Ran into today#Public Key Infrastructures (PKIs) that can be used to facilitate pilot projects employing public key technology.
Such organizations, called Policy Authorities in this document, can use the Guidelines to analyze their particular needs and to construct a PKI that will meet those needs. One important product of that analysis is likely to be a Certificate Policy, which may be thought of as a charter for a particular PKI.
A Certificate Policy defines who the parties are, the relationships and obligations of the parties to one another, and what uses are acceptable within the PKI. The last part of these Guidelines includes high level drafting instructions for Certificate Policy writers. The Guidelines suggest that Policy Authorities use contracts to make the provisions of a Certificate Policy legally binding among the parties