Network Working Group R. Austein, Ed. Request for Comments: 4071 ISC BCP: 101 B. Wijnen, Ed. Category: Best Current Practice Lucent Technologies April 2005 Structure of the IETF Administrative Support Activity (IASA) Status of This Memo This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2005).
AbstractThis document describes the structure of the IETF Administrative Support Activity (IASA) as an activity housed within the Internet Society (ISOC). It defines the roles and responsibilities of the IETF Administrative Oversight Committee (IAOC), the IETF Administrative Director (IAD), and ISOC in the fiscal and administrative support of the IETF standards process. It also defines the membership and selection rules for the IAOC. 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Definitions and Principles . . . . . . . . . . . . . . . . . . 3 2.1. Alphabet Soup . . . . . . . . . . . . . . . . . . . . . 3 2.2. Principles of the IASA, IETF, and ISOC Relationship . . 4 2.3. Community Consensus and Grant of Authority . . . . . . . 5 2.4. Termination and Change . . . . . . . . . . . . . . . . . 5 2.5. Effective Date for Commencement of IASA . . . . . . . . 5 3. Structure of the IASA . . . . . . . . . . . . . . . . . . . . 5 3.1. IAD Responsibilities . . . . . . . . . . . . . . . . . . 7 3.2. IAOC Responsibilities . . . . . . . . . . . . . . . . . 9 3.3. Relationship of the IAOC to Existing IETF Leadership . . 10 3.4. IAOC Decision Making . . . . . . . . . . . . . . . . . . 10 3.5. Review and Appeal of IAD and IAOC Decision . . . . . . . 10 4. IAOC Membership, Selection and Accountability . . . . . . . . 11 4.1. Initial IAOC Selection . . . . . . . . . . . . . . . . . 13
5. IASA Funding . . . . . . . . . . . . . . . . . . . . . . . . . 14 5.1. Cost Center Accounting . . . . . . . . . . . . . . . . . 14 5.2. IETF Meeting Revenues . . . . . . . . . . . . . . . . . 14 5.3. Designated Donations, Monetary and In-Kind . . . . . . . 14 5.4. Other ISOC Support . . . . . . . . . . . . . . . . . . . 15 5.5. IASA Expenses . . . . . . . . . . . . . . . . . . . . . 15 5.6. Operating Reserve . . . . . . . . . . . . . . . . . . . 15 6. IASA Budget Process . . . . . . . . . . . . . . . . . . . . . 16 7. ISOC Responsibilities for IASA . . . . . . . . . . . . . . . . 16 8. Security Considerations . . . . . . . . . . . . . . . . . . . 17 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 18 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 11.1. Normative References . . . . . . . . . . . . . . . . . . 18 11.2. Informative References . . . . . . . . . . . . . . . . . 19 RFC3716], including IETF document and data management, IETF meetings, and any operational agreements or contracts with the RFC Editor and the Internet Assigned Numbers Authority (IANA). The IASA is also ultimately responsible for the financial activities
associated with IETF administrative support, such as collecting IETF meeting fees, paying invoices, managing budgets and financial accounts, and so forth. The IASA is responsible for ensuring that the IETF's administrative needs are met, and met well. The IETF does not expect the IASA to undertake the bulk of this work directly; rather, the IETF expects the IASA to contract this work from others and to manage these contractual relationships to achieve efficiency, transparency, and cost effectiveness. The IASA is distinct from IETF-related technical functions, such as the RFC Editor, the IANA, and the IETF standards process itself. The IASA has no influence on the technical decisions of the IETF or on the technical contents of IETF work. Note, however, that this in no way prevents people who form part of the IASA from participating as individuals in IETF technical activities. RFC2026], [RFC2850]). IAD: IETF Administrative Director, defined by this document. IAOC: IETF Administrative Oversight Committee, defined by this document. IASA: IETF Administrative Support Activity, defined by this document. IESG: Internet Engineering Steering Group (see [RFC2026], [RFC3710]). IETF: Internet Engineering Task Force (see [RFC3233]). ISOC: Internet Society (see [RFC2031] and [ISOC]).
8. The IASA, in cooperation with ISOC, shall use reasonable efforts to ensure that sufficient reserves exist to keep the IETF operational in the case of unexpected events such as income shortfalls. The remainder of this document contains details based on the above principles. RFC2026], including its acceptance as an IETF process BCP by the ISOC Board of Trustees, and after the ISOC Board of Trustees has confirmed its acceptance of ISOC's responsibilities under the terms herein described.
consultants are allocated based on actual expenses or on some other allocation model determined by consultation between the IAOC and ISOC. Although the IAD is an ISOC employee, he or she works under the direction of the IAOC. A committee of the IAOC is responsible for hiring and firing the IAD, for reviewing the IAD's performance, and for setting the compensation of the IAD. The members of this committee are appointed by the IAOC and consist at minimum of the ISOC President, the IETF Chair, and one of the Nomcom-appointed IAOC members. The IAOC determines what IETF administrative functions are to be performed, and how or where they should be performed (whether internally within the IASA or by outside organizations), so as to maintain an optimal balance of functional performance and cost of each such function. The IAOC should document all such decisions, and the justification for them, for review by the community. Each function should be reviewed on a regular basis using the assumption that, absent such justification, the function is either unnecessary or, if necessary, it is overstaffed, rather than using an assumption that anything that has been done in the past is still necessary; each function should be adjusted as needed given the result of this review. The IAD is responsible for negotiating and maintaining contracts or equivalent instruments with outside organizations, and for providing any coordination necessary to make sure that the IETF administrative support functions are covered properly. All functions, whether contracted to outside organizations or performed internally within the IASA, must be clearly specified and documented with well-defined deliverables, service level agreements, and transparent accounting for the cost of such functions. The IASA is responsible for managing all intellectual property rights (IPR), including but not limited to trademarks, and copyrights that belong to the IETF. The IASA is also responsible for managing the ownership, registration, and administration of relevant domain names. The IASA is responsible for undertaking any and all required actions on behalf of the IETF to obtain, protect, and manage the rights that the IETF needs to carry out its work. If the IASA cannot comply with the procedures described in this document for legal, accounting, or practical reasons, the IAOC shall report that fact to the community, along with the variant procedure that the IAOC intends to follow. If the problem is a long-term one, the IAOC shall ask the IETF to update this document to reflect the changed procedure.
The IAD shall ensure that personal data collected for legitimate purposes of the IASA are protected appropriately; at minimum, such data must be protected to a degree consistent with relevant legislation and applicable privacy policies. If an IASA Contract provides for the creation, development, or modification of any software (including, without limitation, any search tools, indexing tools, and the like) ("Developed Software"), then the IAD shall, whenever reasonable and practical, ensure that such contract either (a) grants ownership of such Developed Software to ISOC, or (b) grants ISOC a perpetual, irrevocable right, on behalf of IASA and IETF, to use, display, distribute, reproduce, modify, and create derivatives of such Software (including, without limitation, pursuant to an open source style license). It is preferred that Developed Software be provided and licensed for IASA and IETF use in source code form, with no ongoing payments. ISOC will permit the IASA and its designee(s) to have sole control and custodianship of such Developed Software. The foregoing rights are not required in the case of off-the-shelf or other commercially-available software that is not developed at the expense of ISOC. If an IASA Contract relates to the licensing of third-party software, the IAD shall ensure that such license expressly permits use of such software for and on behalf of the IASA and/or the IETF, as applicable, and that such license is transferable in accordance with the provisions of Section 7 (Removability). Notwithstanding the foregoing, the IAD can enter into different terms if doing so is in the best interest of the IETF and upon approval of the IAOC. The IAD and IAOC are responsible for making all business decisions regarding the IASA. In particular, the ISOC Board of Trustees shall not have direct influence over the choice of IASA contractors or IETF meeting sponsors. This restriction is meant to enforce the separation between fund-raising and the actual operation of the standards process. The IAD prepares an annual budget, which is subject to review and approval by the IAOC. The IAD is responsible for presenting this budget to the ISOC Board of Trustees, as part of ISOC's annual financial planning process. As described elsewhere in this document, the IAOC is responsible for ensuring the budget's suitability for meeting the IETF community's administrative needs, but the IAOC does not bear fiduciary responsibility for ISOC. The ISOC Board of Trustees therefore needs to review and understand the budget and planned activity in enough detail to carry out its fiduciary responsibility properly. The IAD is responsible for managing this
process of review and approval. The IAD sees to it that the IASA publishes its complete approved budget to the IETF community each year.
If there is no IAD or if the IAD is unavailable, the IAOC may temporarily assign the IAD's duties to individual members of the IAOC.
review and response is required, based on the nature of the review request. Based on the results of the review, the IAOC may choose to overturn their own decision, to change their operational guidelines to prevent further misunderstandings, to take other action as appropriate, or just to publish the review result and take no other action. If a member of the community is not satisfied with the IAOC's response to his or her review request, he or she may escalate the issue by appealing the decision or action to the IAB, using the appeals procedures outlined in RFC 2026 [RFC2026]. If he or she is not satisfied with the IAB response, he or she can escalate the issue to the ISOC Board of Trustees, as described in RFC 2026. The reviewing body (the IAB or ISOC Board of Trustees) shall review the decision of the IAD or IAOC to determine whether it was made in accordance with existing BCPs and operational guidelines. As a result of this review, the reviewing body may recommend to the community that the BCPs governing IAOC actions should be changed. The reviewing body may also advise the IAOC to modify existing operational guidelines to avoid similar issues in the future and/or it may advise the IAOC to re-consider their decision or action. It may also recommend that no action be taken, based on the review. In exceptional cases, when no other recourse seems reasonable, the reviewing body may overturn or reverse a non-binding decision or action of the IAOC. This should be done only after careful consideration and consultation with the IAOC regarding the ramifications of this action. In no circumstances may the IAB or ISOC Board of Trustees overturn a decision of the IAOC that involves a binding contract or overturn a personnel-related action (such as hiring, firing, promotion, demotion, performance reviews, salary adjustments, etc.).
o The IAB Chair (ex officio); o The ISOC President/CEO (ex officio). The IETF Administrative Director also serves, ex officio, as a non- voting member of the IAOC. The IAOC may also choose to invite liaisons from other groups, but it is not required to do so; the IAOC decides whether to have a liaison to any particular group. Any such liaisons are non-voting. Responsibility for selecting the individual filling a particular liaison role lies with the body from which the IAOC has requested the liaison. Subject to paragraph 2 of Section 4.1, appointed members of the IAOC serve two-year terms. IAOC terms normally end at the end of the first IETF meeting of a year. The members of the IAOC shall select one of its appointed voting members to serve as the chair of the IAOC. The term of the IAOC chair shall be one year from the time of selection or the remaining time of his or her tenure on the IAOC, whichever is less. An individual may serve any number of terms as chair, if selected by the IAOC. The Chair serves at the pleasure of the IAOC and may be removed from that position at any time by a vote of 2/3 of the voting IAOC members, not counting the IAOC chair. The chair of the IAOC shall have the authority to manage the activities and meetings of the IAOC. The two NomCom-appointed IAOC members are chosen using the procedures described in RFC 3777 [RFC3777]. For the initial IAOC selection, the IESG will provide the list of desired qualifications for these positions; in later years, the IAOC will provide this qualification list. The IESG will serve as the confirming body for IAOC appointments by the NomCom. While there are no hard rules regarding how the IAB and the IESG should select members of the IAOC, such appointees need not be current IAB or IESG members (and probably should not be, if only to avoid overloading the existing leadership). The IAB and IESG should choose people with some knowledge of contracts and financial procedures, who are familiar with the administrative support needs of the IAB, the IESG, or the IETF standards process. The IAB and IESG should follow a fairly open process for these selections, perhaps with an open call for nominations or a period of public comment on
the candidates. The procedure for IAB selection of ISOC Board of Trustees [RFC3677] might be a good model for how this could work. After the IETF gains some experience with IAOC selection, these selection mechanisms should be documented more formally. Although the IAB, the IESG, and the ISOC Board of Trustees choose some members of the IAOC, those members do not directly represent the bodies that chose them. All members of the IAOC are accountable directly to the IETF community. To receive direct feedback from the community, the IAOC holds an open meeting at least once per year at an IETF meeting. This may take the form of an open IAOC plenary or a working meeting held during an IETF meeting slot. The form and contents of this meeting are left to the discretion of the IAOC Chair. The IAOC should also consider open mailing lists or other means to establish open communication with the community. IAOC members are subject to recall in the event that an IAOC member abrogates his or her duties or acts against the best interests of the IETF community. Any appointed IAOC member, including any appointed by the IAB, IESG, or ISOC Board of Trustees, may be recalled using the recall procedure defined in RFC 3777 [RFC3777]. IAOC members are not, however, subject to recall by the bodies that appointed them. If a vacancy occurs among the appointed members, this is filled by the appointing body for that position according to its procedures. The IAOC members shall not receive any compensation from the IASA, ISOC, or IETF for their services as members of the IAOC. The IAOC shall set and publish rules covering reimbursement of expenses, and such reimbursement shall generally be for exceptional cases only.
contributions to the work supported by IASA. Since ISOC will be the sole entity through whom donations may be made to the work of the IETF, ISOC shall ensure that those programs are not unduly restrictive. ISOC shall maintain programs that allow for designated donations to the IETF. In-kind resources are owned by the ISOC on behalf of the IETF and shall be reported and accounted for in a manner that identifies them as such. Designated monetary donations shall be credited to the appropriate IASA accounts. Section 6, which includes deciding when ISOC monetary support is to be credited to the IASA accounts. All ISOC support, no matter how it is delivered, shall be reported in the IASA financial reports.
Unification: As part of this arrangement, ISOC's sponsorship of the RFC Editor, IAB and IESG shall be managed as part of the IASA under the IAOC. Independence: The IASA shall be distinct from other ISOC activities. ISOC shall support the IASA through the mechanisms specified in this document and its successors. Support: ISOC shall work with the IAD and IAOC to ensure appropriate financial support for the IASA, following the mechanisms described in this document and its successors. Removability: While there is no current plan to transfer the legal and financial home of the IASA to another corporation, the IASA shall be structured to enable a clean transition in the event that the IETF community decides that such a transition is required and documents its consensus in a formal document (currently called a BCP). In such a case, the IAOC shall give ISOC a minimum of six months' notice before the transition formally occurs. During that period, the IETF and ISOC shall work together to create a smooth transition that does not result in any significant service outages or missed IETF meetings. All contracts executed by ISOC on behalf of the IASA shall either include a clause allowing termination by ISOC with six months notice, or be transferable to another corporation in the event that the IASA transitions away from ISOC. To the extent allowed by law, any balance in the IASA accounts, any IETF-specific intellectual property rights, and any IETF- specific data and tools shall also transition to the new entity. Other terms shall be negotiated between the IETF and ISOC. Within the constraints outlined above, all other details of how to structure this activity within ISOC (for instance, as a cost center, a division, or an affiliate) shall be determined by ISOC in consultation with the IAOC.
RFC2629]. [RFC2026] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, October 1996. [RFC3716] IAB Advisory Committee, "The IETF in the Large: Administration and Execution", RFC 3716, March 2004. [RFC3777] Galvin, J., "IAB and IESG Selection, Confirmation, and Recall Process: Operation of the Nominating and Recall Committees", BCP 10, RFC 3777, June 2004.
[ISOC] Internet Society, "Internet Society By-Laws", February 2001, <http://www.isoc.org/isoc/general/trustees/bylaws.shtml>. [RFC2031] Huizer, E., "IETF-ISOC relationship", RFC 2031, October 1996. [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, June 1999. [RFC2850] Internet Architecture Board and B. Carpenter, "Charter of the Internet Architecture Board (IAB)", BCP 39, RFC 2850, May 2000. [RFC3233] Hoffman, P. and S. Bradner, "Defining the IETF", BCP 58, RFC 3233, February 2002. [RFC3677] Daigle, L. and Internet Architecture Board, "IETF ISOC Board of Trustee Appointment Procedures", BCP 77, RFC 3677, December 2003. [RFC3710] Alvestrand, H., "An IESG charter", RFC 3710, February 2004.
Full Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- firstname.lastname@example.org. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.