Re: Mud. Clear as. Re: Rough consensus? #425 3.5
Avri, --On tirsdag, januar 25, 2005 23:44:09 -0500 [EMAIL PROTECTED] wrote: Hi Leslie, This formulation is still of the form that does not give the IETF community a direct voice in the review and appeal mechanisms for the IAOC. I do not understand what you mean by "direct voice". Could you explain? If what you mean is that the community should have representatives involved in the consideration of the issues, and do not think that the nomcom-selected members, the IESG-selected members and the IAB-selected members of the IAOC are appropriate community representation, I do not see any mechanism short of the way we constitute recall committees that will give you what you want. If you think that the community should have the right of complaint, then I think you need to accept some limitation by human judgment on how much effort each complaint can cause. If that judgment is to lie outside of the IAOC, it has to be invoked for all complaints to the IAOC (making the system more formalistic); if it is inside the IAOC, it seems reasonable to have some means of overriding it. I, personally see not reason why the IAOC is not directly addressable by the community and does not have a direct obligation to the IETF community. While I am comfortable with the IESG and IAB being the appeal path for the IAOC, I am not comfortable with them being a firewall for the IAOC. I do have a problem with seeing the words that Leslie proposed as fitting your description. As described, it isn't a firewall - it's an override of a safeguard. I think this is a fundamental question that differentiates Margaret's formulation from yours. I also think it is a fundamental question that goes back to issues in the problem statement about the current leadership model: too much influence is focused in one leadership group. One benefit of the creation of the IAOC is that it spreads the task of running of the IETF to another group of people. As such, I think the IAOC must be required to respond directly to the community. I don't quite see the logic here - we take tasks that are currently performed in an undocumented and unaccountable fashion and move them into a body that has oversight over them, is selected by the community, is removable by the community, and is (as I see it) normally expected to respond to the community. Question: My reading of Leslie's words is that "It is up to that body to decide to make a response" should be read by the IAOC as "you'd better have a good reason not to make a response". Is what you're really looking for a way to make that "bias" in judgment explicit? Harald ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Progress report......
--On Tuesday, 25 January, 2005 14:46 +0100 Harald Tveit
Alvestrand <[EMAIL PROTECTED]> wrote:
> Despite the fact that the number of messages on the list
> doesn't seem to be decreasing, I believe we are in fact making
> progress.
>...
Harald (and Leslie),
This is very encouraging. But there is a small, but IMO
critical, collection of subjects on which I had hoped we would
see some spontaneous clarification or at least that someone else
would notice and ask. I note that Bob Kahn's recent note
raises, in a different form, some of the questions raised below.
Since this note was mostly written before his appeared on the
list, and his note deserves careful study, I have not tried to
modify the notes and questions below to reflect his comments. I
do observe, however, that his note seems to suggest that the IPR
and ISOC involvement issues are even more murky than they
appeared to be when I drafted the text and questions that follow.
It seems to me that the very essence of the plan that the BCP
documents is rooted in:
* A very clear process, with opportunities for community
comment, on the general terms and conditions of any
outsourcing arrangements, or, if the relevant tasks are
to be performed internally, equivalent discussion and
documentation. It is, of course, important to strike
the balance between those considerations and the ability
of the IAD and IAOC to negotiate and approve contracts,
but the draft seems about right in that area.
* An IAD who has been involved in RFP-writing and
contract negotiation and who is satisfied that he or she
can manage the relevant activities to the degree needed
to meet community expectations.That IAD is to be
managed by an IAOC which has oversight responsibility in
those areas, and review and approval rights and
responsibility over those RFPs and contracts. It is our
intention that both be accountable to the IETF community
for getting tasks performed, which implies that the need
to have the tools (contractual and otherwise) needed to
perform that work.
Modulo some details that seem to be getting filled in,
and some others that we can adjust as we go along if
needed, I think the draft is about right in this area.
If my memory is correct, the community very specifically did not
give the transition team the authority to write and issue
final/binding RFPs, to make the final IAD hiring decision, or to
approve any long-term contracts or other agreements, precisely
to preserve the clean set of relationships outlined above. In
addition, it seems to me that another key goal is to have...
* An orderly, predictable, and non-problematic situation
with regard to IETF rights to all software, databases,
documents, records, names, domains, web pages, and other
materials that might be considered as "intellectual
property", at least going forward. Again, I think the
draft pretty much covers what we need.
However, Leslie posted a note last Friday on behalf of the IASA
Transition Team ("IASA Transition Team update on Secretariat
2005") that indicated that that negotiations were underway
between CNRI and Neustar to sell Foretec to the latter. I have
no opinion about whether that is a good idea or not. It may be
strictly an issue between those two companies. However, I am
extremely unclear about where that plan leaves the provisions
that so many of us have put so much time into working out the
details and refinements for the draft BCP.I don't
necessarily object to the deal and the questions below should be
taken just as questions, with no particular bias about the
answers or the conclusions to be drawn from them. But I think
it is important that the community have answers to these sorts
of questions before we sign off on the BCP. Indeed, since many
people have noted that, regardless of what is in the BCP, we
will almost certainly need to revise it in a year or so after
experience accumulates, I have to wonder whether, if the
proposed deal with Neustar preempts any of the key goals or
methods posited by the BCP, whether it would make sense to
approve a much-abbreviated version now, post -06 only as an
Internet-Draft, and come back to it in a year or so after we
have that experience.
In particular, Leslie's note raises the following questions for
me.
If others have other questions, I think this is the right time
to identify them.
(1) The note indicates that "the Transition Team is favorably
inclined to consider a proposal from NeuStar for continuing
Secretariat services...". Does that language imply that the
Transition Team believes that it has the authority to accept
such a proposal, without waiting for the IAD and IAOC to be in
place?
(2) During the brief, and (I believe necessarily) very indirect,
discussion of this plan at
Re: Mud. Clear as. Re: Rough consensus? #425 3.5
Hi Leslie, This formulation is still of the form that does not give the IETF community a direct voice in the review and appeal mechanisms for the IAOC. I, personally see not reason why the IAOC is not directly addressable by the community and does not have a direct obligation to the IETF community. While I am comfortable with the IESG and IAB being the appeal path for the IAOC, I am not comfortable with them being a firewall for the IAOC. I think this is a fundamental question that differentiates Margaret's formulation from yours. I also think it is a fundamental question that goes back to issues in the problem statement about the current leadership model: too much influence is focused in one leadership group. One benefit of the creation of the IAOC is that it spreads the task of running of the IETF to another group of people. As such, I think the IAOC must be required to respond directly to the community. a. On 25 jan 2005, at 21.15, Leslie Daigle wrote: 3.5 Business Decisions Decisions made by the IAD in the course of carrying out IASA business activities are subject to review by the IAOC. The decisions of the IAOC must be publicly documented for each formal action. 3.6 Responsiveness of IASA to the IETF The IAOC is directly accountable to the IETF community for the performance of the IASA. In order to achieve this, the IAOC and IAD will ensure that guidelines are developed for regular operation decision making. Where appropriate, these guidelines should be developed with public input. In all cases, they must be made public. Additionally, the IASA should ensure there are reported objective performance metrics for all IETF process supporting activities. In the case where someone questions that an action of the IAD or the IAOC has been undertaken in accordance with this document or those operational guidelines (including the creation of an appropriate set of such guidelines), he or she may ask for a formal review of the action. The request for review is addressed to the person or body that took the action. It is up to that body to decide to make a response, and on the form of a response. The IAD is required to respond to requests for a review from the IAOC, and the IAOC is required to respond to requests for a review of a decision from the IAB or from the IESG. If members of the community feel that they are unjustly denied a response to a request for review, they may ask the IAB or the IESG to make the request on their behalf. Answered requests for review and their responses are made public. Reviews of the IAD's actions will be considered at his or her following performance review. Reviews of the IAOC's actions may be considered when IAOC members are subsequently being seated. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Resolution? #787 terminology - in particular "ISOC Standards Pillar"
Bert - I assume from the long to and cc list you are looking for me too affirmations. I'm 100% fine with what you have and, if any of the other folks think you're only 95% and propose tweaks, let me say in advance I'm fine with that as well. Regards, Carl > So... not 100% sure I captured the result ciorrectly. > This is what we have in rev 04: > > anchor="divisional-accounting"> > > Funds managed by IASA shall be accounted for in a > separate set of accounts. > Separate financial reports, including a balance > sheet and a profit and loss statement for IASA alone, > shall be produced as directed by IAOC. > > > IAOC and ISOC shall agree upon and publish procedures > for reporting and auditing of these accounts. > > > > This is what I have in my edit buffer for revision 05 > > > > As discussed with ISOC, funds managed by IASA shall > be accounted for in a separate set of accounts > within the Cost Center IASA. > A periodic summary of the IASA accounts shall be reported > in the form of standard financial statements that reflect > the income, expenses, assets, and liabilities of the IASA > cost center. > > > IAOC and ISOC shall agree upon and publish procedures > for reporting and auditing of these accounts. > > > Note that the ISOC in consultation with IAOC can > determine to structure the IASA accounting > differently in the future within the constraints > outlined in . > > > > Is that acceptable to everyone? > > I have left the change to "General Ledger Accounts" out for the > time being, because I am not sure we have consensus on that yet > (even though ISOC prefers that terminology). > > Bert > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > > Margaret Wasserman > > Sent: Wednesday, January 26, 2005 01:47 > > To: Lynn St.Amour; Carl Malamud; Tom Petch > > Cc: Harald Tveit Alvestrand; Lynn DuVal; ietf@ietf.org > > Subject: Re: Resolution? #787 terminology - in particular "ISOC > > Standards Pillar" > > > > > > > > Lynn's suggested text is fine with me. > > > > Margaret > > > > At 4:53 PM -0500 1/25/05, Lynn St.Amour wrote: > > >Margaret, > > > > > >I agree with your point below but I do feel it is helpful to state > > >what ISOC's intended implementation is: a Cost Center within ISOC. > > >This should not override the section (principle) you quote below. > > >Perhaps we can add language at the beginning of this section to > > >clarify all this (or move the paragraph you quote from section 7 to > > >this section). We might also add some of the other language > > >proposed (see immed. below) so that the overall intent is clear > > >rather than focusing on the less important detail. > > > > > >"...periodic summary of the IASA accounts in the form of standard > > >financial statements that reflect the income, expenses, assets, and > > >liabilities of that cost center." > > > > > >Regards, > > > > > >Lynn > > > > > > > > >At 9:20 AM -0500 1/21/05, Margaret Wasserman wrote: > > > > > > > > > > > >>There is a section of the BCP that says: > > >> > > >> Within the constraints outlined above, all other > > details of how to > > >> structure this activity within ISOC (whether as a cost > > center, a > > >> department, or a formal subsidiary) shall be > > determined by ISOC in > > >> consultation with the IAOC. > > >> > > >>It seems inconsistent with this section to mandate elsewhere that > > >>the IASA will be organized as a cost center, that we will use "cost > > >>center accounting", that the financial reports will include a P&L > > >>for the cost center, that we will publish the general ledger > > >>accounts, etc. These are details that, IMO, the IAOC and ISOC > > >>should work out (and change as needed to meet the needs of IASA and > > >>the IETF community) between themselves. > > > > > >___ > > >Ietf mailing list > > >Ietf@ietf.org > > >https://www1.ietf.org/mailman/listinfo/ietf > > > > > > ___ > > Ietf mailing list > > Ietf@ietf.org > > https://www1.ietf.org/mailman/listinfo/ietf > > > > ___ > Ietf mailing list > Ietf@ietf.org > https://www1.ietf.org/mailman/listinfo/ietf > ___ Ietf mailing list Ietf@ietf.org https://w
Re: FYI: I-D ACTION:draft-ietf-iasa-bcp-04.txt (fwd)
At 8:16 AM +0100 1/17/05, Harald Tveit Alvestrand wrote:
Thanks for the comments, Lynn!
--On søndag, januar 16, 2005 18:03:35 -0500
"Lynn St.Amour" <[EMAIL PROTECTED]> wrote:
-- In 2.2 principle 8 - note: this is not a critical change, but it may
be helpful to more accurately reference later text in the document.
The IASA, in cooperation with ISOC, shall ensure that sufficient
s/reserves/reserves or other mechanisms/
Question on language: in this case (both here
and in the title of 5.6), the doc tries to use
"reserves" to mean "money available if needed",
and "provide reserve" as "have money in the bank
or other means of coming up with money if
needed".
Is it better in your opinion to use "reserve or
other mechanism" when referring to having money
available?
I think we're in sync on what its meaning needs
to be, and working on how to express it.
per another exchange with Bert:
I think current text is fine. In the principles it just says "reserves"
and so I do not read that as meaning money explicitly. That detail
comes later.
So, I can live with current text per Bert's note...
exist to keep the IETF operational in the case of unexpected events
such as income shortfalls.
-- In 5.6 Operating Reserve
As an initial guideline and in normal operating circumstances, the
IASA should have an operating reserve for its activities sufficient
to cover 6-months of non-meeting operational expenses, plus twice the
recent average for meeting contract guarantees. However, the IASA
shall establish a target for a reserve fund to cover normal operating
expenses and meeting expenses in accordance with prudent planning.
This doesn't seem to parse clearly - are you suggesting that the targeted
reserve fund will be different from the initial guideline as described in
the first sentence (or maybe it's a timeframe difference?)? If you want
to leave it up to IASA (IAOC?), why not say so directly, perhaps
referencing the "under normal operating circumstances" etc. etc.
The intent was to make it clear that the IASA
will make a decision on the needed reserves for
any given year (I assume that the IAD will
propose something after due consultation and
IAOC will approve it, but writing that here is
clearly overkill), and that the IETF community
would give a little guidance ("six months seems
OK") and then let them decide.
We can imagine all sorts of circumstances where
reserves would depart from norm (after one
meeting is cancelled because of a volcano,
reserves are lower than usual; after a gift of
100M dollars from a retired dot-com magnate, the
reserves are higher)
Suggestion for how to make this "place authority
+ non-binding guidance" clearer?
OK, thanks much Harald for the clarity. How
about moving: "place authority + non-binding
guidance" to "place authority + jointly developed
guidance"? : If you agree I've suggested some
text below (changes in CAPS).
As an initial guideline and in normal operating
circumstances, the IASA should have an operating
reserve for its activities sufficient to cover
6-months of non-meeting operational expenses,
plus twice the recent average for meeting
contract guarantees. However, the IASA WORKING
WITH ISOC shall establish ANNUAL TARGETS for a
reserve fund to cover normal operating expenses
and meeting expenses in accordance with prudent
planning.
Regards,
Lynn
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
RE: Resolution? #787 terminology - in particular "ISOC Standards Pillar"
So... not 100% sure I captured the result ciorrectly. This is what we have in rev 04: Funds managed by IASA shall be accounted for in a separate set of accounts. Separate financial reports, including a balance sheet and a profit and loss statement for IASA alone, shall be produced as directed by IAOC. IAOC and ISOC shall agree upon and publish procedures for reporting and auditing of these accounts. This is what I have in my edit buffer for revision 05 As discussed with ISOC, funds managed by IASA shall be accounted for in a separate set of accounts within the Cost Center IASA. A periodic summary of the IASA accounts shall be reported in the form of standard financial statements that reflect the income, expenses, assets, and liabilities of the IASA cost center. IAOC and ISOC shall agree upon and publish procedures for reporting and auditing of these accounts. Note that the ISOC in consultation with IAOC can determine to structure the IASA accounting differently in the future within the constraints outlined in . Is that acceptable to everyone? I have left the change to "General Ledger Accounts" out for the time being, because I am not sure we have consensus on that yet (even though ISOC prefers that terminology). Bert > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Margaret Wasserman > Sent: Wednesday, January 26, 2005 01:47 > To: Lynn St.Amour; Carl Malamud; Tom Petch > Cc: Harald Tveit Alvestrand; Lynn DuVal; ietf@ietf.org > Subject: Re: Resolution? #787 terminology - in particular "ISOC > Standards Pillar" > > > > Lynn's suggested text is fine with me. > > Margaret > > At 4:53 PM -0500 1/25/05, Lynn St.Amour wrote: > >Margaret, > > > >I agree with your point below but I do feel it is helpful to state > >what ISOC's intended implementation is: a Cost Center within ISOC. > >This should not override the section (principle) you quote below. > >Perhaps we can add language at the beginning of this section to > >clarify all this (or move the paragraph you quote from section 7 to > >this section). We might also add some of the other language > >proposed (see immed. below) so that the overall intent is clear > >rather than focusing on the less important detail. > > > >"...periodic summary of the IASA accounts in the form of standard > >financial statements that reflect the income, expenses, assets, and > >liabilities of that cost center." > > > >Regards, > > > >Lynn > > > > > >At 9:20 AM -0500 1/21/05, Margaret Wasserman wrote: > > > > > > > >>There is a section of the BCP that says: > >> > >> Within the constraints outlined above, all other > details of how to > >> structure this activity within ISOC (whether as a cost > center, a > >> department, or a formal subsidiary) shall be > determined by ISOC in > >> consultation with the IAOC. > >> > >>It seems inconsistent with this section to mandate elsewhere that > >>the IASA will be organized as a cost center, that we will use "cost > >>center accounting", that the financial reports will include a P&L > >>for the cost center, that we will publish the general ledger > >>accounts, etc. These are details that, IMO, the IAOC and ISOC > >>should work out (and change as needed to meet the needs of IASA and > >>the IETF community) between themselves. > > > >___ > >Ietf mailing list > >Ietf@ietf.org > >https://www1.ietf.org/mailman/listinfo/ietf > > > ___ > Ietf mailing list > Ietf@ietf.org > https://www1.ietf.org/mailman/listinfo/ietf > ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Mud. Clear as. Re: Rough consensus? #425 3.5
With apologies for having posted & disappeared (ISP & other unexpected connectivity challenges), I'd like to try another cut at what I was getting at, based on the discussion since. On Friday, I tried a minimal edit on words that had flown around the list and seemed to have some consensus. Here's more of an extensive rewrite. Apart from the distinction I had tried to make about . business decisions (implementation) versus . performance I heard these requirements expressed: . DoS concerns -- don't create a system that begs for denial of IASA service through the appeal/review process . second-guessing -- don't create an environment where some or all of the community is second-guessing IAD/IAOC at every move . community involvement -- adequate and appropriate community involvement in the IASA decision making process And I heard various theories about distinguishing between . before decisions are made . during the decision-making process . after decisions have been made particularly in terms of whether we are discussing . appeal (review of executed action by an univolved body) . review (further discussion of an action or proposal) . recall of IAOC members Separately from those considerations, there is the question of implementation -- what people/body(ies) invoke an action, and so on. So, generally speaking, I think the important things to capture in the BCP are: . business decisions remain within the IASA in terms of review mechanisms (i.e., contracts, etc) . the IASA should be explicitly pressed to publicize and seek input on guidelines for making those decisions . public information should include objective measurements of system performance (e.g., document processing times) . there should be a crisp review process to address the situation when (some subset of the IETF believes) the IASA has not followed its guideliness in carrying out an action -- and that includes the expectation of having public guidelines. To the meeting location example -- that would mean (IMO) that the IASA should have some public guidelines for how it picks meeting sites, and if a site is picked that appears to be at odds with those guidelines, then there is a process for reviewing the IASA's actions in selecting that site. NB - that is different than appealing the site itself. So, with all that in mind, I propose the following revised text for the 2 sections I suggested on Friday: 3.5 Business Decisions Decisions made by the IAD in the course of carrying out IASA business activities are subject to review by the IAOC. The decisions of the IAOC must be publicly documented for each formal action. 3.6 Responsiveness of IASA to the IETF The IAOC is directly accountable to the IETF community for the performance of the IASA. In order to achieve this, the IAOC and IAD will ensure that guidelines are developed for regular operation decision making. Where appropriate, these guidelines should be developed with public input. In all cases, they must be made public. Additionally, the IASA should ensure there are reported objective performance metrics for all IETF process supporting activities. In the case where someone questions that an action of the IAD or the IAOC has been undertaken in accordance with this document or those operational guidelines (including the creation of an appropriate set of such guidelines), he or she may ask for a formal review of the action. The request for review is addressed to the person or body that took the action. It is up to that body to decide to make a response, and on the form of a response. The IAD is required to respond to requests for a review from the IAOC, and the IAOC is required to respond to requests for a review of a decision from the IAB or from the IESG. If members of the community feel that they are unjustly denied a response to a request for review, they may ask the IAB or the IESG to make the request on their behalf. Answered requests for review and their responses are made public. Reviews of the IAD's actions will be considered at his or her following performance review. Reviews of the IAOC's actions may be considered when IAOC members are subsequently being seated. --- Note that this deletes much of the text that is currently the "Responsiveness of the IASA to the IETF Leadership" section: However, the nature of the IAOC's work involves treating the IESG and IAB as major internal customers of the administrative support services. The IAOC and the IAD should not consider their work successful unless the IESG and IAB are also satisfied with the administrative support that the IETF is receiving. I wondered if this was still particularly relevant/appropriate or needed... Where it does leave the IAB and IESG in priviledged p
RE: Discussion: #822 legal review 3: Legal advice
I ahve made the change suggested by Harald. Bert > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Harald Tveit Alvestrand > Sent: Tuesday, January 25, 2005 10:23 > To: ietf@ietf.org > Subject: Discussion: #822 legal review 3: Legal advice > > > The discussion of legal advice (Jorge's third point) seems to > have revealed > that there are two issues here: > > - Should legal advice be sought? That's almost too obvious to > state, but > might be worth stating anyway.. I suggest that we add to > paragraph 4 of > section 3.1, "IAD responsibilities". This used to be: > >The IAD negotiates service contracts, with input, as appropriate, >from other bodies, and with review, as appropriate, by the > IAOC. The >IAOC should establish guidelines for what level of review > is expected >based on contract type, size, cost, or duration. ISOC executes >contracts on behalf of the IASA, after whatever review > ISOC requires >to ensure that the contracts meet ISOC's legal and financial >requirements. > > This could be changed to read: > >The IAD negotiates service contracts, with input, as appropriate, >from other bodies, including legal advice, and with review, as >appropriate, by the IAOC. The >IAOC should establish guidelines for what level of review > is expected >based on contract type, size, cost, or duration. ISOC executes >contracts on behalf of the IASA, after whatever review > ISOC requires >to ensure that the contracts meet ISOC's legal and financial >requirements. > > The other point raised is whether the legal advice for IASA > needs to be > independent from ISOC's legal advice. Consideration so far > seems to be that > "sometimes this would be good, sometimes this would be > indifferent or extra > overhead - hard to codify in this BCP". > > Should we leave that as "no change proposed"? > > Harald > > > > ___ > Ietf mailing list > Ietf@ietf.org > https://www1.ietf.org/mailman/listinfo/ietf > ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Legal review 2: Trademarks
> Brian E Carpenter writes: > > Harald Tveit Alvestrand wrote: > > Suggestion: Add to section 3, one paragraph before section 3.1: > > > > The IASA is responsible for undertaking any and all required actions > > that involve trademarks on behalf of the IETF. > > Works for me sfm too, and for now I have added that txt in my edit buffer Bert > Brian ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Confidentiality obligations (Re: Legal review 4: Minor editor ial)
Changed In addition, key contract material and MOUs shall also be publicly available, subject to any reasonable confidentiality obligations approved by the IAD. into In addition, key contract material and MOUs shall also be publicly available, subject to any reasonable confidentiality obligations approved by the IAOC. That is what I understood from this discussion. Bert > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > John C Klensin > Sent: Monday, January 24, 2005 15:17 > To: Harald Tveit Alvestrand; ietf@ietf.org > Subject: Re: Confidentiality obligations (Re: Legal review 4: Minor > editorial) > > > > > --On Monday, 24 January, 2005 08:23 +0100 Harald Tveit > Alvestrand <[EMAIL PROTECTED]> wrote: > > >>> 7 (Transparency): While I understand the desire for > >>> transparency, there may be some contracts that contain items > >>> that are justifiably > >>> treated as confidential (such as individual performance > >>> rewards, > >>> terms of settlement of litigation). To address this point, I > >>> might add the following words at the end of the penultimate > >>> sentence: > >>> ", subject to any reasonable confidentiality obligations > >>> approved > >>> by the IAD." > >> > >> Harald, given the general commitment in the community and > >> document to transparancy whenever possible, I wonder whether > >> the IAD should be empowered to do this or should, e.g., be > >> required to report the terms and nature of what > >> confidentiality obligations are being assumed to the IAOC so > >> that they can review it as appropriate. Note that I'm not > >> proposing disclosing the confidential information to them, > >> but it seems to me to be reasonable to tell them the nature > >> of what is being kept secret and why. > > > > hm. I could certainly argue that the IAOC should approve at > > least the criteria that the IAD uses to determine that some > > confidentiality is "OK", and could also argue that the IAOC, > > being IASA oversight, ought to be able to look at all the > > "confidential" parts of things if it needed to. > > > > We could move the approval up to the IAOC with no loss in > > confidentiality, and with some gain in > > transparency/accountability, I think. > > That would certainly be consistent with what I was suggesting. > > john > > > ___ > Ietf mailing list > Ietf@ietf.org > https://www1.ietf.org/mailman/listinfo/ietf > ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Legal review 4: Minor editorial
These 2 have been applied to my edit buffer > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Harald Tveit Alvestrand > Sent: Friday, January 21, 2005 15:46 > To: ietf@ietf.org > Subject: Legal review 4: Minor editorial > > > Editorial Comments from Jorge: > > 4., 3rd paragraph below bulleted list: The 2-year term rule > does not apply > during the initial terms. Thus, this paragraph should start > out saying > "Subject to paragraph 2 of Section 4.2, appointed members" > > 5.5: I think that the 2nd sentence is not clear, as it uses > the technical > accounting term "debited" in a way that doesn't exactly say > what I think > it's supposed to. I would rewrite it as follows: "Funds in > IASA accounts > shall be used solely to support IETF activities and for no > other purposes." ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Resolution? #787 terminology - in particular "ISOC Standards Pillar"
Lynn's suggested text is fine with me. Margaret At 4:53 PM -0500 1/25/05, Lynn St.Amour wrote: Margaret, I agree with your point below but I do feel it is helpful to state what ISOC's intended implementation is: a Cost Center within ISOC. This should not override the section (principle) you quote below. Perhaps we can add language at the beginning of this section to clarify all this (or move the paragraph you quote from section 7 to this section). We might also add some of the other language proposed (see immed. below) so that the overall intent is clear rather than focusing on the less important detail. "...periodic summary of the IASA accounts in the form of standard financial statements that reflect the income, expenses, assets, and liabilities of that cost center." Regards, Lynn At 9:20 AM -0500 1/21/05, Margaret Wasserman wrote: There is a section of the BCP that says: Within the constraints outlined above, all other details of how to structure this activity within ISOC (whether as a cost center, a department, or a formal subsidiary) shall be determined by ISOC in consultation with the IAOC. It seems inconsistent with this section to mandate elsewhere that the IASA will be organized as a cost center, that we will use "cost center accounting", that the financial reports will include a P&L for the cost center, that we will publish the general ledger accounts, etc. These are details that, IMO, the IAOC and ISOC should work out (and change as needed to meet the needs of IASA and the IETF community) between themselves. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Issue #787 - Transparency in sect 7
On Tuesday, January 25, 2005 21:32:28 +0100 "Wijnen, Bert (Bert)" <[EMAIL PROTECTED]> wrote: Sounds good to me, except why did we drop the last sentence? If you look at the email archives, then you can see that we concluded that in this section (which is about ISOC responsibilities) it seems not appropriate to list IAOC and IAD responsibilities. That is listed at other places in the document. Actually, now that you mention it, I remember that. In which case I have no objection. -- Jeff ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: IAOC Responsibilities
Hi Bob - Since I examined some of the issues you raise in some depth as part of my consulting engagement, I thought I could provide some useful background on some of the points you raise. For those who are interested, I looked at these issues in two reports: http://www.alvestrand.no/ietf/adminrest/docs/draft-malamud-interim-data-flows-00.html http://public.resource.org/adminrest/draft-malamud-consultant-report-01.html (both are in the i-d directory as well). > Although CNRI ran all aspects of the IETF Secretariat prior to 1998, and > provided technical leadership as well, since then the provision of > services has been carried out by Foretec Seminars, Inc. under contract to > CNRI. CNRI maintains the oversight of the activity, which is the province > of many of the topics discussed in connection with the IASA activity and > the IAOC in particular. One of the aspects of this oversight activity is > quality control of not only the services provided in support of the IETF, > but quality control of various aspects of the associated intellectual > property. My view is that the process undertaken on the public list has > been very useful in describing what the IETF would like to see happen in > the future. Although CNRI has not participated actively in the recent > public discussions, CNRI has committed publicly to working with the IETF > in its restructuring efforts going forward. Your CNRI 2002 tax returns showed that CNRI owns 96% of Foretec Seminars, so I have a very tough time making a distinction between the two. The Foretec board of directors serves at the pleasure of the CNRI board. > > If, in due course, CNRI were to come to an accommodation with the IETF > leadership as to how best to transition the current situation to a > structure more along the lines indicated in the discussions to date, > there are still many important issues that would have to be resolved. The > issue of managing intellectual property is high up on that list. Whether > or not the provision of services is provided under contract to CNRI or > not in the future, to a large extent, the matter of managing intellectual > property can be separated from the equation. There is absolutely no paper trail of any sort showing CNRI as "managing intellectual property." I see no consultations with IETF leadership and, indeed as shown below, I don't feel that there has been any active management on CNRI's part. Indeed, on the question of preservation of intellectual property through proper archiving, I've only found gross neglect. > > Among the issues to consider is (if CNRI does not provide the function) > who will be responsible for administration and quality control over the > use of trademarks, and how will that responsibility be carried out; and > who will be responsible for managing proprietary materials developed for > the IETF and how can they best be transferred to other parties in the > event a transition is required. These are two different issues. 1. Trademark. There is only one trademark that I have found, a US registration for the word mark "IETF Secretariat". In particular, the term "IETF" has not been registered. I dealt with that issue in my second report and it appears that the registration by CNRI was a defensive measure to protect the community and was done as part of the work for hire arrangement in which the community engaged CNRI based on a verbal agreement. That's the nicest way I can describe it. In any case, this is not intellectual property to be bartered and my advice was that if CNRI feels this *is* property, the "entity which provides support services" should simply call itself something else. 2. "who will be responsible for managing proprietary materials ". The answer to that is quite clear: the IAOC will handle these matters going forward as part of ISOC. The answer is also quite clear that the community would prefer that there not be proprietary materials. Related to that, I'd like to reiterate my conclusion about any intellectual property related to the IETF: after extensive discussions and research, I can *only* conclude that neither CNRI nor Foretec hold any intellectual property interests in materials pertaining to or developed for the IETF. > While CNRI currently intends to hold the IETF-related assets developed > over many years, we are willing to consider placing these assets in a > trust arrangement for use by the IETF in the future. The proposed IAOC > could be tasked with additional responsibilities in this regard, but this > would have to be worked out in some detail. In general, such > responsibilities should be added to the list in the draft IASA (proposed > BCP 04), section 3.2 as follows: There are significant provisions in the current draft and, as far as I can tell, a strong community consensus. It isn't fair to other members of the community to treat the current document as a jumping off point for protracted additional negotiations. I'm a bit bothered by th
RE: Minor resolution: #793: Section 7 - transition of funds
TExt change made in my edit buffer > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > [EMAIL PROTECTED] > Sent: Friday, January 21, 2005 15:35 > To: ietf@ietf.org > Subject: re: Minor resolution: #793: Section 7 - transition of funds > > > > Harald suggests > To the extent allowed by law, any balance in the IASA accounts, any > IETF-specific intellectual property rights, and any > IETF-specific data and > tools shall also transition to the new entity. Other terms shall be > negotiated between the IETF and ISOC. > > works for me > > Scott > > ___ > Ietf mailing list > Ietf@ietf.org > https://www1.ietf.org/mailman/listinfo/ietf > ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Discussion: #786 Section 2.2, 3.1 and 6: Inconsistent descrip tion of the budget process
Makes sense to me. Changes applied in my edit buffer as proposed by Harald below. Bert > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Harald Tveit Alvestrand > Sent: Friday, January 21, 2005 14:26 > To: ietf@ietf.org > Subject: Discussion: #786 Section 2.2, 3.1 and 6: Inconsistent > description of the budget process > > > [I'm trying to get closure on all the tickets, as usual > not in priority > order] > > Margaret commented: > > > There are three different descriptions of the IASA budget > process (one > > principle and two later sections), and they don't seem to > agree with each > > other about what role the ISOC BoT plays in the budget > process and/or > > who approves the IASA budget. > > I actually think the three descriptions aren't inconsistent, > because they > describe different parts of the process. but agree that > the text is not > crystal clear. > > Under "principles": > > > >> 3. The IAD and IAOC, in cooperation with the ISOC President/CEO and > >> staff, shall develop an annual budget for the IASA. The budget > >> must clearly identify all expected direct and indirect > >> expenditures related to the IASA. ISOC, through its normal > >> procedures, shall evaluate and adopt the IASA budget as part of > >> ISOC's own budget process and commit to ensuring funds to support > >> the approved budget. > > > > This paragraph in the principles section says "ISOC, > through its normal > > procedures, shall evaluate and adopt the ISOC budget". I > think that we > > have a general understanding that the ISOC BoT (as part of > their fiduciary > > responsibilities) will need to fully understand and _approve_ the > > entire ISOC budget (including the IASA portions). Although this > > principle mentions an "approved budget", there is no indication of > > who approves it until much later in the document and the later > > two references are not equivalent (see below). > > I think the principle here is relatively clear: > - IAOC must agree to it > - ISOC must agree to it > Given the responsibilities I see assigned to the two bodies, > I read this as: > - IAOC must agree that the budget fulfils the IETF > requirements for the year > - ISOC must agree that the budget is sound from a financial viewpoint > (reasonable estimates of income and expenses, and reasonable > bottom line) > > I think it is reasonable to change "evaluate and adopt" to > "evaluate and > approve". > > >From section 3.1, "IAD responsibilities": > > >> The IAD prepares an annual budget, which is subject to review and > >> approval by the IAOC. The IAD is responsible for presenting this > >> budget to the ISOC Board of Trustees, as part of ISOC's annual > >> financial planning process. > (inserted break for disposition reasons) > >> The IAOC is responsible for ensuring the > >> budget's suitability for meeting the IETF community's > administrative > >> needs, but the IAOC does not bear fiduciary responsibility > for ISOC. > >> The ISOC Board of Trustees therefore needs to review and understand > >> the budget and planned activity in enough detail to carry out their > >> fiduciary responsibility properly. The IASA publishes its complete > >> budget to the IETF community each year. > > > > Following up on my comment above... This section indicates that > > the IAOC approves the budget, but it doesn't mention ISOC BoT > > approval, just that the ISOC Board would "review and understand" > > the IASA budget. > > I don't think this is exactly right - the IAOC reviews and > approves the > budget proposal that the IAD prepares, and in the process of > adapting the > budget to ISOC's overall budget, it will continue to review > and approve the > changed version - it "is responsible", after all. > I think this section is (properly) focused on what the IAD > does, so it > shouldn't be the place where we say what the ISOC BoT does. > > In section 6. IASA budget process, we have: > > >> September 1: The ISOC Board of Trustees approves the > budget proposal > >> provisionally. During the next 2 months, the budget may be > >> revised to be integrated in ISOC's overall budgeting process. > > > > Here it does indicate that the ISOC BoT will need to approve the > > IASA budget, and that the budget presented by the IAOC/IAD may > > be revised to fit into ISOC's overall budget. I think that this > > should be reflected in the sections I've noted above, or you > > should include less detail above and reference this section > > instead. > > And also: > >November 1: Final budget to the ISOC Board for approval. > > I think this is clear. > > I think most of the apparent inconsistency here can be removed by > rephrasing the text from section 2.2 to be clear that it's > describing the > IAD's responsibilites, for example by changing: > > >>> The IAOC is responsible for ensuring the > >>> budget's suitability for meeting the IETF community's > adminis
Issue #788: Section 3 - Which functions should be done "in-house" , ...
I now have this text: The IAOC is expected to determine what IETF administrative functions are to be performed, and how or where they should be performed (e.g., internally to the IASA or by outside organizations), so as to maintain an optimal balance of functional performance and cost of each such function. The IAOC should document all such decisions, and the justification for them, for review by the community. Each function should be reviewed on a regular basis, using the assumption that the function is unnecessary and that, if necessary, it is overstaffed, rather than an assumption that anything that has been done is necessary, and adjusted as needed. The IAD is responsible for negotiating and maintaining contracts (or equivalent instruments) with outside organizations as well as providing any coordination necessary to make sure the IETF administrative support functions are covered properly. All functions (those contracted to outside organizations as well as those performed internally in the IASA) must be clearly specified and documented with well-defined deliverables, service level agreements, and transparent accounting for the cost of such functions. The first para is as proposed by John Klensin, the 2nd para has been adjusted to use same terminology as first para. It is in my edit buffer now. Is that acceptable to everyone? Bert ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Consensus? #789: Section 5.6 - Financial reserves
This text is now in my edit buffer > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > [EMAIL PROTECTED] > Sent: Friday, January 21, 2005 15:23 > To: ietf@ietf.org > Subject: Re: Consensus? #789: Section 5.6 - Financial reserves > > > > Harald suggests: > The IASA expects ISOC to build and provide that operational reserve, > through whatever mechanisms ISOC deems appropriate. > > looks good to me > > Scott > > ___ > Ietf mailing list > Ietf@ietf.org > https://www1.ietf.org/mailman/listinfo/ietf > ___ > This message was passed through > [EMAIL PROTECTED], which is a sublist of > [EMAIL PROTECTED] Not all messages are passed. Decisions on what > to pass are made solely by IETF_CENSORED ML Administrator > ([EMAIL PROTECTED]). > ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
IAOC Responsibilities
It was recently pointed out that issues concerning confidentiality of information may not have been adequately addressed; patent submissions may also place additional constraints and restrictions on what individuals and organizations can do with intellectual property. Indeed, this is but one aspect of a much larger topic that has not been discussed in any real depth. Although CNRI ran all aspects of the IETF Secretariat prior to 1998, and provided technical leadership as well, since then the provision of services has been carried out by Foretec Seminars, Inc. under contract to CNRI. CNRI maintains the oversight of the activity, which is the province of many of the topics discussed in connection with the IASA activity and the IAOC in particular. One of the aspects of this oversight activity is quality control of not only the services provided in support of the IETF, but quality control of various aspects of the associated intellectual property. My view is that the process undertaken on the public list has been very useful in describing what the IETF would like to see happen in the future. Although CNRI has not participated actively in the recent public discussions, CNRI has committed publicly to working with the IETF in its restructuring efforts going forward. If, in due course, CNRI were to come to an accommodation with the IETF leadership as to how best to transition the current situation to a structure more along the lines indicated in the discussions to date, there are still many important issues that would have to be resolved. The issue of managing intellectual property is high up on that list. Whether or not the provision of services is provided under contract to CNRI or not in the future, to a large extent, the matter of managing intellectual property can be separated from the equation. Among the issues to consider is (if CNRI does not provide the function) who will be responsible for administration and quality control over the use of trademarks, and how will that responsibility be carried out; and who will be responsible for managing proprietary materials developed for the IETF and how can they best be transferred to other parties in the event a transition is required. It would be desirable to start a discussion on these topics prior to concluding on the BCP, recognizing that all the long-term issues will undoubtedly not be resolved up front. On a related note, CNRI has also made the IETF leadership aware of the fact that CNRI may have substantial objections to certain of the proposed roles for ISOC going forward. While none of the issues raised to date appear to be such that they cannot be resolved by resolutions of the CNRI Board of Directions and the ISOC Board of Directors, to date, the discussions leading to any resolution of this matter have not taken place. The time is ripe to deal with these related issues and not to put this discussion off to some future time. While CNRI currently intends to hold the IETF-related assets developed over many years, we are willing to consider placing these assets in a trust arrangement for use by the IETF in the future. The proposed IAOC could be tasked with additional responsibilities in this regard, but this would have to be worked out in some detail. In general, such responsibilities should be added to the list in the draft IASA (proposed BCP 04), section 3.2 as follows: Proposed Additions IAOC Responsibilities: Serve as Trustees for IETF related intellectual property, as appropriate, where such assets are placed in trust for the IETF, and coordinate with the IESG and IAB, as appropriate, on such management arrangements. Develop quality of service standards, as appropriate, for the use of IETF trademarks and establish procedures for the licensing of such trademarks to providers of IETF support services. For example, such service providers would be required, upon request by the IAOC, to provide information, samples of use, or access to operations that, in the reasonable opinion of the IAOC, are necessary for the IAOC to determine whether the relevant services conform to the foregoing standards at any time. If the IAOC determines that a service provider fails to meet such standards, the IAOC shall make a recommendation to the IETF leadership on how best to proceed. The IAOC may also determine under what circumstances the IAD is authorized to sublicense the use of IETF trademarks by providers of IETF support services. Provide specific guidance to the IAD in its administration of the intellectual property procedures established for the contribution and use of information or material for IETF purposes that may be subject to copyright, patent or other rights or interests, or covered by privacy or other confidentiality obligations, and meet with the IETF leadership at regular intervals to review the existing IETF policies and procedures governing confidential and/or proprietary information or material to determine whether the exi
Re: #425: Review versus appeal?
Our processes have tended to always have review as the first step in an appeal. I believe that is important. Margaret's principle (5) which I agree with is consistent with your definition of appeal although I'm not sure I would use that word. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: A little more feedback? #818 Hiring and firing the IAD
W.r.t. to latest suggested text by Harald: > So we have 3 alternatives: > > OLD >Although the IAD is an ISOC employee, he or she works under the >direction of the IAOC. The IAD is selected and hired by a committee >of the IAOC. The members of this committee are appointed by the >IAOC, and consist at minimum of the ISOC President and the IETF >Chair. This same committee is responsible for setting the IAD's >initial compensation, reviewing the performance of the IAD >periodically, and determining any changes to the IAD's employment and >compensation. > > NEW(1) > > Although the IAD is an ISOC employee, he or she works under the > direction of the IAOC. A committee of the IAOC is responsible for > hiring and firing of the IAD, for reviewing the performance and for > setting the compensation of the IAD. The members of this committee are > appointed by the IAOC, and consist at minimum of the ISOCPresident and > the IETF Chair. > > NEW(2) > > Although the IAD is an ISOC employee, he or she works under the > direction of the IAOC. A committee of the IAOC is responsible for > hiring and firing of the IAD, for reviewing the performance and for > setting the compensation of the IAD. The members of this committee are > appointed by the IAOC, and consist at minimum of the ISOC President, the > IETF Chair and one IAOC member that has been selected by the Nomcom. > > I don't see any world-shaking difference between these, but I > slightly prefer the last one (with nomcom-selected member). > > I'd like this one, too, nailed before -05 rolls > The NEW(2) solutions might jeopardize (i.e. delay) the time by which we can actually hire the IAD. Should we add "(if these have been named)" to the Nomcom selected member. That way we can go ahead asap when we have an opportunity to hire the IAD. So then it would become: NEW(2) Although the IAD is an ISOC employee, he or she works under the direction of the IAOC. A committee of the IAOC is responsible for hiring and firing of the IAD, for reviewing the performance and for setting the compensation of the IAD. The members of this committee are appointed by the IAOC, and consist at minimum of the ISOC President, the IETF Chair and one IAOC member that has been selected by the Nomcom (if these have been named). Bert > >Harald ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Resolution? #787 terminology - in particular "ISOC Standards Pillar"
Margaret, I agree with your point below but I do feel it is helpful to state what ISOC's intended implementation is: a Cost Center within ISOC. This should not override the section (principle) you quote below. Perhaps we can add language at the beginning of this section to clarify all this (or move the paragraph you quote from section 7 to this section). We might also add some of the other language proposed (see immed. below) so that the overall intent is clear rather than focusing on the less important detail. "...periodic summary of the IASA accounts in the form of standard financial statements that reflect the income, expenses, assets, and liabilities of that cost center." Regards, Lynn At 9:20 AM -0500 1/21/05, Margaret Wasserman wrote: There is a section of the BCP that says: Within the constraints outlined above, all other details of how to structure this activity within ISOC (whether as a cost center, a department, or a formal subsidiary) shall be determined by ISOC in consultation with the IAOC. It seems inconsistent with this section to mandate elsewhere that the IASA will be organized as a cost center, that we will use "cost center accounting", that the financial reports will include a P&L for the cost center, that we will publish the general ledger accounts, etc. These are details that, IMO, the IAOC and ISOC should work out (and change as needed to meet the needs of IASA and the IETF community) between themselves. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Resolution? #787 terminology - in particular "ISOC Standards Pillar"
Comments below. Thanks, Lynn At 6:03 PM +0100 1/20/05, Tom Petch wrote: Inline, Tom Petch - Original Message - From: "Harald Tveit Alvestrand" <[EMAIL PROTECTED]> > > "IASA accounts" should probably be changed to "IASA general ledger accounts" - to have a recognizable term from bookkeeping instead of the rather vague term "accounts". general ledger is indeed a recognizable term from bookkeeping but it is not the one I would want to see. Accountancy (as taught to me) divides up the ledger into accounts, and yes, acccounts is also a recognizable term. There still seems to be some confusion over terms: Per ISOC's Director of Finance - Lynn DuVal and following GAAP practices: an organization keeps several sets of LEDGERS (sometimes called books) and at year end the balances in the LEDGERS get rolled up into the GENERAL LEDGER. The figures in the GENERAL LEDGER are used to prepare the balance sheet and profit and loss statements (and will be used to prepare the financial statements for IASA). For completeness - during audits, the auditors sample accounting transactions during the year and tie them to the GENERAL LEDGER accounts. ISOC's preference is that we stay with the term: General Ledger Accounts. Not only is this most appropriate, but it provides a helpful distinction. The ledger is typically divided up into (traditionally physical separate books) - purchases/creditors ledger - sales/debtors ledger - general/impersonal ledger - private ledger so seeing only the general ledger gives me an incomplete, perhaps misleading view of the financial state of an organisation. In fact, I would want to see the private ledger first since it contains profit and loss, trading, drawings etc. ISOC does not run private ledgers - at all. More generally, I would want to see the IASA accounts (an accountancy technical term) in the ledger (another accountancy technical term). Or do these terms change meaning as they go west across the Atlantic? or perhaps they change meaning when technical (terms) meets accountancy? I'll address Margaret's comments separately, as while I understand and agree with her position, I think it's appropriate to provide a bit more specificity in the BCP if only to minimize surprises downstream. Regards, Lynn St.Amour ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
#425: Review versus appeal?
Checking the debate, it seems interesting to ask about one single distinction on the alternatives: Do we want to institutionalize a review or an appeal? In the sense I'm using it here, which I think isn't too strange: - Review means that a body looks at a decision/handling, and tells us why that decision or process was made. That body was already responsible for making the decision - or supervising the person(s) that made the decision. - Appeal means that you take an issue that is handled by one person or group, and hand it off, with all supporting documentation needed to understand what's going on, and ask that other body to figure out whether the process or the decision was correct in context or not. Review has no issues with confidentiality (the group is supposed to know the secrets already), and fewer issues with reversal of decisions - the decisions that are possible are already within the power of that group to make. and it knows whether it is committed. But because it does not move the issue around, it may be seen as "just" a procedure for getting a more public documentation of what was done and why it ws done. Appeal has the advantage of having new people for a "fresh look". But since it moves the issue around, it requires that documentation go along with it - creating issues with confidentiality. And if the decision is "you really shouldn't have done that", it creates an implicit hierarchy - the body appealed to is put in a position of some kind of power over the other body. Multiple levels of appeal makes sense. Multiple levels of requesting reviews from the same body does not. I'm pretty sure Avri talks about appeals, and I think Sam is too. I'm also pretty sure John and I are talking about review (as defined above). What are the rest of us talking about - what would we prefer, and what would we be able to live with? Harald ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Rough consensus? #425 3.5
I agree with Margaret's general principles with a few comments. (4) is desirable to me but not critical. I am ambivalent on (6); I don't think it is particularly problematic but do not think it is required. I understand others disagree with me strongly on this point. The rest of the principles for a review process seem very important to me. Also, I believe Margaret's principles are sufficient. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Issue #787 - Transparency in sect 7
Inline > -Original Message- > From: Jeffrey Hutzelman [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 25, 2005 21:15 > To: Wijnen, Bert (Bert); ietf@ietf.org > Subject: Re: Issue #787 - Transparency in sect 7 > > > > > On Tuesday, January 25, 2005 18:01:31 +0100 "Wijnen, Bert (Bert)" > <[EMAIL PROTECTED]> wrote: > > > Issue 787 is linked to issue 794 > > > > Inside 787 we have several topics in fact. One of them is > > Transparency in sect 7 > > > > Harald (justified and) suggested to change the current text > > > > Transparency: The IETF community shall have complete visibility into > > the financial and legal structure of the ISOC standards activity. > > In particular, a detailed budget for the entire standards > > activity, quarterly financial reports, and audited annual > > financial reports shall all be available to the IETF community. > > In addition, key contract material and MOUs shall also be publicly > > available. The IAD and IAOC are responsible for providing regular > > overviews of the state of the IASA to the IETF community. > > > > into: > > > > Transparency: The IETF community shall have complete visibility into > > the financial and legal structure of the ISOC activities that > > are related to, but not part of, the IASA standards support activity. > > In particular, a detailed budget for the entire related ISOC > > activity, quarterly financial reports, and audited annual > > financial reports shall all be available to the IETF community. > > In addition, key contract material and MOUs shall also be publicly > > available, subject to any reasonable confidentiality obligations > > approved by the IAD. > > > > and asked if that makes sense. > > > > I believe I have seen several agreements, but it is a bit ahrd to > > judge, because the text in that ticket deals with several issues. > > > > So I jave made the above change in my edit buffer. > > > > Speak up asap pls if you have an issue with that. > > Sounds good to me, except why did we drop the last sentence? > If you look at the email archives, then you can see that we concluded that in this section (which is about ISOC responsibilities) it seems not appropriate to list IAOC and IAD responsibilities. That is listed at other places in the document. Bert ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Issue #787 - Transparency in sect 7
On Tuesday, January 25, 2005 18:01:31 +0100 "Wijnen, Bert (Bert)" <[EMAIL PROTECTED]> wrote: Issue 787 is linked to issue 794 Inside 787 we have several topics in fact. One of them is Transparency in sect 7 Harald (justified and) suggested to change the current text Transparency: The IETF community shall have complete visibility into the financial and legal structure of the ISOC standards activity. In particular, a detailed budget for the entire standards activity, quarterly financial reports, and audited annual financial reports shall all be available to the IETF community. In addition, key contract material and MOUs shall also be publicly available. The IAD and IAOC are responsible for providing regular overviews of the state of the IASA to the IETF community. into: Transparency: The IETF community shall have complete visibility into the financial and legal structure of the ISOC activities that are related to, but not part of, the IASA standards support activity. In particular, a detailed budget for the entire related ISOC activity, quarterly financial reports, and audited annual financial reports shall all be available to the IETF community. In addition, key contract material and MOUs shall also be publicly available, subject to any reasonable confidentiality obligations approved by the IAD. and asked if that makes sense. I believe I have seen several agreements, but it is a bit ahrd to judge, because the text in that ticket deals with several issues. So I jave made the above change in my edit buffer. Speak up asap pls if you have an issue with that. Sounds good to me, except why did we drop the last sentence? ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Consensus? #746 IAOC decision making
> Brian E Carpenter writes > > Scott Bradner wrote: > > harald suggets > > The IAOC attempts to reach consensus on all decisions. > > If the IAOC cannot achieve a consensus decision, then > > the IAOC may decide by voting. > > > > looks good to me > > Agreed > Brian > wfm Change applied to editing buffer Bert ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Rough consensus? #425 3.5
> "John" == John C Klensin <[EMAIL PROTECTED]> writes: >> However, failure to take adequate comments before making a >> decision seems like a reasonable justification from my >> standpoint for reviewing that decision. Depending on the >> consequences of doing so it may even be appropriate to reverse >> such decisions. There is significant but *not infinite* cost >> to reversing a decision. There can also be significant cost to >> having a bad decision. There is also a cost to the review >> process itself. John> I'm making an assumption here which might not be valid. I'm John> assuming that, generally, possible IAOCs will fall into one John> of two categories. I think I disagree with this assumption and I think that is the core of our disagreement. John> One --the one we want-- will be open and John> transparent whenever possible, will try to design things to John> allow for community input before decisions are made whenever John> possible, and will try to establish principles, in John> conjunction with the community, about how things should be John> done and then follow them. I agree with you that if the IAOC is interested in secrecy then John> recall is the best and only solution. however I suspect that even a desirable IAOC will not match the platonic ideal of your first category. They will end up cutting corners, making decisions that people disagree with, etc. We hope they are generally interested in openness, consensus-building and establishing principles. They will also be interested in getting work done and will have limited resources. I suspect that some times, even the best of people will make the wrong decision or use the wrong process. When such a group of people is faced with an appeal or review, they will honestly sit down and reconsider their decision and sometimes even decide they were wrong. Infrequent use of an appeals process--even one leading to successful appeals does not always mean there is a process problem or even that someone needs replacing. --Sam ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Issue #787 - Transparency in sect 7
Issue 787 is linked to issue 794 Inside 787 we have several topics in fact. One of them is Transparency in sect 7 Harald (justified and) suggested to change the current text Transparency: The IETF community shall have complete visibility into the financial and legal structure of the ISOC standards activity. In particular, a detailed budget for the entire standards activity, quarterly financial reports, and audited annual financial reports shall all be available to the IETF community. In addition, key contract material and MOUs shall also be publicly available. The IAD and IAOC are responsible for providing regular overviews of the state of the IASA to the IETF community. into: Transparency: The IETF community shall have complete visibility into the financial and legal structure of the ISOC activities that are related to, but not part of, the IASA standards support activity. In particular, a detailed budget for the entire related ISOC activity, quarterly financial reports, and audited annual financial reports shall all be available to the IETF community. In addition, key contract material and MOUs shall also be publicly available, subject to any reasonable confidentiality obligations approved by the IAD. and asked if that makes sense. I believe I have seen several agreements, but it is a bit ahrd to judge, because the text in that ticket deals with several issues. So I jave made the above change in my edit buffer. Speak up asap pls if you have an issue with that. Bert ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Rough consensus? #425 3.5
On 25 jan 2005, at 08.33, Margaret Wasserman wrote: At 7:54 AM -0500 1/25/05, [EMAIL PROTECTED] wrote: in (2) I think that the review request need to be addressed to the chair of the respective body. I think the language of 2026 can be adapted as to contents. Yes, I agree. That is what I included in my proposed wording (lo these many moons ago), but would also accept other alternatives, as long as it is clear when someone would send a review request and it is clear who is responsible for making sure that it is considered. I think that the Chair is always ultimately responsible for seeing to it that the work of the IAOC, or the IAB or IESG for that matter, gets done. in (5), I think the appeals should have the full chain of appeals. I know 'at least one level' does include the chain, but I think it is important to be able to appeal all the way to the ISOC BoT. Why do you think so? If it is the ISOC BoT that you want in the loop specifically, I suppose that the first level could go there... It seems to me that multi-level appeals in the IETF have not worked very well... I think the multi level escalation works by making sure that the correct level of the organizational layering gets to handle the review. It would be impossible, or at least very complex to say, reviews for topic X go to the IAB while reviews for y go to the the IESG and for Z to the ISOC BoT. And while I think that the ISOC BoT is the reviewer of last resort (as they are today for process issues), I don't believe they necessarily need to be the reviewer of first resort. If multi-level reviews are not working well, I think this is a different problem to be explored separately, but my view is that the IAOC should be slipped into the processes in as compatible a method as possible, and I think that following the same escalation procedures as are currently in existence is an appropriate approach. in (6), I agree that decisions that involve contractual obligations mustn't be overturned, but I have a problem with saying that there are no decisions that can be overturned. So, how would you make the distinction? One of the reasons why I'd rather see no decisions subject to being overturned is that I don't want the IAOC to have an incentive to hide their contract or hiring plans from us until after they are signed (and can't be overturned). I think it is relatively easy to distinguish a contractual obligation from a decision that is not contractual, there is a contract. Now you bring up a good point, what if the IAC uses that as a loophole, and make a decision to not be transparent about contractual plans so that their decisions cannot be altered. This would certainly, to my mind, qualify as a decision where a successful appeal would force a change. I can imagine many other decision that they could make that might also be subject to revision. My problem with making all decisions unchangeable is that it makes appeals toothless, they never can have any real effect. And I believe that this is almost, but not quite, as bad as not having an appeals process as it leave no recourse other then recall or public discontent. a. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Edits - #819 - Elwyn's editorials
> Brian E Carpenter writes: > > Harald Tveit Alvestrand wrote: > > > > > > --On 25. januar 2005 11:40 +0100 Brian E Carpenter <[EMAIL PROTECTED]> > > wrote: > > > >> Harald, I'm with you except perhaps for the data protection > >> issue. Elwyn is right that laws in this area vary widely > >> and if, for example, a subcontractor is located in the EU > >> they will be much more constrained about use of personal > >> data than in the US. > >> > >> I suggest adding something to the IAD's responsibilities, > >> rather than to the principles. Somewhere in section 3.1: > >> > >> The IAD shall ensure that personal data collected for > >> legitimate purposes of the IASA are protected according > >> to relevant legislation. > > > > > > That makes sense to me too. I think the IASA should take care for > > personal data protection because it is right too, so I'd > > make it stronger: > > > > The IAD shall ensure that personal data collected for > > legitimate purposes of the IASA are protected appropriately, > > and at least satisfactorily according to relevant legislation. > > > > Place it just after paragraph 5 of section 3.1, the one that starts out > > talking about contracts giving the IETF rights in data - it seems > > appropriate. > > > > OK? > > OK 4 me > OK by me. I have above text now in my edit buffer. Bert > Brian ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Edits - #819 - Elwyn's editorials
Inline > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Harald Tveit Alvestrand > Sent: Monday, January 24, 2005 18:42 > To: ietf@ietf.org > Subject: Edits - #819 - Elwyn's editorials > > > There has apparently been no comments on these I thought > I'd make a > pass... > > > Some thoughts: > > S1, para 3: s/Such support includes/The support for current work includes/ > > this works either way for me - "current" seems to say "the next sentences > describe what is currently done, and the future may be different". > Suggest that we accept the edit. > I can certainly make the change. But in my ears, the current text sounds much better. In fact I am not sure that we mean just "current" but also possible "future" work. > > S1, Para 3: > >> The IASA is also ultimately responsible for the financial > >> activities associated with IETF administrative support such as > >> collecting IETF meeting fees, paying invoices, managing budgets and > >> financial accounts, and so forth. > > > > Given that IETF/IASA is operating as some sort of subsidiary of ISOC, I'm > > not sure that IASA can be ultimately responsible for > > anything. s/ultimately/day-to-day/ or some such? > > I'd go for just deleting "ultimately". The work may be contracted out, so > it's not day-to-day, but "ultimately" is just trouble. > I remember that when we discussed this, the idea we wanted to express is that the IAD does the day-to-day work (or outsources it) but that IASA has the ultimate responsibility. That is, IASA must make sure things happen, but can outsource or assign to a specific person. So again... I am not sure we want to make any change. > > S1, para 4: 'and met well' ? Nice thought but what does it *actually* > > mean? > > That we (the IETF) like the result? > I would like this to stay, undefined as it is. > I like it to stay the way it is too > > S2.2: I know that US data protection laws and practices are not as well > > developed as European ones, but I think there ought to be some duty to > > protect the data and generate a suitable privacy policy, as well as keep > > it available. (Item 7). > > I think there should be - but don't see a good way of capturing it here. > I'd let it go for now and try to instruct the IASA later > Per Brians and Haralds email exchange I now have text for that (see my other email). > > S2.2: Should the IASA be responsible for ensuring that the IETF > > (especially if it is run as a subsidiary) fulfils its legal and > > regulatory > > responsibilities? It certainly needs to maintain any records that might > > be needed for such purposes beyond just financial matters. I am not > > expert in US company law but I am sure there must be *some* things they > > would need to do. > > Hm. Yes. It needs to deal with subpoenas and other irritations, for > instance. > But this is a bit like saying "you are responsible for > staying wet while in > water". I can't think of text at the moment > > > S3.1, para 3: This para states that signing powers will be > delegated to > > the IAD up to some specified limit. Who has signing powers > beyond this? > > This is just part of a much wider point about the actual > powers of the > > IETF/IAOC and the relationship with ISOC which I will > discuss at the end > > of these notes. > > The text at the moment doesn't say exactly that - it says > that "we'll work > it out".. I don't know what more it CAN say > > > S3.1: I think this whole section should be much clearer > about exactly > > what powers are delegated to the IAD to make commitments, > as opposed to > > just negotiating: ISOC executes the contracts but the IAD > will want to > > know that ISOC is a rubber stamp/back stop for this > process and is not > > going to start second guessing him if he operates within > the parameters > > set for him. This is related to the long discussion on > Issue 739. There > > is also the potential for dispute between IAOC and > IAD/ISOC which is not > > really addressed. > > Not sure what to add here, if anything - this will have to be > worked out in > practical terms, and the IAOC will have to work out the details in > cooperation with the ISOC President. > Should there be specific language? > > > s3.4: It would be nice to see a requirement that minutes > were published > > in a set period or at least in a timely fashion after > meetings, rather > > than just regularly. > > Suggest s/regularly/in a timely fashion/. Easy change Makes sense. Change applied to my edit buffer > > > s4: > >> While there are no hard rules regarding how the IAB and the IESG > >> should select members of the IAOC, such appointees need not be > >> current IAB or IESG members (and probably should not be, if only to > >> avoid overloading the existing leadership). The IAB and IESG should > >> choose people with some knowledge of contracts and financial > >> procedures, w
RE: Rough consensus? #739 Assuring ISOC commitment to AdminRest
> Brian E Carpenter wrote: > > Scott Bradner wrote: > > Harald asks: > > > > 2.5 Effective Date for Commencement of IASA > > > > The procedures in this document shall become operational > > after this document has been approved by the process defined in > > BCP 9 [RFC2026] , including its acceptance as an IETF process BCP > > by the ISOC Board of Trustees, and the ISOC Board of Trustees > > has confirmed its acceptance of ISOC's responsibilities > > under the terms herein described. > > > > > > Is that something we can live with? > > > > I can > > ditto Me too. I have the above text now applied to my edit buffer. Bert > Brian ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Rough consensus? #425 3.5
Margaret Wasserman wrote: Hi Brian, At 11:48 AM +0100 1/25/05, Brian E Carpenter wrote: Exactly. And we need to be sure that the "appeals" text allows for review of procedures, including the kind of "case study" you suggest, without allowing the appeal procedure to be used for commercial food-fights. It's tricky to get that exactly right. Are you sure that we have consensus on this? Between me and Sam, apparently :-) ... It seems to me that some people would like the IAB/IESG to be able to force the re-consideration of an IAOC decision, but not for other IETF participants to have any way to effectively question the IAOC. At least, that is how most of the recent suggestions read to me. People don't even seem to have picked up on my concern that the current text doesn't say who to contact if you do want a decision reviewed, making the process difficult and intimidating for anyone who isn't embroiled in IETF politics. I thought it was fairly clear that you should start with the IAOC (just like you start with the WG for a standards appeal). Maybe it would help (in getting this issue closed) if we could figure out what we want in general terms and then try to draft the text? Mixing basic conceptual arguments with text tuning within multiple (ever changing) camps doesn't seem to be getting us anywhere. So, I'll take a shot at a few things attributes that I think would be good in a review process: (1) I agree with you that we do not want a review process (whether invoked by an individual or by the IAB and IESG) that can overturn a contract award or hiring decision after that decision is made. The current proposed text (I think that the latest was from Leslie) makes the community impotent, without properly restricting the review requests from the IAB/IESG, IMO. I agree with that intent. IMO the text in draft-ietf-iasa-bcp-04.txt has some defects, but is mainly consistent with that intent. [N.B. I do hope that the IAOC will run an open RFP process for most (or all?) contracts, and that the process will include a public comment stage after the IAOC chooses a potential winner, so that there will be an opportunity for the community to raise concerns (if any) before it is too late. Given recent posts, I don't think that the IASA-TT/IAOC is likely to take us in this direction within the next year, but I do hope that we get there eventually.] (2) I think that the review process should be well-enough specified that a person who is not a (past or present) member of the I* could use it. This means that it needs to say where you send a review request, how you unambiguously identify a formal review request and what a review request should contain. This should be at least at the level of detail of the RFC 2026 appeals process (or even a bit more detailed, as folks seem to find that process confusing enough that they don't often get it right). [EMAIL PROTECTED] draft-ietf-iasa-bcp-04.txt says 'starting with the IESG' which actually seems wrong - the review should start right with the IAOC and then be escalated if necessary. (3) I think that review requests should be limited to situations where the IAOC violates written procedures (their own or the IASA BCP) and/or makes a decision that is against the best interests of the IETF. The request for review should be specific about what procedure was violated and/or how a specific decision runs against the IETF's interests. Yes, but we need to make sure that the text more or less excludes appeals against the wrong kind of cookies as well as against commercial decisions. (4) Personally, I think that any member of the community (and yes, I understand that means the general public) should be able to make a formal review request and expect to get a response from the IAOC within a reasonable time period (~90 days). I do not think the response needs to be a lengthy hearing, or a complex legal document. But, I think that we should have a review process, open to everyone, where a response is mandated. The response could be: "We looked into this decision, and we didn't find anything irregular about the decision or about how it was reached". Sure, that is analagous to appeals under 2026 (5) I think that there should be at least one level of escalation possible if the person requesting a review does not receive a satisfactory response from the IAOC (I had suggested that this would go to the IESG). I don't think that the person should have to persuade the IAB or IESG to act on his/her behalf (which is another way in which the current process is really only open to political insiders), I think that the IESG (or whoever we use as the next level lf escalation) should be required to consider the IAOC's response and respond to the escalated review within a reasonable timeframe. I see no reason not to allow the whole appeal chain, again by analogy with 2026. (6) I do not think that we want the IAB or IESG (or anyone else) to be able to o
Progress report......
Despite the fact that the number of messages on the list doesn't seem to be decreasing, I believe we are in fact making progress. Out of 22 tickets listed as "open" yesterday, I believe we have agreed text on most - 3 needed some checking, 3 were "not yet processed", and only one - the appeals stuff in #725, which also is required for #720 and #792 - seems to be a really sticky issue. Things that have come up under "procedural" include: - Requests for an explicit sign-off from the IAB before the document is approved by the IESG - Requests for an explicit statement from the ISOC BoT (or representatives thereof) that they will not require any more changes before approving the document through an ISOC BoT resolutions - again, doing this before the IESG formally signs off on it - Requests that there be at least a week between the final version of the document and IESG formally signing off on it. I think that's all.. working on it now. The end is (perhaps) near Harald ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Edits - #819 - Elwyn's editorials
Harald suggests > The IAD shall ensure that personal data collected for > legitimate purposes of the IASA are protected appropriately, > and at least satisfactorily according to relevant legislation. > > Place it just after paragraph 5 of section 3.1, the one that starts out > talking about contracts giving the IETF rights in data - it seems > appropriate. > > OK? yup Scott ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Rough consensus? #425 3.5
At 7:54 AM -0500 1/25/05, [EMAIL PROTECTED] wrote: in (2) I think that the review request need to be addressed to the chair of the respective body. I think the language of 2026 can be adapted as to contents. Yes, I agree. That is what I included in my proposed wording (lo these many moons ago), but would also accept other alternatives, as long as it is clear when someone would send a review request and it is clear who is responsible for making sure that it is considered. in (5), I think the appeals should have the full chain of appeals. I know 'at least one level' does include the chain, but I think it is important to be able to appeal all the way to the ISOC BoT. Why do you think so? If it is the ISOC BoT that you want in the loop specifically, I suppose that the first level could go there... It seems to me that multi-level appeals in the IETF have not worked very well... in (6), I agree that decisions that involve contractual obligations mustn't be overturned, but I have a problem with saying that there are no decisions that can be overturned. So, how would you make the distinction? One of the reasons why I'd rather see no decisions subject to being overturned is that I don't want the IAOC to have an incentive to hide their contract or hiring plans from us until after they are signed (and can't be overturned). Margaret ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Edits - #819 - Elwyn's editorials
At 17:42 24/01/2005, Harald Tveit Alvestrand wrote: There has apparently been no comments on these I thought I'd make a pass... Some thoughts: S1, para 3: s/Such support includes/The support for current work includes/ this works either way for me - "current" seems to say "the next sentences describe what is currently done, and the future may be different". Suggest that we accept the edit. Fine. S1, Para 3: The IASA is also ultimately responsible for the financial activities associated with IETF administrative support such as collecting IETF meeting fees, paying invoices, managing budgets and financial accounts, and so forth. Given that IETF/IASA is operating as some sort of subsidiary of ISOC, I'm not sure that IASA can be ultimately responsible for anything. s/ultimately/day-to-day/ or some such? I'd go for just deleting "ultimately". The work may be contracted out, so it's not day-to-day, but "ultimately" is just trouble. Also fine. S1, para 4: 'and met well' ? Nice thought but what does it *actually* mean? That we (the IETF) like the result? I would like this to stay, undefined as it is. The only thing I would say here is that, whilst the IASA and the IAD are to be the IETF's servants (with will expressed by the IAOC in the normal course of events), asking them to 'meet something well' is in a sense asking them to second guess what we really meant rather than spelling it out properly in the first place. Are we really asking for them to be proactive rather totally reactive? This is usually what is meant when somebody gets an 'exceed' on their performance assessment: So why don't we spell it out.. make it quite clear that we are not after a passive servant but an organisation that thinks for itself to produce the best possible solution within the various constraints the IAD and IASA should be encouraged to advise the IETF/IAOC on best options for implementation and suggest ways in which processes could be improved. S2.2: I know that US data protection laws and practices are not as well developed as European ones, but I think there ought to be some duty to protect the data and generate a suitable privacy policy, as well as keep it available. (Item 7). I think there should be - but don't see a good way of capturing it here. I'd let it go for now and try to instruct the IASA later I' am happy with the words negotiated between Harald and Brian. S2.2: Should the IASA be responsible for ensuring that the IETF (especially if it is run as a subsidiary) fulfils its legal and regulatory responsibilities? It certainly needs to maintain any records that might be needed for such purposes beyond just financial matters. I am not expert in US company law but I am sure there must be *some* things they would need to do. Hm. Yes. It needs to deal with subpoenas and other irritations, for instance. But this is a bit like saying "you are responsible for staying wet while in water". I can't think of text at the moment Responsibilities of the IAD: 'Working with ISOC to maintain records needed to fulfil the IETF's legal and regulatory duties, and providing information to allow IETF to respond in a timely fashion to any legal or regulatory requests.' S3.1, para 3: This para states that signing powers will be delegated to the IAD up to some specified limit. Who has signing powers beyond this? This is just part of a much wider point about the actual powers of the IETF/IAOC and the relationship with ISOC which I will discuss at the end of these notes. The text at the moment doesn't say exactly that - it says that "we'll work it out".. I don't know what more it CAN say Can you make it clear that IAOC has a role in authorizing larger payments even if they actually have to be signed by ISOC president or whatever? S3.1: I think this whole section should be much clearer about exactly what powers are delegated to the IAD to make commitments, as opposed to just negotiating: ISOC executes the contracts but the IAD will want to know that ISOC is a rubber stamp/back stop for this process and is not going to start second guessing him if he operates within the parameters set for him. This is related to the long discussion on Issue 739. There is also the potential for dispute between IAOC and IAD/ISOC which is not really addressed. Not sure what to add here, if anything - this will have to be worked out in practical terms, and the IAOC will have to work out the details in cooperation with the ISOC President. Should there be specific language? The problem I saw was that the words seemed to be a little unclear as to whether the IAD could actually authorise contracts as well as negotiate them: does the signing power apply only to signing checks or also to signing contracts on behalf of ISOC? s3.4: It would be nice to see a requirement that minutes were published in a set period or at least in a timely fashion after meetings, rather than just regularly. Suggest s/reg
Re: Rough consensus? #425 3.5
hi, I generally agree with these principles with some comments: in (2) I think that the review request need to be addressed to the chair of the respective body. I think the language of 2026 can be adapted as to contents. in (5), I think the appeals should have the full chain of appeals. I know 'at least one level' does include the chain, but I think it is important to be able to appeal all the way to the ISOC BoT. in (6), I agree that decisions that involve contractual obligations mustn't be overturned, but I have a problem with saying that there are no decisions that can be overturned. a. On 25 jan 2005, at 07.29, Margaret Wasserman wrote: So, I'll take a shot at a few things attributes that I think would be good in a review process: (1) I agree with you that we do not want a review process (whether invoked by an individual or by the IAB and IESG) that can overturn a contract award or hiring decision after that decision is made. The current proposed text (I think that the latest was from Leslie) makes the community impotent, without properly restricting the review requests from the IAB/IESG, IMO. [N.B. I do hope that the IAOC will run an open RFP process for most (or all?) contracts, and that the process will include a public comment stage after the IAOC chooses a potential winner, so that there will be an opportunity for the community to raise concerns (if any) before it is too late. Given recent posts, I don't think that the IASA-TT/IAOC is likely to take us in this direction within the next year, but I do hope that we get there eventually.] (2) I think that the review process should be well-enough specified that a person who is not a (past or present) member of the I* could use it. This means that it needs to say where you send a review request, how you unambiguously identify a formal review request and what a review request should contain. This should be at least at the level of detail of the RFC 2026 appeals process (or even a bit more detailed, as folks seem to find that process confusing enough that they don't often get it right). (3) I think that review requests should be limited to situations where the IAOC violates written procedures (their own or the IASA BCP) and/or makes a decision that is against the best interests of the IETF. The request for review should be specific about what procedure was violated and/or how a specific decision runs against the IETF's interests. (4) Personally, I think that any member of the community (and yes, I understand that means the general public) should be able to make a formal review request and expect to get a response from the IAOC within a reasonable time period (~90 days). I do not think the response needs to be a lengthy hearing, or a complex legal document. But, I think that we should have a review process, open to everyone, where a response is mandated. The response could be: "We looked into this decision, and we didn't find anything irregular about the decision or about how it was reached". (5) I think that there should be at least one level of escalation possible if the person requesting a review does not receive a satisfactory response from the IAOC (I had suggested that this would go to the IESG). I don't think that the person should have to persuade the IAB or IESG to act on his/her behalf (which is another way in which the current process is really only open to political insiders), I think that the IESG (or whoever we use as the next level lf escalation) should be required to consider the IAOC's response and respond to the escalated review within a reasonable timeframe. (6) I do not think that we want the IAB or IESG (or anyone else) to be able to overturn a decision of the IAOC, only to advise the IAOC that they believe that an incorrect decision was made. Do folks agree with these thoughts? Are there other basic ideas that should be included? Margaret At 11:48 AM +0100 1/25/05, Brian E Carpenter wrote: Sam Hartman wrote: "Brian" == Brian E Carpenter <[EMAIL PROTECTED]> writes: Brian> Reviewing procedures is fine. Reviewing specific awards Brian> isn't, IMHO, which is all I intended my words to exclude. Attempting to undo a specific award once things are signed (or delaying signing) is generally unacceptable. Reviewing a specific award to come to conclusions like "we failed to follow our procedures," is definitely problematic but IMHO sometimes necessary. Such reviews need to be handled with great care: some of the data used to make the decision may not be available to the reviewing body and much of the data must not become public. Also, if you conclude that you did follow the wrong procedures in a specific incident but are stuck with the contract because it is already signed, that creates all sorts of bad feelings and potential liability. Exactly. And we need to be sure that the "appeals" text allows for review of procedures, including the kind of
Re: Edits - #819 - Elwyn's editorials
Harald Tveit Alvestrand wrote: --On 25. januar 2005 11:40 +0100 Brian E Carpenter <[EMAIL PROTECTED]> wrote: Harald, I'm with you except perhaps for the data protection issue. Elwyn is right that laws in this area vary widely and if, for example, a subcontractor is located in the EU they will be much more constrained about use of personal data than in the US. I suggest adding something to the IAD's responsibilities, rather than to the principles. Somewhere in section 3.1: The IAD shall ensure that personal data collected for legitimate purposes of the IASA are protected according to relevant legislation. That makes sense to me too. I think the IASA should take care for personal data protection because it is right too, so I'd make it stronger: The IAD shall ensure that personal data collected for legitimate purposes of the IASA are protected appropriately, and at least satisfactorily according to relevant legislation. Place it just after paragraph 5 of section 3.1, the one that starts out talking about contracts giving the IETF rights in data - it seems appropriate. OK? OK 4 me Brian ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Rough consensus? #425 3.5
Hi Brian, At 11:48 AM +0100 1/25/05, Brian E Carpenter wrote: Exactly. And we need to be sure that the "appeals" text allows for review of procedures, including the kind of "case study" you suggest, without allowing the appeal procedure to be used for commercial food-fights. It's tricky to get that exactly right. Are you sure that we have consensus on this? It seems to me that some people would like the IAB/IESG to be able to force the re-consideration of an IAOC decision, but not for other IETF participants to have any way to effectively question the IAOC. At least, that is how most of the recent suggestions read to me. People don't even seem to have picked up on my concern that the current text doesn't say who to contact if you do want a decision reviewed, making the process difficult and intimidating for anyone who isn't embroiled in IETF politics. Maybe it would help (in getting this issue closed) if we could figure out what we want in general terms and then try to draft the text? Mixing basic conceptual arguments with text tuning within multiple (ever changing) camps doesn't seem to be getting us anywhere. So, I'll take a shot at a few things attributes that I think would be good in a review process: (1) I agree with you that we do not want a review process (whether invoked by an individual or by the IAB and IESG) that can overturn a contract award or hiring decision after that decision is made. The current proposed text (I think that the latest was from Leslie) makes the community impotent, without properly restricting the review requests from the IAB/IESG, IMO. [N.B. I do hope that the IAOC will run an open RFP process for most (or all?) contracts, and that the process will include a public comment stage after the IAOC chooses a potential winner, so that there will be an opportunity for the community to raise concerns (if any) before it is too late. Given recent posts, I don't think that the IASA-TT/IAOC is likely to take us in this direction within the next year, but I do hope that we get there eventually.] (2) I think that the review process should be well-enough specified that a person who is not a (past or present) member of the I* could use it. This means that it needs to say where you send a review request, how you unambiguously identify a formal review request and what a review request should contain. This should be at least at the level of detail of the RFC 2026 appeals process (or even a bit more detailed, as folks seem to find that process confusing enough that they don't often get it right). (3) I think that review requests should be limited to situations where the IAOC violates written procedures (their own or the IASA BCP) and/or makes a decision that is against the best interests of the IETF. The request for review should be specific about what procedure was violated and/or how a specific decision runs against the IETF's interests. (4) Personally, I think that any member of the community (and yes, I understand that means the general public) should be able to make a formal review request and expect to get a response from the IAOC within a reasonable time period (~90 days). I do not think the response needs to be a lengthy hearing, or a complex legal document. But, I think that we should have a review process, open to everyone, where a response is mandated. The response could be: "We looked into this decision, and we didn't find anything irregular about the decision or about how it was reached". (5) I think that there should be at least one level of escalation possible if the person requesting a review does not receive a satisfactory response from the IAOC (I had suggested that this would go to the IESG). I don't think that the person should have to persuade the IAB or IESG to act on his/her behalf (which is another way in which the current process is really only open to political insiders), I think that the IESG (or whoever we use as the next level lf escalation) should be required to consider the IAOC's response and respond to the escalated review within a reasonable timeframe. (6) I do not think that we want the IAB or IESG (or anyone else) to be able to overturn a decision of the IAOC, only to advise the IAOC that they believe that an incorrect decision was made. Do folks agree with these thoughts? Are there other basic ideas that should be included? Margaret At 11:48 AM +0100 1/25/05, Brian E Carpenter wrote: Sam Hartman wrote: "Brian" == Brian E Carpenter <[EMAIL PROTECTED]> writes: Brian> Reviewing procedures is fine. Reviewing specific awards Brian> isn't, IMHO, which is all I intended my words to exclude. Attempting to undo a specific award once things are signed (or delaying signing) is generally unacceptable. Reviewing a specific award to come to conclusions like "we failed to follow our procedures," is definitely problematic but IMHO sometimes necessary. Such reviews need to be ha
Re: Edits - #819 - Elwyn's editorials
--On 25. januar 2005 11:40 +0100 Brian E Carpenter <[EMAIL PROTECTED]> wrote: Harald, I'm with you except perhaps for the data protection issue. Elwyn is right that laws in this area vary widely and if, for example, a subcontractor is located in the EU they will be much more constrained about use of personal data than in the US. I suggest adding something to the IAD's responsibilities, rather than to the principles. Somewhere in section 3.1: The IAD shall ensure that personal data collected for legitimate purposes of the IASA are protected according to relevant legislation. That makes sense to me too. I think the IASA should take care for personal data protection because it is right too, so I'd make it stronger: The IAD shall ensure that personal data collected for legitimate purposes of the IASA are protected appropriately, and at least satisfactorily according to relevant legislation. Place it just after paragraph 5 of section 3.1, the one that starts out talking about contracts giving the IETF rights in data - it seems appropriate. OK? Harald ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Discussion: #822 legal review 3: Legal advice
Harald suggests teh following The IAD negotiates service contracts, with input, as appropriate, from other bodies, including legal advice, and with review, as appropriate, by the IAOC. The IAOC should establish guidelines for what level of review is expected based on contract type, size, cost, or duration. ISOC executes contracts on behalf of the IASA, after whatever review ISOC requires to ensure that the contracts meet ISOC's legal and financial requirements. works for me Harald also asks The other point raised is whether the legal advice for IASA needs to be independent from ISOC's legal advice. Consideration so far seems to be that "sometimes this would be good, sometimes this would be indifferent or extra overhead - hard to codify in this BCP". Should we leave that as "no change proposed"? also works for me Scott ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Rough consensus? #425 3.5
Sam Hartman wrote: "Brian" == Brian E Carpenter <[EMAIL PROTECTED]> writes: Brian> Reviewing procedures is fine. Reviewing specific awards Brian> isn't, IMHO, which is all I intended my words to exclude. Attempting to undo a specific award once things are signed (or delaying signing) is generally unacceptable. Reviewing a specific award to come to conclusions like "we failed to follow our procedures," is definitely problematic but IMHO sometimes necessary. Such reviews need to be handled with great care: some of the data used to make the decision may not be available to the reviewing body and much of the data must not become public. Also, if you conclude that you did follow the wrong procedures in a specific incident but are stuck with the contract because it is already signed, that creates all sorts of bad feelings and potential liability. Exactly. And we need to be sure that the "appeals" text allows for review of procedures, including the kind of "case study" you suggest, without allowing the appeal procedure to be used for commercial food-fights. It's tricky to get that exactly right. Brian ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Edits - #819 - Elwyn's editorials
Harald, I'm with you except perhaps for the data protection issue. Elwyn is right that laws in this area vary widely and if, for example, a subcontractor is located in the EU they will be much more constrained about use of personal data than in the US. I suggest adding something to the IAD's responsibilities, rather than to the principles. Somewhere in section 3.1: The IAD shall ensure that personal data collected for legitimate purposes of the IASA are protected according to relevant legislation. Brian Harald Tveit Alvestrand wrote: There has apparently been no comments on these I thought I'd make a pass... Some thoughts: S1, para 3: s/Such support includes/The support for current work includes/ this works either way for me - "current" seems to say "the next sentences describe what is currently done, and the future may be different". Suggest that we accept the edit. S1, Para 3: The IASA is also ultimately responsible for the financial activities associated with IETF administrative support such as collecting IETF meeting fees, paying invoices, managing budgets and financial accounts, and so forth. Given that IETF/IASA is operating as some sort of subsidiary of ISOC, I'm not sure that IASA can be ultimately responsible for anything. s/ultimately/day-to-day/ or some such? I'd go for just deleting "ultimately". The work may be contracted out, so it's not day-to-day, but "ultimately" is just trouble. S1, para 4: 'and met well' ? Nice thought but what does it *actually* mean? That we (the IETF) like the result? I would like this to stay, undefined as it is. S2.2: I know that US data protection laws and practices are not as well developed as European ones, but I think there ought to be some duty to protect the data and generate a suitable privacy policy, as well as keep it available. (Item 7). I think there should be - but don't see a good way of capturing it here. I'd let it go for now and try to instruct the IASA later S2.2: Should the IASA be responsible for ensuring that the IETF (especially if it is run as a subsidiary) fulfils its legal and regulatory responsibilities? It certainly needs to maintain any records that might be needed for such purposes beyond just financial matters. I am not expert in US company law but I am sure there must be *some* things they would need to do. Hm. Yes. It needs to deal with subpoenas and other irritations, for instance. But this is a bit like saying "you are responsible for staying wet while in water". I can't think of text at the moment S3.1, para 3: This para states that signing powers will be delegated to the IAD up to some specified limit. Who has signing powers beyond this? This is just part of a much wider point about the actual powers of the IETF/IAOC and the relationship with ISOC which I will discuss at the end of these notes. The text at the moment doesn't say exactly that - it says that "we'll work it out".. I don't know what more it CAN say S3.1: I think this whole section should be much clearer about exactly what powers are delegated to the IAD to make commitments, as opposed to just negotiating: ISOC executes the contracts but the IAD will want to know that ISOC is a rubber stamp/back stop for this process and is not going to start second guessing him if he operates within the parameters set for him. This is related to the long discussion on Issue 739. There is also the potential for dispute between IAOC and IAD/ISOC which is not really addressed. Not sure what to add here, if anything - this will have to be worked out in practical terms, and the IAOC will have to work out the details in cooperation with the ISOC President. Should there be specific language? s3.4: It would be nice to see a requirement that minutes were published in a set period or at least in a timely fashion after meetings, rather than just regularly. Suggest s/regularly/in a timely fashion/. Easy change s4: While there are no hard rules regarding how the IAB and the IESG should select members of the IAOC, such appointees need not be current IAB or IESG members (and probably should not be, if only to avoid overloading the existing leadership). The IAB and IESG should choose people with some knowledge of contracts and financial procedures, who are familiar with the administrative support needs of the IAB, the IESG, or the IETF standards process. The IAB and IESG should follow a fairly open process for these selections, perhaps with an open call for nominations or a period of public comment on the candidates. The procedure for IAB selection of ISOC Board of Trustees [RFC3677] might be a good model for how this could work. After the IETF gains some experience with IAOC selection, these selection mechanisms should be documented more formally. Given the comments in S3, para 1, should the appointees by 'regular members' of the IETF (i.e., people with a good track record of attending IETF meetings) as with NomCom members are t
Re: Discussion: #822 legal review 3: Legal advice
Harald Tveit Alvestrand wrote: The discussion of legal advice (Jorge's third point) seems to have revealed that there are two issues here: - Should legal advice be sought? That's almost too obvious to state, but might be worth stating anyway.. I suggest that we add to paragraph 4 of section 3.1, "IAD responsibilities". This used to be: The IAD negotiates service contracts, with input, as appropriate, from other bodies, and with review, as appropriate, by the IAOC. The IAOC should establish guidelines for what level of review is expected based on contract type, size, cost, or duration. ISOC executes contracts on behalf of the IASA, after whatever review ISOC requires to ensure that the contracts meet ISOC's legal and financial requirements. This could be changed to read: The IAD negotiates service contracts, with input, as appropriate, from other bodies, including legal advice, and with review, as appropriate, by the IAOC. The IAOC should establish guidelines for what level of review is expected based on contract type, size, cost, or duration. ISOC executes contracts on behalf of the IASA, after whatever review ISOC requires to ensure that the contracts meet ISOC's legal and financial requirements. The other point raised is whether the legal advice for IASA needs to be independent from ISOC's legal advice. Consideration so far seems to be that "sometimes this would be good, sometimes this would be indifferent or extra overhead - hard to codify in this BCP". Should we leave that as "no change proposed"? Works for me Brian ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: A little more feedback? #818 Hiring and firing the IAD
Scott Bradner wrote: I prefer NEW(2) Although the IAD is an ISOC employee, he or she works under the direction of the IAOC. A committee of the IAOC is responsible for hiring and firing of the IAD, for reviewing the performance and for setting the compensation of the IAD. The members of this committee are appointed by the IAOC, and consist at minimum of the ISOC President, the IETF Chair and one IAOC member that has been selected by the Nomcom. No objection (we are getting a bit into micromanagement, imho, but there is no harm in this provision that I can see). Brian ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Discussion: #822 legal review 3: Legal advice
The discussion of legal advice (Jorge's third point) seems to have revealed that there are two issues here: - Should legal advice be sought? That's almost too obvious to state, but might be worth stating anyway.. I suggest that we add to paragraph 4 of section 3.1, "IAD responsibilities". This used to be: The IAD negotiates service contracts, with input, as appropriate, from other bodies, and with review, as appropriate, by the IAOC. The IAOC should establish guidelines for what level of review is expected based on contract type, size, cost, or duration. ISOC executes contracts on behalf of the IASA, after whatever review ISOC requires to ensure that the contracts meet ISOC's legal and financial requirements. This could be changed to read: The IAD negotiates service contracts, with input, as appropriate, from other bodies, including legal advice, and with review, as appropriate, by the IAOC. The IAOC should establish guidelines for what level of review is expected based on contract type, size, cost, or duration. ISOC executes contracts on behalf of the IASA, after whatever review ISOC requires to ensure that the contracts meet ISOC's legal and financial requirements. The other point raised is whether the legal advice for IASA needs to be independent from ISOC's legal advice. Consideration so far seems to be that "sometimes this would be good, sometimes this would be indifferent or extra overhead - hard to codify in this BCP". Should we leave that as "no change proposed"? Harald ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
