The Web Assets (Licence Agreements) Act

Started by Eðo Grischun, November 19, 2020, 06:19:41 AM

Previous topic - Next topic

Eðo Grischun

WHEREAS

THEREFORE

The Minister of STUFF is authorised to create and enter into licensing agreements with third parties in relation to the operation and control of all national web assets.  In these agreements the Ministry of STUFF shall be the licensor and the third party shall be the licensee.

Any web asset that is surplus to requirements may be licenced to a licensee for a particular purpose and, during the term of that licence agreement, the licensee shall have control over the named web asset(s) for the specific purposes as outlined in the agreement.

Licence agreements must also be in place between the Ministry of STUFF and any third party that requests accounts or access to File Transfer Protocol (FTP), database systems, any server level technology (including webhosting control panels), any backend email systems, any subdomain, any domain, any backend dashboards for website installations where such access would give significant levels of control, any social media accounts, and any other internet based system, be it a system wholly owned by the Kingdom or not, where such levels of access is significant. 

All licence agreements shall be publicly posted and shall contain the exact terms of agreement and, whenever possible, shall be of a defined term with an expiry date, either fixed or renewable.  Upon expiry of a licence agreement that is not being renewed the Ministry of STUFF must ensure that all account accesses relating to the agreement are revoked.

Before a licence agreement can be finalised the licensee must provide a copy of identity documents that must show the legal name and address of the licensee.  These documents must be verified by both the Ministry of STUFF and the Chancery.

During the term of a licence agreement the licensee shall not be permitted to transfer the agreement to any other party. 

The existence of a licence agreement does not, and cannot, transfer ownership of any web asset.
Eovart Grischun S.H.

Former Distain
Former Minister
Former Senator for Vuode

Eðo Grischun

Will fill in the blanks later.

Comments and questions invited and welcome.
Eovart Grischun S.H.

Former Distain
Former Minister
Former Senator for Vuode

Ian Plätschisch


Eðo Grischun

#3
Quote from: Ian Plätschisch on November 19, 2020, 06:31:15 AM
What would this be used for?

Primarily, it's just so we can fully verify the identity of people who might get handed the keys to a particular asset.  It's a bit of a continuation of last week's discussion on identities, so this is a proposed solution to one of the legit concerns that was raised.

Secondly, this is a prelude to something else that was planned where the Seneschal would like some kind of way of 'hiring in outside help'; or in other words, when a Talossan can't fix it or build it we bring in a non-Talossan who can.

Third, there have actually been many instances of people playing around in the webspaces.  The language guys have server level FTP access to maintain Oversteir and site admins get appointed now and then.  So, this is just adding in a formal process surrounding all that stuff.

In the immediate short term, I can't think of any reason that licence agreements would get drawn up (other than Oversteir), but you never know when somebody will come up with some great idea and want a subdomain to host it on, or something breaks like a shoutbox plugin... loads of reasons that we might need to be giving someone admin level access rights.  I think its a good idea that we start saying if people are getting serious admin access to our systems then asking for a flash of an ID card is probably sensible.


The bit in there about expiry dates is because in the past we have found that when someone gets admin rights, the admin rights hardly ever get removed after the job is done.


(but it might also all be a rubbish idea)
Eovart Grischun S.H.

Former Distain
Former Minister
Former Senator for Vuode