillabidebytherequiredcontractualterms thatthesubscriberwillabidebythetcscertificatepracticestatement(tcscps); thatthesubscriberwillfollowtheapplicablecertificatepracticestatementinissuingand usingthecertificates; thatthesubscriberwillrevieweachcertificatepriortouse; thatthesubscriberwillobeytheapplicablelawwithrespecttoeachcertificate; thatthesubscriberwillensuretheaccuracyofallinformationprovided; thatthesubscriberwillmaintainitsprivatekeysasconfidentialinformation; thatthesubscriberwillceaseusingthecertificateifitisrevoked; thatthesubscribergivesthegéantassociationandtherelevantmembertherightto revokeacertificateonthebasisofthestipulationsinthetcscertificatepracticestatement. ThefollowingformulationscanbeusedbyMemberswhendraftingtheSubscriberAgreementstobe signedbythemandtheirsubscribers,althoughadaptationstonationallawmaybenecessary. Membersmaywanttoaddadditionalconditions. ModelSubscriberAgreement ByparticipatingasaSubscriberandRegistrationAuthorityintheGÉANTTrustedCertificateService (TCS),you: shallagreetoabidebythetcsconsolidatedrequiredcontractualterms,therelevant sectionofwhichisreplicatedherein,includinganyupdatesandaddendathereto; shallagreetoabidebythetcscertificatepracticestatement(cps),includingthepertinent ancillarydocuments,practicestatements,policies,andcertificatetermsofuse; areresponsiblethatstaffandrepresentativesinvolvedwiththetcsreadandunderstandthe termsandconditionsinthetcscertificatepracticestatement(cps)andassociatedpolicies thatarepublishedinthetcsrepositoryathttp:// g3/.thesubscriberagreeswiththesetermsandconditions; shallfollowthepracticesandproceduresdescribedinthetcscps,andshallactin accordancewiththeconditionsimposedonsubscribersbythecps; areresponsibletousetcscertificatesonlyforlegalandauthorisedpurposesinaccordance withthesuggestedusagesandpracticesinthetcscps; areresponsibletoprovidecorrectandaccurateinformationinitscommunicationswiththe Member.Subscriberisresponsibletoalertthememberifatanystagewhileacertificateis valid,anyinformationoriginallysubmittedhaschangedsinceithadbeensubmittedtothe Member. SubscriberisawarethatcertificatesissuedtoSubscribermayberevokedbytheMemberorTERENA accordingtotheconditionsindicatedinthetcscps.
6 TCS Model Subscriber Agreement Page 3/4 AsaRegistrationAuthority,theSubscriberherebyagreestothefollowingterms: SUBJECT/REFERENCE 1. Applicability.ThetermscovereachdigitalcertificateissuedtoaSubscriberunderthe agreementwithgéantassociation,regardlessof(i)thedigitalcertificatetype( ,code signing,ortls/ssl),(ii)whenthesubscriberrequestthedigitalcertificate,or(iii)whenthe digitalcertificateactuallyissues.thesubscribermaynotrequestacertificatewithcontents thatinfringeontheintellectualpropertyrightsofanotherentity. 2. PrivateKeyGeneration.TheSubscribermustkeepallPrivateKeysconfidentialanduse reasonablemeasurestoprotecttheprivatekeyfromdisclosure.thesubscribermust requestrevocationofthecertificatewithinoneworkingdayofanysuspectedmisuseor compromiseofacertificateorprivatekey.thesubscribermustgenerateitskeypairusing oneofthefollowingmethods:(i)insideasecurehardwaretoken,(ii)usingtrustworthy cryptographicsoftwareonalocalcomputersystemwhereitisthesoleuserand administrator,(iii)onacomputersystemadministeredbyitssponsororathirdpartyif(a) thekeymaterialisgeneratedusingtrustworthycryptographicsoftware,(b)accessislimited todesignatedindividuals,whoaresubjecttoandawareofapplicableprivacyrulesanda professionalcodeofconduct,(c)theprivatekeyandpassphrasearenotsentincleartext overanetwork,(d)theencryptedprivatekeyfileisnotsentoverthenetworkunprotected, (e)thesystemislocatedinasecureenvironment,whereaccessiscontrolledandlimitedto onlyauthorizedpersonnel,and(f)asystemdoesnotpersistentlykeeppassphrasesorplain textprivatekeysforlongerthan24hours. 3. IGTFPrivateKeyStorage.SubscribersofCertificatesissuedasa GridCertificate muststore andprotectprivatekeysinaccordancewiththeapplicableandcurrentgridpolicy. 4. CertificateTransparency.ToensureCertificatesfunctionproperlythroughouttheirlifecycle, thesubscribermustpermitdigicerttologsslcertificateswithapubliccertificate transparencydatabase.becausethiswillbecomearequirementforcertificatefunctionality, SubscriberscannotoptoutofthisprocessandexpresslyagreetologtheirCertificates.Log serverinformationispubliclyaccessible.oncesubmitted,informationcannotberemoved fromalogserver. 5. Restrictions.Subscribersmaynot(a)sharetheirCertificateorPrivateKeywithanotheruser exceptwherepermittedbythecps,(b)useacertificateorprivatekeytooperatenuclear powerfacilities,airtrafficcontrolsystems,aircraftnavigationsystems,weaponscontrol systems,oranyothersystemrequiringfailsafeoperationwhosefailurecouldleadtoinjury, deathorenvironmentaldamage,(c)modify,sublicense,reverseoengineerorcreatea derivativeworkofanycertificate(exceptasrequiredtousethecertificateforitsintended purpose)orprivatekey,(d)useormakerepresentationsaboutacertificateexceptas allowedinthecps,(e)impersonateormisrepresentyouraffiliationwithanyentityorusea Certificateinamannerthatcouldreasonablyresultinacivilorcriminalactionbeingtaken againstthesubscriberordigicert,(f)useacertificatetosendorreceiveunsolicitedbulk correspondence,signordistributeanyfiles,software,orcodethatmaydamagethe operationofanother scomputerorthatisdownloadedwithoutauser sconsent,orbreach theconfidenceofathirdparty,(g)attempttouseacertificatetoissueothercertificates, exceptthatasubscribermayusethecertificatetocreateproxycertificatesasdefinedinrfc 3820,or(h)intentionallycreateaPrivateKeythatissubstantiallysimilartoaDigiCertor thirdpartyprivatekey.subscribersaresolelyresponsibleforensuringyourcertificatesare renewedpriortotheirexpiration. 6. Revocation.DigiCertmayrevokeaSubscriber scertificatewithoutnoticeforthereasons statedinthecps,includingifdigicertbelievesthat(a)thesubscriberorthecertificate s SubjectrequestedrevocationoftheCertificateordidnotauthorizetheCertificate sissuance,
7 TCS Model Subscriber Agreement Page 4/4 (b)thesubscriberorthecertificate ssubjectbreachitsobligationsundertheagreement withthegéantassociationorannrenorfailtocomplywiththecps,(c)aprovisionofthis SUBJECT/REFERENCE agreementcontainingarepresentationorobligationrelatedtotheissuance,use, management,orrevocationofthecertificateterminatesorisheldinvalid,(d)thesubscriber orthecertificate ssubjectareaddedtoagovernmentprohibitedpersonorentitylistorare operatingfromaprohibiteddestinationunderthelawsoftheunitedstates,(e)the Certificatecontainsinaccurateormisleadinginformation,(f)theCertificatewasusedoutside ofitsintendedpurposeorusedtosignmalicioussoftware;(g)theprivatekeyassociated withacertificatewasdisclosedorcompromised,(h)theagreementbetweenthegéant AssociationandDigicertterminates,(i)theCertificatewasusedorissued,directlyor indirectly,contrarytolaw,thecps,orindustrystandards,(j)industrystandardsordigicert s CPSrequirerevocation,or(k)revocationisnecessarytoprotecttherights,confidential information,operations,orreputationofdigicertorathirdparty. 7. RelyingPartyWarranties.DigiCert srelyingpartywarranty ( entitiesotherthanthesubscriberthatactinrelianceonacertificateoradigitalsignature. Subscribersdonothaverightsunderthewarranty,includinganyrighttoenforcetheterms ofthewarrantyormakeaclaimunderthewarranty. 8. Remedy.ASubscriber ssoleremedyforadefectinacertificateistohavedigicertuse reasonableeffortstocorrectthedefect.digicertisnotobligatedtocorrectadefectif(i)the Certificatewasmisused,damaged,ormodified,(ii)theSubscriberdidnotpromptlyreport thedefecttodigicert,or(iii)subscriberhasfailedtoabidebythegéantassociation agreement. 9. SoftwareandEquipment.Subscribersaresolelyresponsiblefortheirownconduct,software, websitemaintenance,operation,development,securityandcontent,andallcomputers, telecommunicationequipment,software,accesstotheinternet,andcommunications networks(ifany)requiredtoaccessandusethecertificates. 10. WarrantyDisclaimers.THECERTIFICATES,ANDANYRELATEDSOFTWARE,PRODUCTS,AND SERVICESAREPROVIDED"ASIS"AND"ASAVAILABLE.TOTHEMAXIMUMEXTENT PERMITTEDBYLAW,DIGICERTDISCLAIMSALLEXPRESSANDIMPLIEDWARRANTIES, INCLUDINGWARRANTIESOFMERCHANTABILITY,FITNESSFORAPARTICULARPURPOSE,AND NONOINFRINGEMENT.DIGICERTDOESNOTWARRANTTHATANYSERVICEORPRODUCTWILL MEETYOUREXPECTATIONSORTHATACCESSTOTHEACCOUNTWILLBETIMELYORERRORO FREE.UseofaSHAO1CertificatewillresultinerrorsdisplayedbyApplicationSoftware Vendors. 11. LimitationonLiability.Theagreementisnotrequiredtolimitaparty sliabilityfor(i)death orpersonalinjuryresultingfromthenegligenceofapartyor(ii)fraudorfraudulent statementsmadebyaparty.exceptasstatedabove,thesubscribermustagreeto LIMITDIGICERT SMAXIMUMLIABILITYRESULTINGFROMTHECERTIFICATETOTHEAMOUNT OF SUBSCRIBERMUSTAGREETHATDIGICERTISNOTLIABLEFORANYINDIRECT, CONSEQUENTIAL,SPECIAL,ORPUNITIVEDAMAGESORANYLOSSOFPROFIT,REVENUE, DATA,OROPPORTUNITY,EVENIFDIGICERTISAWAREOFTHEPOSSIBILITYOFSUCH DAMAGES.Thelimitationsmustapplytothemaximumextentpermittedbylawandapply regardlessof(i)thereasonforornatureoftheliability,includingtortclaims,(ii)thenumber ofclaimsofliability,(iii)theextentornatureofthedamages,or(iv)whetheranyother provisionsofthisagreementwerebreachedorprovenineffective. 12. Indemnification.Totheextentpermittedbylaw,Subscribermustindemnify,holdharmless, anddefenddigicertagainstallthirdpartyclaimsandallrelatedliabilities,damages,and costs,includingreasonableattorneys fees,arisingfromsubscriber sbreachoftheseterms.