Version 1.0 January 2000
Copyright © 2000,2001 VillageMall Pty Ltd.
This document outlines the policies for VillageMall Pty Ltd ( "VillageMall") Certificate Services. It assumes the reader has a basic understanding of digital certificates and signatures. It covers certificate application, validation of applicants, certificate issuance, use, and revocation.
Certificate Revocation List ("CRL") means the register from time to time of information regarding the status of Digital Certificates or a facility which enables the revocation status of a Digital Certificate to be checked.
Certification Authority ("CA") means VillageMall or any other entity expressly authorised by VillageMall to issue Digital Certificates to VillageMall network members.
Token mans a VillageMall supplied token or other VillageMall approved token that VillageMall issues a certificate for use with.
2. General Disclaimer
As a Certification Authority, VillageMall binds the name and any other required information to a subscriber's public key and signs this information with VillageMall's Certification Authority private key. By issuing a certificate to a particular certificate policy, VillageMall is confirming that it has followed the rules associated with the certificate policy (please see signing procedures for details of minimum checks).
It must be noted that VillageMall makes no acknowledgment of the merchantability or credibility of products or services provided by an organisation or individual for whom it signs a digital certificate. Issuance of a certificate does not guarantee the authority of the person who has the associated private key to act on behalf of the subscriber.
3. Certification Infrastructure
3.1 Certificate Policy(ies)
VillageMall issues certificates with different certificate policies. Each certificate policy has been designed for a specific use. VillageMall certificate policies have a global unique Object Identifier (OID) allocated under the ISO registration authority, this certificate policy (OID) is included within the certificate policy extension of the VillageMall Certification Authority certificate.
VillageMall network certificates are
issued to individuals and organisations and provide assurance about
the identity of the certificate holder, to the level identified within
the Identification section of the Certificate Practice Statement.
have a limited use, and may only be used within the
VillageMall network, and in conjunction with a VillageMall service.
4. Certificate Management
The generation of certificates by VillageMall are assessed and processed on an individual basis. VillageMall reserves the right not to proceed with the generation of a certificate for any individual or organisation which does not fulfil the requirements for the required certificate policy. VillageMall also reserves the right to withhold the reason for non-provision of certificates. Certificates generated by VillageMall are valid for the period as determined by VillageMall.
4.2 Distribution, Storage and Retrieval
Once generated, certificates are available to VillageMall subscribers. VillageMall does not make certificates available to the public.
4.3 Certificate Status
VillageMall also provides up to date information concerning the status of digital certificates issued by VillageMall, i.e. whether they are on a Certificate Revocation List (CRL). This CRL may be accessed by relying parties, however, before relying on a certificate issued by VillageMall, users must read and agree to the terms of VillageMall's Relying Party Agreement.
Certificates may be revoked for a variety of reasons such as, but not limited to, the corresponding private key being compromised or the original subscriber no longer requiring it. It is the responsibility of a subscriber to notify VillageMall if, for any reason, a certificate requires revoking. A certificate can be revoked without reason, to meet VillageMall's commercial operations such as, but not limited to, the non payment of outstanding accounts, or leaving the VillageMall Network..
As VillageMall certificates are valid for a fixed period, each certificate will need to be renewed prior to its expiration. The subscriber is responsible for renewing their certificate.
5. Legal Aspects
VillageMall warrants that, in relation to a particular certificate, it will have carried out the validation procedures appropriate to that certificate policy.
Except as stated above, VillageMall does not warrant the accuracy, authenticity, reliability or competence of the information contained in certificates or otherwise held by VillageMall.
The attention of subscribers and relying parties is drawn to the terms of the Relying Party Agreement as appropriate.
VillageMall is not the agent or representative of any subscriber or relying party and no subscriber or relying party shall make any representations to the contrary.
5.3 Subscribing party's obligations
The subscribing party must ensure that the certificate is not used for any purpose which is fraudulent or in any other way illegal. If a certificate is used for such a purpose then VillageMall may revoke the certificate without notice.
5.4 Protection of Privacy and Personal Data
VillageMall and third parties may make use of information supplied by a subscriber for the purposes issuing and using the subscriber's certificate. VillageMall may also use the information supplied by a subscriber for the purposes, as outlined within our Privacy Statement.
Every prospective subscriber must complete the application form appropriate to the certificate policy for which they wish to apply. Failure to complete the application completely and accurately may lead to that application being delayed or rejected.
6.2 Key Pairs
The prospective subscriber key pairs must be generated within their VillageMall Token.
6.3 Subscribers Agreement
Before submitting an application, every prospective subscriber must familiarise themselves with the terms of VillageMall's Subscribers Agreement. Submission of an application form indicates that the prospective subscriber has agreed to be bound by that Agreement.
6.4 Further Information
VillageMall reserves the right to request further background information from a prospective subscriber where it, at its discretion, feels such additional information is appropriate or desirable in relation to the certificate policy for which the prospective subscriber has applied.
6.5 VillageMall Procedures
VillageMall retrieves certificate requests and conducts the following verification checks on each application according to the certificate policy.
VillageMall will only issue a Certificate to an Australian resident under this policy, this is indicated, and attested to by the Subscriber on the application form.
6.7 Private Key Storage
Prospective subscribers are responsible for ensuring that their private key only on the VillageMall token and keep the token a secure fashion so are to ensure it is not subject to loss, disclosure, corruption, modification or unauthorised use.
If VillageMall agrees to issue a certificate, it will sign the subscriber's certificate and return the certificate to the users token for storage.
Once a subscriber has downloaded and installed their certificate, or upon first use of their private key associated with the certificate, they are bound by the terms and conditions of the Subscribers Agreement.
Use of any digital certificate issued by VillageMall must be in accordance with the Subscribers Agreement.
VillageMall reserves the right to revoke any certificate which use contravenes the terms and conditions of the Subscribers Agreement.
11.1 The following are the Certification Authority obligations:
11.2 The following are subscriber’s obligations:
11.3 The following are the relying parties’ obligations: