[Top] [All Lists]

Re: Scenario O Re: Upcoming: further thoughts on where from here

2004-09-22 07:49:14
Leslie and Harald somewhat challenged me in private to review
Scenario O more deeply, to indicate the bits of it that may need
more work - since otherwise we might miss showstoppers.

So I have sone so, below, but with the proviso that this
is the scenario I prefer - so my comments should be taken in
that context. I am too busy just now to do a similar review on
the alternative scenario, which I like much less for reasons
already stated.

Leslie Daigle wrote:
Not an Internet-Draft                                          L. Daigle
                                                            M. Wasserman
                                                      September 20, 2004

    AdminRest Scenario O: An IETF-Directed Activity Housed Under the
                 Internet Society (ISOC) Legal Umbrella


1.  Overview of Scenario O

   IETF community discussions of the scenarios for administrative
   restructuring presented in Carl Malamud's consultant report
   [I-D.malamud-consultant-report] have led to the identification of a
   potentially viable alternative that is not included in that report --
   an IETF-defined and directed administrative support function housed
   under the ISOC legal umbrella (called "IASA" hereafter).  This new
   scenario retains some properties of the original ISOC-based
   scenarios, Scenarios A and B.  However, this new scenario aims to

   o  continued close relationship with ISOC

o a clear basis from which the IETF can define

and control

      ...(and, over time,
      refine) the administrative activity in terms of IETF community
      needs, using existing IETF/ISOC processes

   o  an operational oversight board that is accountable to the IETF

   o  continued separation between the IETF standards activity and any
      fund-raising for standards work (within ISOC)

   o  appropriate ISOC oversight of its standards activities funds

   This scenario is nicknamed "Scenario O" -- it is derived from, but
   does not entirely encompass, Scenario A or Scenario B.

   In Scenario O, the IETF administrative support function would be
   defined in a BCP that would be created via the IETF standards process
   [RFC2026] and approved by the ISOC Board of Trustees.  This BCP would
   describe the scope of an IETF Administrative Support Activity (IASA)
   and would define the structure and responsibilities of the IETF
   Administrative Oversight Committee (IAOC), an IETF-selected body
   responsible for overseeing the IASA.  Like the Internet Architecture
   Board (IAB), the IASA would be housed within the ISOC legal umbrella.
   The BCP would also describe ISOC's responsibilities within this
   scenario, including requirements for financial accounting and
   transparency.  A draft of this BCP is included in the next section of
   this document.

   Scenario O allows us to establish IETF control over our
   administrative support functions in terms of determining that they
   meet the community's needs,  and adjusting them from time to time
using IETF processes.

It will also provide financial transparency of IETF operations,
which has been lacking in the past.

   At the same time, it does not require that the
   IETF community determine, create and undertake the risks associated
   with an appropriate corporate structure (with similar financial

Daigle & Wasserman                                              [Page 3]
                          AdminRest Scenario O            September 2004

   infrastructure and tax-exempt status to ISOC's) in order to solve the
   pressing administrative issues outlined in [RFC3716].  This proposal
   also defines the boundaries of the IASA so that it could be
   encapsulated and moved elsewhere at some future date, should that
   ever be desirable.

2.  Draft of Administrative Support BCP

   This section proposes draft text for a BCP that would define the
   scope and structure of the IASA.  Although this text would require
   further refinement within the IETF community, this section is
   intended to be clear and complete enough to allow the community to
   reach a well-informed opinion regarding this scenario.

2.1  Definition of the IETF Administrative Support Activity (IASA)

   The IETF undertakes its technical activities as an ongoing, open,
   consensus-based process.  The Internet Society has long been a part
   of the IETF's standards process, and this document does not affect
   the ISOC-IETF working relationship concerning standards development
   or communication of technical advice.  The purpose of this memo is to
   define an administrative support activity that is responsive to the
   IETF technical community's needs, as well as consistent with ISOC's
   operational, financial and fiduciary requirements while supporting
   the IETF technical activity.

   The IETF Administrative Support Activity (IASA) provides
   administrative support for the technical work of the IETF.  This
   includes, as appropriate,  undertaking or contracting for the work
   described in (currently, [RFC3716] but the eventual BCP should
   include the detail as an appendix), covering IETF document and data
   management, IETF meetings, any operational agreements or contracts
   with the RFC Editor and IANA.  This provides the administrative
   backdrop required to support the IETF standards process and to
   support the IETF organized technical activities, including the IESG,
IAB and working groups.

IRTF too?

I would also suggest, subject to legal advice, adding something like
"in the public interest" at the end of this sentence.

   ...This includes the financial activities
   associated with such IETF support (collecting IETF meeting fees,
   payment of invoices, appropriate financial management, etc).  The
   IASA is responsible for ensuring that the IETF's administrative
   activities are done and done well; it is not the expectation that the
   IASA will undertake the work directly, but rather contract the work
   from others, and manage the contractual relationships in line with
   key operating principles such as efficiency, transparency and cost

I would take legal advice whether to insert a line here about the
non-profit aspect - maybe stating that any operating surplus will be
carried forward strictly to support future operations.

   The IASA is distinct from other IETF-related technical functions,
   such as the RFC editor, the Internet Assigned Numbers Authority
   (IANA), and the IETF standards process itself.  The IASA is not

Daigle & Wasserman                                              [Page 4]
                          AdminRest Scenario O            September 2004

   intended to have any influence on the technical decisions of the IETF
   or on the technical contents of IETF work.

Is this strong enough? We could say that the IASA "has no influence..."?

2.1.1  Structure of the IASA

   The IASA will be structured to allow accountability to the IETF
   community.  It will determine the ongoing success of the activity in
   meeting IETF community needs laid out in this BCP, as well as ISOC
   oversight of its financial and resource contributions.  The
   supervisory body defined for this will be called the IETF
   Administrative Oversight Committee (IAOC).  The IAOC will consist of
   volunteers, all chosen directly or indirectly by the IETF community,
   as well as appropriate ex officio appointments from ISOC and IETF
   leadership.  The IAOC will be accountable to the IETF community for
   the effectiveness, efficiency and transparency of the IASA.

   The IASA will initially consist of a single full-time employee of
   ISOC, the IETF Administrative Director (IAD).  The IAD will require a

Very good acronym, since this person may spend a fair amount of time
in IAD airport :-)

   variety of financial, legal and administrative support, and it is
   expected that this support will be provided by ISOC support staff
   following an expense and/or allocation model TBD.

   Although the IAD will be a full-time ISOC employee, he will work


   under the direction of the IAOC.  The IAD will be selected by a
   committee of the IAOC, consisting minimally of the ISOC President and
   the IETF Chair.  This same committee will be responsible for
   periodically reviewing the performance of the IAD and determining any
   changes to his employment and compensation.  In certain cases (to be
   defined clearly -- chiefly cases where the ISOC employee is
   determined to have contravened basic ISOC policies), the ISOC
   President may make summary decisions, to be reviewed by the hiring
   committee after the fact.

I think the idea here is right, but it seems to be expressed clumsily, and
it needs to be made clear that this is really the exception case. Also,
these conditions have to be spelled out in the contract of employment
or the formal annual objectives for the IAD, rather than written in stone
in the BCP.

   The IAD will be responsible for administering the IETF finances,
   managing a separate bank account for the IASA, and establishing and

Is it really a separate bank account? It's certainly a separate accounting
pillar inside ISOC (one that already exists, as a matter of fact). This is
a practical question - if cash flow difficulties ever arise, a separate
bank account might be a definite disadvantage.

   administering the IASA budget.  To perform these activities, the IAD
   is expected to have signing authority comparable to other ISOC
   director-level employees.  Generally, expenses or agreements outside
   that authority to be approved for financial soundness as determined
   by ISOC policy.  The joint expectation is that ISOC's policies will
   be consistent with allowing the IAD to carry out IASA work
   effectively and efficiently.  Should the IAOC have concerns about
   that, the IAOC and ISOC commit to working out other policies that are
   mutually agreeable.

The actual signing limit in $k has to be defined somewhere, presumably
as an ISOC internal operating procedure. Above some limit, it's normal
good practice to require two signatures anyway, so the only real
argument is about how many $k that is.

   The IAD will also fill the role of the IETF Executive Director, as
described in various IETF process BCPs.

unless explicitly delegated with consent of the IAOC?

   ...All other administrative
   functions will be outsourced via well-defined contracts.  The IAD

I appreciate Harald's argument for the strength of the word "contract"
but I can imagine trivial cases where it might be an intra-office
agreement within ISOC or something. How about "contracts or
equivalent instruments"?

Daigle & Wasserman                                              [Page 5]
                          AdminRest Scenario O            September 2004

   will be responsible for negotiating and maintaining those contracts,
   as well as providing any coordination that is necessary to make sure
   the IETF administrative support functions are properly covered.

2.1.2  IAD Responsibilities

   The day to day responsibilities of the IAD will focus on managing
   contracts with the entities providing the work supporting the IETF
   technical activity.

   The IAD will provide regular (monthly and quarterly) reports to the
   IAOC and ISOC.


   All contracts will be negotiated by the IAD (with input from any
   other appropriate bodies), and reviewed by the IAOC.

Are you sure that *all* contracts will be subject to such review?
How about "those over $Nk" will be reviewed by the IAOC? Where N is
a single digit, probably.

   The contracts
   will be executed by ISOC, on behalf of the IETF, after whatever
   review ISOC requires (e.g., legal, Board of Trustees).

   The IAD will prepare an annual budget, which will be reviewed and
approved by the IAOC.

And published?

   ...The IAD will be responsible for presenting
   this budget to the ISOC Board of Trustees, as part of ISOC's annual
   financial planning process.  The partnering is such that the IAOC is
   responsible for ensuring the suitability of the budget for meeting
   the IETF community's needs, but it does not bear fiduciary
   responsibility; the ISOC board needs to review and understand the
   budget and planned activity in have enough detail of the budget and
   proposed plans to properly carry out its fiduciary responsibility.

An annual financial report should be published too.

One thing I miss above is how the IAD learns what the IETF wants.
Something like

 The IAD will be responsible for recording administrative requirements
 stated for the IETF by the IESG, investigating their feasibility and
 cost, and when possible and appropriate managing their implementation.

Maybe the channel for this should be the IAOC, not the IESG??

2.1.3  IAOC Responsibilities

   The role of the IAOC is to provide appropriate input to the IAD, and
   oversight of the IASA functioning.  The IAOC is not expected to be
   regularly engaged in IASA work, but rather to provide appropriate
   approval and oversight.

   Therefore, the IAOC's responsibilities are:

   o  Select the IAD, as described above.

   o  Review the IAD's financial reports, and provide approval of the
      IAD's budget proposals in terms of fitness for IETF purposes.

   o  Review IASA functioning with respect to meeting the IETF
      community's working needs.

   The IAOC's role is to review, not carry out the work of,  the IAD and
   IASA.  As such, it is expected the IAOC will have monthly
   teleconferences and periodic face to face meetings, probably

Daigle & Wasserman                                              [Page 6]
                          AdminRest Scenario O            September 2004

   coincident with IETF plenary meetings, consistent with ensuring an
   efficient and effective operation.

2.1.4  IASA Funding

   The IASA is supported financially in 3 ways:

   1.  IETF meeting revenues.  The IAD, in consultation with the IAOC,
       sets the meeting fees as part of the budgeting process.  All
       meeting revenues go to the IASA.

   2.  Designated ISOC donations.  The IETF and IASA do no specific fund
       raising activities; this maintains separation between fundraising
       and standards activities.  Any organization interested in
       supporting the IETF activity will continue to be directed to
       ISOC, and any funds ISOC receives specifically for IETF
       activities (as part of an ISOC program that allows for specific
       designation) will be put in the IASA bank account for IASA

   3.  Other ISOC support.  ISOC will deposit in the IASA account, each
       quarter, the funds committed to providing as part of the IASA
       budget (where the meeting revenues and specific donations do not
       cover the budget).  These funds may come from member fees or from
       other revenue streams ISOC may create.

   Note that the goal is to achieve and maintain a viable IETF support
   function based on meeting fees and specified donations, and the IAOC
   and ISOC are expected to work together to attain that goal.  (I.e.,
   dropping the meeting fees to $0 and expecting ISOC to pick up the
   slack is not desirable; nor is raising the meeting fees to
   prohibitive levels to fund all non-meeting-related activities!).

   Also, in normal operating circumstances, the IASA would look to have
   a 6 month operating reserve for its activities.  Rather than having
   the IASA attempt to accrue that in its bank account, the IASA looks
   to ISOC to build and provide that operational reserve (through
   whatever mechanism instrument ISOC deems appropriate -- line of
   credit, financial reserves, etc).  Such reserves do not appear
   instantaneously; the goal is to reach that level of reserve by 3
   years after the creation of the IASA.  It is not expected that any
   funds associated with such reserve will be held in the IASA bank

Exactly my point about having a separate bank account in the first place.

2.2  IAOC Membership, Selection and Accountability

   Note:  This section is particularly subject to change as we work to
   find the best way to achieve the key principles.  The key principles

Daigle & Wasserman                                              [Page 7]
                          AdminRest Scenario O            September 2004

   being adhered to are that while this should be reasonably separate
   from IETF Standards process management:

   o  the IETF and IAB Chairs need to be involved to a level that
      permits them to be involved in and oversee the aspects pertinent
      to their roles in managing the technical work (e.g., the IAB looks
      after the RFC Editor relationship)

   o  the IETF and IAB Chairs must not be critical path to getting
      decisions to and through the IASA.

   The current draft, below, therefore makes the IETF Chair ex officio
   voting member of the IAOC, and the IAB Chair a non-voting liaison.
   Future versions may change either or both, depending on what makes
   sense to the IETF community in its deliberations.

   The IAOC will consist of seven voting members who will be selected as

   o  2 members chosen by the IETF Nominations Committee (NomCom)

   o  1 member chosen by the IESG

   o  1 member chosen by the IAB

   o  1 member chosen by the ISOC Board of Trustees

   o  The IETF Chair (ex officio)

   o  The ISOC President/CEO (ex officio)

   There will also be two non-voting, ex officio liaisons:

   o  The IAB Chair

I'm not sure of the logic of the IAB Chair being non-voting.
I don't think it's a big deal since hopefully consensus will
be the normal approach anyway, but I'm curious about the

   o  The IETF Administrative Director

   The voting members of the IAOC will choose their own chair each year
   using a consensus mechanism of its choosing.  Any appointed voting
   member of the IAOC may serve as the IAOC Chair (i.e., not the IETF
   Chair or the ISOC President/CEO).  The role of the IAOC Chair is to
   organize the IAOC.  The IAOC Chair has no formal duties for
   representing the IAOC, except as directed by IAOC consensus.

   The members of the IAOC will typically serve two year terms.
   Initially, the IESG and ISOC Board will make one-year appointments,
   the IAB will make a two-year appointment, and the Nomcom will make
   one one-year appointment and one two-year appointment to establish a

Daigle & Wasserman                                              [Page 8]
                          AdminRest Scenario O            September 2004

   pattern where approximately half of the IAOC is selected each term.

   The two NomCom selected members will be selected using the procedures
   described in RFC 3777.  For the initial selection, the IESG will
   provide the list of desired qualifications for these positions.  In
   later years, this list will be provided by the IAOC.

   While there are no hard rules regarding how the IAB and the IESG
   should select members of the IAOC, it is not expected that they will
   typically choose current IAB or IESG members, if only to avoid
   overloading existing leadership.  However, they should choose people
   who are familiar with the administrative support needs of the IAB,
the IESG and/or the IETF standards process.

and have some knowledge of contract and financial procedures (please!)

   ...It is suggested that a
   fairly open process be followed for these selections, perhaps with an
   open call for nominations and/or a period of public comment on the
   candidates.  The IAB and IESG are encouraged to look at the procedure
   for IAB selection of ISOC Trustees for an example of how this might

I think this needs to be a bit less vague, at least after the first
year's experience.

   Although the IAB and IESG will choose some members of the IAOC, those
   members will not directly represent the bodies that chose them.  All
   members of the IAOC are accountable directly to the IETF community.
   To receive direct feedback from the community, the IAOC will hold an
   open meeting at least once per year at an IETF meeting.  This may
   take the form of an open IAOC plenary or a working meeting held
   during an IETF meeting slot.  The form and contents of this meeting
   are left to the discretion of the IAOC Chair.

   Decisions of IAOC members or the entire IAOC are subject to appeal
   using the procedures described in RFC 2026.  The initial appeal of an
   individual decision will go to the full IAOC.  Appeals of IAOC
   decisions will go to the IESG and continue up the chain as necessary
   (to the IAB and the ISOC Board).  The IAOC will play no role (aside
from possible administrative support)

I don't see that - the IASA might provide support, but never the IAOC. appeals of WG Chair, IESG or
   IAB decisions.

   In the event that an IAOC member abrogates his duties or acts against
   the bests interests of the IETF community, IAOC members are subject
   to recall using the recall procedure defined in RFC 3777.  IAB and
   IESG-appointed members of the IAOC are not subject to recall by their
   appointing bodies.

2.3  IASA Budget Process

   While the IASA sets a budget for the IETF's administrative needs, its
   budget process clearly needs to be closely coordinated with ISOC's.
   The specific timeline will be established each year, before the
   second IETF meeting.  A general annual timeline for budgeting will

Daigle & Wasserman                                              [Page 9]
                          AdminRest Scenario O            September 2004


   July 1 The IAD presents a budget proposal (for the following fiscal
      year, with 3 year projections) to the IAOC.

   August 1 The IAOC approves the budget proposal for IETF purposes,
      after any appropriate revisions.  As the ISOC President is part of
      the IAOC, the IAOC should have a preliminary indication of how the
      budget will fit with ISOC's own budgetary expectations.  The
      budget proposal is passed to the ISOC Board of Trustees for review
      in accordance with their fiduciary duty.

   September 1 The ISOC Board of Trustees approves the budget proposal
      provisionally.  During the next 2 months, the budget may be
      revised to be integrated in ISOC's overall budgeting process.

   November 1 Final budget to the ISOC Board for approval.

   The IAD will provide monthly accountings of expenses, and will update
   forecasts of expenditures quarterly.  This may necessitate the
   adjustment of the IASA budget.  The revised budget will need to be
   approved by the IAOC and ISOC Board of Trustees.

I think minor adjustments wouldn't need to go to the Board, so I would
rephrase as the IAOC, the ISOC CEO, and if necessary the ISOC Board of Trustees.

2.4  Relationship of the IAOC to Existing IETF Leadership

   The IAOC will be directly accountable to the IETF Community.
   However, the nature of the IAOC's work will involve treating the IESG
   and IAB as internal customers.  The IAOC should not consider its work
   successful unless the IESG and IAB are satisfied with the
   administrative support that they are receiving.

2.5  ISOC Responsibilities for IASA

   Within ISOC, support for the IASA should be structured to meet the
   following goals:

   Transparency: The IETF community should have complete visibility into
      the financial and legal structure of the ISOC standards activity.
      In particular, the IETF community should have access to a detailed
      budget for the entire standards activity, quarterly financial
      reports and audited annual financials.  In addition, key contract
      material and MOUs should be publicly available.  Most of these
      goals are already met by ISOC today.  The IAOC will be responsible
      for providing the IETF community with regular overviews of the
      state of affairs.

Daigle & Wasserman                                             [Page 10]
                          AdminRest Scenario O            September 2004

   Unification: As part of this arrangement, ISOC's sponsorship of the
      RFC Editor, IAB and IESG, as well as insurance coverage for the
      IETF will be managed as part of the IASA under the IAOC.

I agree in principle; there is a subtlety for the insurance which
is part of ISOC's general Directors and Officers insurance.

   Independence: The IASA should be financially and legally distinct
      from other ISOC activities.  IETF meeting fees should be deposited
      in a separate IETF-specific bank account and used to fund the IASA
      under the direction and oversight of the IAOC.  Any fees or
      payments collected from IETF meeting sponsors should also be
      deposited into this account.  This account will be administered by
      the IAD and used to fund the IASA in accordance with a budget and
      policies that are developed as described above.

Again, I agree in principle. But if you delete the word "bank" it would
allow for a pragmatic decision to use the general ISOC bank account
as mentioned above.

   Support: ISOC may, from time to time, choose to transfer other funds
      into this account to fund IETF administrative projects or to cover
      IETF meeting revenue shortfalls.  There may also be cases where
      ISOC chooses to loan money to the IASA to help with temporary cash
      flow issues.  These cases should be carefully documented and
      tracked on both sides.  ISOC will work to provide the 6 month
      operational reserve for IASA functioning described above.

   Removability: While there is no current plan to transfer the legal
      and financial home of the IASA to another corporation, the IASA
      should be structured to enable a clean transition in the event
      that the IETF community decides, through BCP publication, that
      such a transition is required.  In that case, the IAOC will give
      ISOC a minimum six months notice before the transition formally
      occurs.  During that period, the IAOC and ISOC will work together
      to create a smooth transition that does not result in any
      significant service outages or missed IETF meetings.  All
      contracts that are executed by ISOC as part of the IASA should
      either include a clause allowing termination or transfer by ISOC
      with six months notice, or should be transferrable to another
      corporation in the event that the IASA is transitioned away from
      ISOC in the future.  Any accrued funds, and IETF-specific
      intellectual property rights (concerning administrative data and/
      or tools) would also be expected to be transitioned to any new
      entity, as well.

Sure. But you aren't asking for the 6 month operating reserve to be
in a separate bank account, so in any case there would have to be a
financial settlement as part of any such separation.

   Within the constraints outlined above, all other details of how to
   structure this activity within ISOC (as a cost center, a department
   or a formal subsidiary) should be determined by ISOC in consultation
   with the IAOC.

It's pretty clear to me that the cost center already exists, and hiring
the IAD as a Director would create a department. I don't see any real
argument for a subsidiary.


3.8  Proposed Schedule for IASA Transition

   As described above, the three stages of the IETF community and ISOC
   approval process will take some time.  If the community chooses
   scenario O and we reach quick consensus on the details, an optimistic
   schedule for this approval would be:

I agree with those who say that the schedule is aggressive. But that
may be the only way to go - as long as you have continuing arrangements
in place to cover any slippage. Who *owns and drives* this process,
especially since there is potentially a change of IETF Chair en route?

   1.  IETF discussion of this proposal and other scenarios through
        1-Oct-2005.  IAB/IESG discusses this proposal with ISOC Board.

   2.  IAB/IESG joint recommendation issued on 8-Oct-04, including full
        BCP proposal.

   3.  Community discussion of the joint IAB/IESG recommendation through

   4.  Two-week community consensus call issued on the IETF list on
        23-Oct-04 regarding rough community consensus to pursue this
        direction and appoint an interim IAOC -- extends through IETF
        61.  IAOC selecting bodies begin search, based on expected

Daigle & Wasserman                                             [Page 15]
                          AdminRest Scenario O            September 2004

        community consensus.

   5.  Rough community consensus declared on 8-Nov-04 to pursue Scenario
        O and appoint the interim IAOC.

   6.  Interim IAOC seated on 15-Nov-04.  Interim IAOC begins interim
        work outlined above, including establishment of estimated 2005
        budget and IAD recruitment.

   7.  BCP text  discussed by community, IETF leadership and ISOC Board
        until we have something that represents rough community
        consensus that is acceptable to all.  We hope that this could be
        completed by 6-Dec-04.

   8.  Four week IETF Last Call issued for BCP on 6-Dec-04 -- extends
        through 3-Jan-04.

   9.  Simultaneous IESG and ISOC Board approvals by 17-Jan-04.

   10.  IAD officially hired in Jan 2005.

   11.  NomCom seats IAOC members at the first IETF of 2005, moving the
        IAOC from interim to non-interim status.

   12.  Formal agreements with all service providers in-place by June


Ietf mailing list