diff options
Diffstat (limited to 'doc/rfc/rfc8711.txt')
-rw-r--r-- | doc/rfc/rfc8711.txt | 1118 |
1 files changed, 1118 insertions, 0 deletions
diff --git a/doc/rfc/rfc8711.txt b/doc/rfc/rfc8711.txt new file mode 100644 index 0000000..c248d7a --- /dev/null +++ b/doc/rfc/rfc8711.txt @@ -0,0 +1,1118 @@ + + + + +Internet Engineering Task Force (IETF) B. Haberman +Request for Comments: 8711 Johns Hopkins University +BCP: 101 J. Hall +Obsoletes: 4071, 4333, 7691 Internet Society +Category: Best Current Practice J. Livingood +ISSN: 2070-1721 Comcast + February 2020 + + + Structure of the IETF Administrative Support Activity, Version 2.0 + +Abstract + + The IETF Administrative Support Activity (IASA) was originally + established in 2005. In the years since then, the needs of the IETF + evolved in ways that required changes to its administrative + structure. The purpose of this RFC is to document and describe the + IETF Administrative Support Activity, version 2.0 (IASA 2.0). It + defines the roles and responsibilities of the IETF Administration LLC + Board (IETF LLC Board), the IETF Executive Director, and the Internet + Society in the fiscal and administrative support of the IETF + standards process. It also defines the membership and selection + rules for the IETF LLC Board. + + This document obsoletes RFC 4071, RFC 4333, and RFC 7691. + +Status of This Memo + + This memo documents an Internet Best Current Practice. + + This document is a product of the Internet Engineering Task Force + (IETF). It represents the consensus of the IETF community. It has + received public review and has been approved for publication by the + Internet Engineering Steering Group (IESG). Further information on + BCPs is available in Section 2 of RFC 7841. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + https://www.rfc-editor.org/info/rfc8711. + +Copyright Notice + + Copyright (c) 2020 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + +Table of Contents + + 1. Introduction + 2. Scope Limitation + 3. LLC Agreement with the Internet Society + 4. Definitions and Principles + 4.1. Terminology + 4.2. Key Differences from the Old IASA Structure to IASA 2.0 + 4.3. General IETF LLC Responsibilities + 4.4. IETF LLC Working Principles + 4.5. Principles of the IETF and ISOC Relationship + 4.6. Relationship of the IETF LLC Board to the IETF Leadership + 4.7. Review of IETF Executive Director and IETF LLC Board + Decisions + 4.8. Termination and Change + 5. Structure of IASA 2.0 + 5.1. IETF Executive Director and Staff Responsibilities + 5.2. IETF LLC Board Responsibilities + 5.3. Board Design Goals + 6. IETF LLC Board Membership, Selection, and Accountability + 6.1. Board Composition + 6.2. IETF LLC-Appointed Directors + 6.3. Recruiting IETF LLC Board Directors + 6.4. IETF LLC Board Director Term Length + 6.5. IETF LLC Board Director Limit + 6.6. Staggered Terms + 6.7. IETF LLC Board Director Removal + 6.8. Filling an IETF LLC Board Director Vacancy + 6.9. Quorum + 6.10. Board Voting + 6.11. Interim Board + 6.12. Board Positions + 7. IETF LLC Funding + 7.1. Financial Statements + 7.2. Bank and Investment Accounts + 7.3. Financial Audits + 7.4. ISOC Financial Support + 7.5. IETF Meeting Revenues + 7.6. Sponsorships and Donations to the IETF LLC + 7.7. Focus of Funding Support + 7.8. Charitable Fundraising Practices + 7.9. Operating Reserve + 7.10. Annual Budget Process + 8. IETF LLC Policies + 8.1. Conflict of Interest Policy + 8.2. Other Policies + 8.3. Compliance + 9. Three-Year Assessment + 10. Security Considerations + 11. IANA Considerations + 12. References + 12.1. Normative References + 12.2. Informative References + Acknowledgments + Authors' Addresses + +1. Introduction + + The IETF Administrative Support Activity (IASA) was originally + established in 2005. In the years since then, the needs of the IETF + evolved in ways that required changes to its administrative + structure. The purpose of this document is to document and describe + the IASA 2.0 structure. + + Under IASA 2.0, the work of the IETF's administrative and fundraising + tasks is conducted by an administrative organization, the IETF + Administration LLC (IETF LLC). Under this structure, the IETF + Administrative Oversight Committee (IAOC) is eliminated, and its + oversight and advising functions transferred to the IETF LLC Board. + + The IETF LLC provides the corporate legal home for the IETF, the + Internet Architecture Board (IAB), and the Internet Research Task + Force (IRTF), and financial support for the operation of the RFC + Editor. + + [IASA2RECS] discusses the challenges facing the original IASA + structure as well as several options for reorganizing the IETF's + administration under different legal structures. This document + outlines how the chosen option is structured and describes how the + organization fits together with existing and new IETF community + structures. + + Under IASA 2.0, most of the responsibilities that [RFC4071] assigned + to the IETF Administrative Director (IAD) and the Internet Society + (ISOC) were transferred to the IETF LLC and IETF Administration LLC + Executive Director (IETF Executive Director). It is the job of the + IETF LLC to meet the administrative needs of the IETF and to ensure + that the IETF LLC meets the needs of the IETF community. + + Eliminating the IAOC meant that changes were required in how trustees + could be appointed to the IETF Trust. The details of how this is + done are outside the scope of this document but are covered in + [RFC8714]. + + This document obsoletes [RFC4071], which specified the original IASA, + [RFC4333], which specified the selection guidelines and process for + IAOC members, and [RFC7691], which specified terms for IAOC members. + +2. Scope Limitation + + The document does not propose any changes related to the standards + process as currently conducted by the Internet Engineering Steering + Group (IESG) and Internet Architecture Board (IAB) (see BCP 9 + [RFC2026] and BCP 39 [RFC2850]). In addition, no changes are made to + the appeals chain, the process for making and confirming IETF and IAB + appointments (see BCP 10 [RFC8713]), the technical work of the + Internet Research Task Force (IRTF) (see [RFC2014]), or to ISOC's + membership in or support of other organizations. + +3. LLC Agreement with the Internet Society + + The LLC Agreement between the IETF LLC and ISOC is available at + [IETF-LLC-A]. This IASA 2.0 structure, and thus this document, + depends on the LLC Agreement and will refer to it to help explain + certain aspects of the legal relationship between the IETF LLC and + ISOC. + + The LLC Agreement was developed between legal representatives of the + IETF and ISOC and includes all critical terms of the relationship, + while still enabling maximum unilateral flexibility for the IETF LLC + Board. The LLC Agreement includes only basic details about how the + Board manages itself or manages IETF LLC staff, so that the Board has + flexibility to make changes without amending the agreement. The + Board can independently develop policy or procedures documents that + fill gaps. + +4. Definitions and Principles + +4.1. Terminology + + Although most of the terms, abbreviations, and acronyms used in this + document are reasonably well known, first-time readers may find some + terminology confusing. This section therefore attempts to provide a + quick summary. + + IAB: Internet Architecture Board (see [RFC2026] and [RFC2850]). + + IAD: IETF Administrative Director, a role obsoleted by this document + and the ISOC / IETF LLC Agreement (see [IETF-LLC-A]) and replaced + by the IETF LLC Executive Director. + + IAOC: IETF Administrative Oversight Committee, a committee that + oversaw IETF administrative activity. The IAOC is obsoleted by + this document and replaced by the IETF LLC Board. The IETF Trust + was formerly populated by IAOC members. Its membership is now + distinct from that of the IETF LLC Board (see [RFC8714]). + + IASA: The IETF Administrative Support Activity, consists of the IETF + LLC Board, employees, and contractors. Uses of the term 'IASA' as + a proper noun may imply a subset of these roles, or all of them. + + IASA 2.0: The IETF Administrative Support Activity, version 2.0 + (defined by this document). + + IESG: Internet Engineering Steering Group (see [RFC2026] and + [RFC3710]). + + IETF: Internet Engineering Task Force (see [RFC3233]). + + IETF Administration LLC: The legal entity - a disregarded Limited + Liability Company (LLC) of The Internet Society - established to + provide a corporate legal framework for facilitating current and + future activities related to the IETF, IAB, and IRTF. It was + established by the ISOC / IETF LLC Agreement (see [IETF-LLC-A]) + and is referred to as "IETF LLC". + + IETF LLC Executive Director: the Executive Director for the IETF + LLC, responsible for day-to-day administrative and operational + direction (see Section 5.1). Also referred to as "IETF Executive + Director". + + IETF LLC Board: The Board of Directors of the IETF LLC. The IETF + LLC Board is formally a multi-member "manager" of the IETF LLC on + behalf of ISOC (see Section 5.2). + + ISOC: Internet Society (see [RFC8712] and [ISOC]). + +4.2. Key Differences from the Old IASA Structure to IASA 2.0 + + * The IAOC and IAD roles defined in RFC 4071 are eliminated. + + * The former ISOC and IAD responsibilities are assigned to a new + organization, IETF Administration LLC. + + * The Board of Directors of the IETF LLC -- formally a multi-member + "manager" of the IETF LLC on behalf of ISOC -- assumes the + oversight responsibilities from the IAOC. + + * The Board of the IETF LLC is more focused on strategy and + oversight than the IAOC was, with the IETF Executive Director and + their team in charge of day-to-day operations. + + * The IAD role is replaced with the IETF Executive Director role. + + * The role that was previously referred to as "IETF Executive + Director" in older documents such as [RFC2026] is now "Managing + Director, IETF Secretariat". + +4.3. General IETF LLC Responsibilities + + The IETF LLC is established to provide administrative support to the + IETF. It has no authority over the standards development activities + of the IETF. + + The responsibilities of the IETF LLC are: + + * Operations. The IETF LLC is responsible for supporting the + ongoing operations of the IETF, including meetings and non-meeting + activities. + + * Finances. The IETF LLC is responsible for managing the IETF's + finances and budget. + + * Fundraising. The IETF LLC is responsible for raising money on + behalf of the IETF. + + * Compliance. The IETF LLC is responsible for establishing and + enforcing policies to ensure compliance with applicable laws, + regulations, and rules. + + The manner by which these responsibilities under the IETF LLC are + organized is intended to address the problems described in Sections + 3.1.1, 3.1.2, and 3.1.3 of [IASA2RECS]. Specifically, this is + intended to bring greater clarity around roles, responsibilities, + representation, decision-making, and authority. + + In addition, by having the IETF LLC manage the IETF's finances and + conduct the IETF's fundraising, confusion about who is responsible + for representing the IETF to sponsors and who directs the uses of + sponsorship funds should be eliminated. Finally, having the IETF LLC + reside in a defined, distinct legal entity, and taking responsibility + for operations, enables the organization to execute its own contracts + without the need for review and approval by ISOC. + +4.4. IETF LLC Working Principles + + The IETF LLC is expected to conduct its work according to the + following principles: + + * Transparency. The IETF LLC is expected to keep the IETF community + informed about its work, subject to reasonable confidentiality + concerns, and to engage with the community to obtain consensus- + based community input on key issues and otherwise as needed. The + IETF community expects complete visibility into the financial and + legal structure of the IETF LLC. This includes information about + the IETF LLC annual budget and associated regular financial + reports, results of financial and any other independent audits, + tax filings, significant contracts, or other significant long-term + financial commitments that bind the IETF LLC. Whatever doesn't + have a specific justification for being kept confidential is + expected to be made public. The Board is expected to develop and + maintain a public list of confidential items, describing the + nature of the information and the reason for confidentiality. The + Board will also publish its operating procedures. + + * Responsiveness to the community. The IETF LLC is expected to act + consistently with the documented consensus of the IETF community, + to be responsive to the community's needs, and to adapt its + decisions in response to consensus-based community feedback. + + * Diligence. The IETF LLC is expected to act responsibly so as to + minimize risks to IETF participants and to the future of the IETF + as a whole, such as financial risks. + + * Unification: The IETF LLC provides the corporate legal home for + the IETF, the Internet Architecture Board (IAB), and the Internet + Research Task Force (IRTF), and financial support for the + operation of the RFC Editor. + + * Transfer or Dissolution: Consistent with [IETF-LLC-A], the IETF + LLC subsidiary may be transferred from ISOC to another + organization, at the request of either party. Similarly, the IETF + LLC may be dissolved if necessary. Should either event occur, the + IETF community should be closely involved in any decisions and + plans. Any transfer, transition, or dissolution should be + conducted carefully and with minimal potential disruption to the + IETF. + + The transparency and responsiveness principles are designed to + address the concern outlined in Section 3.3 of [IASA2RECS] about the + need for improved timeliness of sharing of information and decisions + and seeking community comments. The issue of increased transparency + was important throughout the IASA 2.0 process, with little to no + dissent. It was recognized that there will naturally be + confidentiality requirements about some aspects of contracting, + personnel matters, and other narrow areas. + +4.5. Principles of the IETF and ISOC Relationship + + The principles of the relationship between the IETF and ISOC are + outlined in [RFC8712]. In short, the IETF is responsible for the + development of the Internet Standards and ISOC aids the IETF by + providing it a legal entity within which the IETF LLC exists, as well + as with financial support. + +4.6. Relationship of the IETF LLC Board to the IETF Leadership + + The IETF LLC Board is directly accountable to the IETF community for + the performance of the IASA 2.0. However, the nature of the Board's + work involves treating the IESG, IRTF, and IAB as major internal + customers of the administrative support services. The Board and the + IETF Executive Director should not consider their work successful + unless the IESG, IRTF, and IAB are also satisfied with the + administrative support that the IETF is receiving. + +4.7. Review of IETF Executive Director and IETF LLC Board Decisions + + The IETF LLC Board is directly accountable to the IETF community for + the performance of the IASA 2.0, including hiring and managing the + IETF Executive Director. In extreme cases of dissatisfaction with + the IETF LLC, the IETF community can utilize the recall process as + noted in Section 6.7. + + Anyone in the community of IETF participants may ask the Board for a + formal review of a decision or action by the IETF Executive Director + or Board if they believe this was not undertaken in accordance with + IETF BCPs or IETF LLC Board policies and procedures. + + A formal request for review must be addressed to the IETF LLC Board + chair and must include a description of the decision or action to be + reviewed, an explanation of how, in the requestor's opinion, the + decision or action violates the BCPs or IASA 2.0 operational + guidelines, and a suggestion for how the situation could be + rectified. + + The IETF LLC shall respond to such requests within a reasonable + period, typically within 90 days, and shall publicly publish + information about the request and the corresponding response and/or + result. + +4.8. Termination and Change + + Any major change to the IASA 2.0 arrangements shall require community + consensus and deliberation and shall be reflected by a subsequent + Best Current Practice (BCP) document. + +5. Structure of IASA 2.0 + +5.1. IETF Executive Director and Staff Responsibilities + + The IETF LLC is led by an IETF Executive Director chosen by the + Board. The IETF Executive Director is responsible for managing the + day-to-day operations of the IETF LLC, including hiring staff to + perform various operational functions. The IETF Executive Director + and any staff may be employees or independent contractors. + + Allowing for the division of responsibilities among multiple staff + members and contractors is designed to address some of the concerns + raised in Section 3.2 (Lack of Resources) and Section 3.4 (Funding/ + Operating Model Mismatch and Rising Costs) of [IASA2RECS]. + + Based on the amount of work previously undertaken by the IAD and + others involved in the IETF administration, the design of the IETF + LLC anticipated that the IETF Executive Director may need to hire + multiple additional staff members. For example, resources to manage + fundraising, to manage the various contractors that are engaged to + fulfill the IETF's administrative needs, and to support outreach and + communications were envisioned. + + The IETF has historically benefited from the use of contractors for + accounting, finance, meeting planning, administrative assistance, + legal counsel, tools, and web site support, as well as other services + related to the standards process (e.g., RFC Editor and IANA). Prior + to making the transition from IASA to IASA 2.0, the IETF budget + reflected specific support from ISOC for communications and + fundraising as well as some general support for accounting, finance, + legal, and other services. The division of responsibilities between + staff and contractors is at the discretion of the IETF Executive + Director and their staff. + + The IETF has a long history of community involvement in the execution + of certain administrative functions, in particular development of + IETF tools, the operation of the meeting network by the Network + Operations Center (NOC), and some outreach and communications + activities conducted by the Education and Mentoring Directorate. The + IETF LLC staff is expected to respect the IETF community's wishes + about community involvement in these and other functions going + forward as long as the staff feels that they can meet the otherwise- + stated needs of the community. Establishing the framework to allow + the IETF LLC to staff each administrative function as appropriate may + require the IETF community to document its consensus expectations in + areas where no documentation currently exists. + + In summary, the IETF Executive Director, with support from the team + that they alone direct and lead, is responsible for: + + * Developing and refining an annual budget and other strategic + financial planning documents at the direction of the Board. + + * Executing on the annual budget, including reporting to the Board + regularly with forecasts and actual performance to budget. + + * Hiring and/or contracting the necessary resources to meet their + goals, within the defined limits of the IETF Executive Director's + authority and within the approved budget. This includes managing + and leading any such resources, including performing regular + performance reviews. + + * Following the pre-approval guidelines set forth by the Board for + contracts or other decisions that have financial costs that exceed + a certain threshold of significance. Such thresholds are expected + to be set reasonably high so that the need for such approvals is + infrequent and only occurs when something is truly significant or + otherwise exceptional. It is expected that the IETF Executive + Director is sufficiently empowered to perform the job on a day-to- + day basis, being held accountable for meeting high-level goals + rather than being micromanaged. + + * Regularly updating the Board on operations and other notable + issues as reasonable and appropriate. + + * Ensuring that all staff and/or other resources comply with any + applicable policies established or approved by the Board, such as + ethics guidelines and/or a code of conduct. + +5.2. IETF LLC Board Responsibilities + + This section is intended to provide a summary of key IETF LLC Board + responsibilities, but the precise and legally binding + responsibilities are defined in the LLC Agreement [IETF-LLC-A] and + applicable law. If there are unintentional differences or other + confusion, the LLC Agreement and applicable law are authoritative. + + Board members have fiduciary obligations imposed by the LLC Agreement + and applicable law, including duties of loyalty, care, and good + faith. The Board is responsible for setting broad strategic + direction for the LLC, adopting an annual budget, hiring or + terminating an IETF Executive Director (or amending the terms of + their engagement), adopting any employee benefit plans, consulting + the relevant IETF communities on matters related to the LLC as + appropriate, approving any changes to the LLC governance structure, + incurring any debt, and approving entering into agreements that meet + a significant materiality threshold to be determined by the Board. + The IETF LLC Board is expected to delegate management of day-to-day + activities and related decision-making to staff. + + Per Section 5(d) of the LLC Agreement and as also described in + Section 4.4 of this document, the Board shall, as appropriate, act + transparently and provide the IETF community with an opportunity to + review and discuss any proposed changes to the IETF LLC structure + prior to their adoption. + + The role of the Board is to ensure that the strategy and conduct of + the IETF LLC is consistent with the IETF's needs -- both its concrete + needs and its needs for transparency and accountability. The Board + is not intended to directly define the IETF's needs; to the extent + that is required, the IETF community should document its needs in + consensus-based RFCs (e.g., as the community did in [RFC8718]) and + provide more detailed input via consultations with the Board (such as + takes place on email discussion lists or at IETF meetings). + + Key IETF LLC Board responsibilities include: + + * Setting broad strategic direction for the LLC. + + * Hiring or terminating an IETF Executive Director (or amending the + terms of their engagement). + + * Delegating management of day-to-day activities and related + decision-making to staff. + + * Adopting any employee benefit plans. + + * Consulting the relevant IETF communities on matters related to the + LLC, as appropriate. + + * Approving any changes to the LLC governance structure. + + * Adopting an annual budget and, as necessary, incur any debt. + + * Preparing accurate and timely financial statements for ISOC, in + accordance with generally accepted accounting principles. + + * Providing assistance to help facilitate ISOC's tax compliance, + including but not limited to assistance related to preparing the + Form 990 and responding to any United States Internal Revenue + Service (IRS) questions and audits. + + * Approving entering into agreements that meet a significant + materiality threshold to be determined by the Board. + + * Limiting its activities to the purposes as set forth in Section 4 + of the LLC Agreement, in a manner consistent with ISOC's + charitable purposes. + + * Establishing an investment policy. + + * Using best efforts to conduct all of its activities in strict + compliance with the LLC Agreement and all applicable laws, rules, + and regulations. + + * Ensuring that IETF LLC is run in a manner that is transparent and + accountable to the IETF community. + + * Developing policies, including those noted in Section 8, + procedures, and a compliance program. + + * Obtaining Commercial General Liability and other appropriate + insurance policies, with agreed-upon coverage limits. + + * Recruiting new Directors for consideration in all of the various + appointment processes. + +5.3. Board Design Goals + + A goal of this Board composition is to balance the need for the IETF + LLC to be accountable to the IETF community with the need for this + Board to have the expertise necessary to oversee a small non-profit + company. The Board is smaller than the previous IAOC and the other + leadership bodies of the IETF, in part to keep the Board focused on + its rather limited set of strategic responsibilities as noted in + Section 5.2. + + This board structure, with limited strategic responsibilities noted + in Section 5.2 and limited size, together with the staff + responsibilities noted in Section 5.1, is designed to overcome the + challenges described in Section 3.1.4 of [IASA2RECS] concerning + oversight. This establishes a clear line of oversight over staff + performance: the IETF LLC Board oversees the IETF Executive + Director's performance and has actual legal authority to remove a + non-performing IETF Executive Director. The IETF Executive Director + is responsible for the day-to-day operation of the IETF LLC. + + Finally, the Board is expected to operate transparently, to further + address the concern raised in Section 3.3 of [IASA2RECS]. The + default transparency rule arrived at during the IASA 2.0 design + process is detailed in Section 4.4. The Board will need to establish + how it will meet that commitment. + +6. IETF LLC Board Membership, Selection, and Accountability + + The section outlines the composition of the IETF LLC Board, selection + of IETF LLC Board Directors, and related details. + +6.1. Board Composition + + There is a minimum of 5 directors, which is expandable to 6 or 7. + The IETF LLC Board is comprised of the following: + + * 1 IETF Chair or delegate selected by the IESG + + * 1 Appointed by the ISOC Board of Trustees + + * 3 Selected by the IETF Nominating Committee (NomCom), confirmed by + the IESG + + * Up to 2 Appointed by the IETF LLC Board itself, on an as-needed + basis, confirmed by the IESG + + For the first slot listed above, the presumption is that the IETF + Chair will serve on the board. At the IESG's discretion, another + area director may serve instead, or exceptionally the IESG may run a + selection process to appoint a director. The goal of having this + slot on the board is to maintain coordination and communication + between the board and the IESG. + +6.2. IETF LLC-Appointed Directors + + As noted above, a maximum of two Directors may be appointed by the + IETF LLC Board. They can obviously choose to appoint none, one, or + two. These appointments need not be on an exceptional basis; they + can be routine, and may occur at any time of the year since it is on + an as-needed basis. + + The appointment of a Board-appointed Director requires a two-thirds + majority vote of the Directors then in office, and the appointee + shall take office immediately upon appointment and IESG confirmation. + The term of each appointment is designated by the Board, with the + maximum term being three years, or until their earlier resignation, + removal, or death. The Board may decide on a case-by-case basis how + long each term shall be, factoring in the restriction for consecutive + terms in Section 6.5. + +6.3. Recruiting IETF LLC Board Directors + + The Board itself is expected to take an active role in recruiting + potential new Directors, regardless of the process that may be used + to appoint them. In particular, the NomCom is primarily focused on + considering requirements expressed by the Board and others, reviewing + community feedback on candidates, conducting candidate interviews, + and ultimately appointing Directors. The Board and others can + recruit potential Directors and get them into the consideration + process of the NomCom or into open consideration processes of the + other appointing bodies if those bodies choose to use such processes. + +6.4. IETF LLC Board Director Term Length + + The term length for a Director is three years. The exceptions to + this guideline are: + + * The terms for some Directors during the first full formation of + the IETF LLC Board in order to establish staggered terms and for + any appointments to fill a vacancy. + + * The Director slot occupied by the IETF Chair ex officio or a + delegate selected by the IESG will serve a two-year term. This + applies regardless of whether the appointed individual is on the + IESG, rotates off the IESG during the two-year term, or is not on + the IESG. This makes the term length for this slot the same as + the term lengths established in [RFC8713], Section 3.4. + +6.5. IETF LLC Board Director Limit + + A director may serve no more than two consecutive terms. A director + cannot serve a third term until three years have passed since their + second consecutive term. An exception is if a Director role is + occupied by the IETF Chair ex officio, since that person's service is + governed instead by the term lengths established in [RFC8713], + Section 3.4. + + The term limits specified above apply to an individual, even if that + individual is appointed in different ways over time. For example, an + individual appointed to two terms by the ISOC Board of Trustees may + not immediately be appointed to a third term by the IETF NomCom. A + Director appointed by the IETF LLC itself may only serve for one term + by that appointment method, and any subsequent terms would have to be + via other methods; in any case, the term limits above apply to that + individual. + + Lastly, partial terms of less than three years for the initial + appointments to the first full Board, for which some Directors will + have terms of one or two years, do not count against the term limit. + + The limit on consecutive terms supports the healthy regular + introduction of new ideas and energy into the Board and mitigates + potential long-term risk of ossification or conflict, without + adversely impacting the potential pool of director candidates over + time. + +6.6. Staggered Terms + + The Internet Society Board of Trustees, the IESG, the Nominating + Committee, and the IETF LLC Board are expected to coordinate with + each other to ensure that collectively their appointment or selection + processes provide for no more than three Directors' terms concluding + in the same year. + +6.7. IETF LLC Board Director Removal + + NomCom-appointed and IESG-appointed Directors may be removed with or + without cause. A vote in favor of removal must be no fewer than the + number of Directors less two. So for example, if there are seven + directors, then five votes are required. Directors may also be + removed via the IETF recall process defined in [RFC8713], Section 7. + +6.8. Filling an IETF LLC Board Director Vacancy + + It shall be the responsibility of each respective body that appointed + or selected a Director that vacates the Board to appoint a new + Director to fill the vacancy. For example, if a Director selected by + the NomCom departs the Board prior to the end of their term for + whatever reason, then it is the responsibility of the NomCom (using + its mid-term rules, as specified in [RFC8713], Section 3.5) as the + original appointing body to designate a replacement that will serve + out the remainder of the term of the departed Director. However, + this obligation will not apply to vacancies in Board-appointed + positions. + +6.9. Quorum + + At all meetings of the Board, two-thirds of the Directors then in + office shall constitute a quorum for the transaction of business. + Unless a greater affirmative vote is expressly required for an action + under applicable law, the LLC Agreement, or an applicable Board + policy, the affirmative vote of two-thirds of the Directors then in + office shall be an act of the Board. + +6.10. Board Voting + + Board decisions may be made either by vote communicated in a meeting + of the Board (including telephonic and video), or via an asynchronous + written (including electronic) process. Absentee voting and voting + by proxy shall not be permitted. If a quorum is not present at any + meeting of the Board, the Directors present may adjourn the meeting + without notice, other than announcement at the meeting, until a + quorum is present. Voting thresholds for Director removal are + described in Section 6.7. + +6.11. Interim Board + + An initial interim Board was necessary in order to legally form and + bootstrap the IETF LLC. As a result, an Interim Board was formed on + a temporary basis until the first full Board was constituted. + + The interim Board was comprised of: + + * The IETF chair, ex officio + + * The IAOC chair, ex officio + + * The IAB chair, ex officio + + * One ISOC trustee, selected by the ISOC Board of Trustees + +6.12. Board Positions + + Following the formation of the first permanent Board, and annually + thereafter, the Directors shall elect a Director to serve as Board + Chair by majority vote. The IETF, IAB, and IRTF chairs, and the + chair of ISOC's Board, will be ineligible for this Board Chair role. + The Board may also form committees of the Board and/or define other + roles for Board Directors as necessary. + +7. IETF LLC Funding + + The IETF LLC must function within a budget of costs balanced against + limited revenues. The IETF community expects the IETF LLC to work to + attain that goal, in order to maintain a viable support function that + provides the environment within which the work of the IETF, IAB, + IRTF, and RFC Editor can remain vibrant and productive. + + The IETF LLC was generating income from a few key sources at the time + that this document was written, as enumerated below. Additional + sources of income may be developed in the future, within the general + bounds noted in Section 7.8, and some of these may decline in + relevance or go away. As a result, this list is subject to change + over time and is merely an example of the primary sources of income + for the IETF LLC at the time of this writing: + + 1. ISOC support + + 2. IETF meeting revenues + + 3. Sponsorships (monetary and/or in-kind) + + 4. Donations (monetary and/or in-kind) + +7.1. Financial Statements + + As noted in Section 5.2, the IETF LLC must comply with relevant tax + laws, such as filing an annual IRS Form 990. Other official + financial statements may also be required. + + In addition to these official financial statements and forms, the + IETF LLC is also expected to report on a regular basis to the IETF + community on the current and future annual budget, budget forecasts + vs. actuals over the course of a fiscal year, and on other + significant projects as needed. This regular reporting to the IETF + community is expected to be reported in the form of standard + financial statements that reflect the income, expenses, assets, and + liabilities of the IETF LLC. + +7.2. Bank and Investment Accounts + + The IETF LLC maintains its own bank account, separate and distinct + from ISOC. The IETF LLC may at its discretion create additional + accounts as needed. Similarly, the IETF LLC may as needed create + investment accounts in support of its financial goals and objectives. + +7.3. Financial Audits + + The IETF LLC is expected to retain and work with an independent + auditor. Reports from the auditor are expected to be shared with the + IETF community and other groups and organizations as needed or as + required by law. + +7.4. ISOC Financial Support + + ISOC currently provides significant financial support to the IETF + LLC. Exhibit B of the [IETF-LLC-A] summarizes the financial support + from ISOC for the foreseeable future. It is expected that this + support will be periodically reviewed and revised, via a cooperative + assessment process between ISOC and the IETF LLC. + +7.5. IETF Meeting Revenues + + Meeting revenues are another important source of funding that + supports the IETF, coming mainly from the fees paid by IETF meeting + participants. The IETF Executive Director sets those meeting fees, + in consultation with other IETF LLC staff and the IETF community, + with approval by the IETF LLC Board. Setting these fees and + projecting the number of participants at future meetings is a key + part of the annual budget process. + +7.6. Sponsorships and Donations to the IETF LLC + + Sponsorships and donations are an essential component of the + financial support for the IETF. Within the general bounds noted in + Section 7.8, the IETF LLC is responsible for fundraising activities + in order to establish, maintain, and grow a strong foundation of + donation revenues. This can and does include both direct financial + contributions as well as in-kind contributions, such as equipment, + software licenses, and services. + + Sponsorships and donations to the IETF LLC do not (and must not) + convey to sponsors and donors any special oversight or direct + influence over the IETF's technical work or other activities of the + IETF or IETF LLC. This helps ensure that no undue influence may be + ascribed to those from whom funds are raised, and so helps to + maintain an open and consensus-based IETF standards process. + + To the extent that the IETF LLC needs to undertake any significant + special projects for the IETF, the IETF LLC may need to fundraise + distinctly for those special projects. As a result, the IETF LLC may + conduct fundraising to support the IETF in general as well as one or + more special fundraising efforts (which may also be accounted for + distinctly and be held in a separate bank account or investment, as + needed). + +7.7. Focus of Funding Support + + The IETF LLC exists to support the IETF, IAB, and IRTF. Therefore, + the IETF LLC's funding and all revenues, in-kind contributions, and + other income that comprise that funding shall be used solely to + support activities related to the IETF, IAB, IRTF, and RFC Editor, + and for no other purposes. + +7.8. Charitable Fundraising Practices + + When the IETF LLC conducts fundraising, it substantiates charitable + contributions on behalf of ISOC -- meaning that according to United + States tax law, the IETF LLC must send a written acknowledgment of + contributions to donors. The IETF LLC evaluates and facilitates + state, federal, and other applicable law and regulatory compliance + for ISOC and/or the LLC with respect to such fundraising activities. + In addition, the IETF LLC ensures that all fundraising activities are + conducted in compliance with any policies developed by the IETF LLC, + including but not limited to those noted in Section 8. + +7.9. Operating Reserve + + An initial target operating reserve has been specified in Exhibit B + of the [IETF-LLC-A]. It says that the IETF LLC should maintain an + operating reserve equal to the IETF LLC's budgeted Net Loss for 2019 + multiplied times three. The IETF LLC, in cooperation with ISOC, may + regularly review the financial target for this reserve fund, as noted + in the [IETF-LLC-A] or as otherwise necessary. + + Should the IETF LLC generate an annual budget surplus, it may choose + to direct all or part of the surplus towards the growth of the + operating reserve. + +7.10. Annual Budget Process + + As noted in Section 4.3, the IETF LLC is responsible for managing the + IETF's finances and budget. A key part of this responsibility is + establishing, maintaining, and successfully meeting an annual budget. + This is essential to the continued operation and vibrancy of the + IETF's technical activities and establishes trust with ISOC, + sponsors, and donors that funds are being appropriately spent, and + that financial oversight is being conducted properly. This is also + essential to the IETF LLC meeting applicable legal and tax + requirements and is a core part of the Board's fiduciary + responsibilities. + + As explained in Section 5.1, the IETF Executive Director is expected + to develop, execute, and report on the annual budget. Regular + reporting is expected to include forecast vs. budget statements, + including updated projections of income and expenses for the full + fiscal year. + + The Board, as explained in Section 5.2, is expected to review and + approve the budget, as well as to provide ongoing oversight of the + budget and of any other significant financial matters. + + The annual budget is expected to be developed in an open, + transparent, and collaborative manner, in accordance with + Section 4.4. The specific timeline for the development, review, and + approval of the IETF LLC annual budget is established by the Board + and may be revised as needed. + +8. IETF LLC Policies + + The Board is expected to maintain policies as necessary to achieve + the goals of the IETF LLC, meet transparency expectations of the + community, comply with applicable laws or regulations, or for other + reasons as appropriate. All policies are expected to be developed + with input from the IETF community. Some policies provided by ISOC + and past policies developed by the previous IAOC may provide a useful + starting point for the Board to consider. + +8.1. Conflict of Interest Policy + + The Board is expected to maintain a Conflict of Interest policy for + the IETF LLC. While the details are determined by the Board, at a + minimum such policy is expected to include the following: + + * The IETF, ISOC Board, IAB, or IRTF chair cannot be chair of the + IETF LLC Board, though they may serve as a Director. + + * A Director cannot be a paid consultant or employee of the IETF + Executive Director or their sub-contractors, nor a paid consultant + or employee of ISOC. + +8.2. Other Policies + + The Board is expected to maintain additional policies for the IETF + LLC as necessary, covering Directors, employees, and contractors, + concerning issues such as: + + * Acceptance of gifts and other non-cash compensation + + * Travel and expense reimbursement + + * Anti-bribery + + * Code of conduct + + * Anti-harassment + + * Non-discrimination + + * Whistleblower + + * Document retention + + * Export controls + + * Anti-terrorism sanctions + + * Data protection and privacy + + * Social media + +8.3. Compliance + + The IETF LLC is expected to implement a compliance program to ensure + its compliance with all applicable laws, rules, and regulations, + including without limitation laws governing bribery, anti-terrorism + sanctions, export controls, data protection/privacy, as well as other + applicable policies noted in Section 8. In addition, actions and + activities of the IETF LLC must be consistent with 501(c)(3) + purposes. + + The IETF LLC is expected to report to ISOC and the IETF community on + the implementation of its compliance plan on an annual basis. + +9. Three-Year Assessment + + The IETF LLC, with the involvement of the community, shall conduct + and complete an assessment of the structure, processes, and operation + of IASA 2.0 and the IETF LLC. This should be presented to the + community after a period of roughly three years of operation. The + assessment may potentially include recommendations for improvements + or changes to the IASA 2.0 and/or IETF LLC. + +10. Security Considerations + + This document describes the structure of IASA 2.0. It introduces no + security considerations for the Internet. + +11. IANA Considerations + + This document has no IANA considerations in the traditional sense. + However, some of the information in this document may affect how the + IETF standards process interfaces with the IANA, so the IANA may be + interested in the contents. + +12. References + +12.1. Normative References + + [IETF-LLC-A] + "Limited Liability Company Agreement of IETF + Administration LLC", August 2018, + <https://www.ietf.org/documents/180/IETF-LLC- + Agreement.pdf>. + + [RFC8712] Camarillo, G. and J. Livingood, "The IETF-ISOC + Relationship", RFC 8712, DOI 10.17487/RFC8712, February + 2020, <https://www.rfc-editor.org/info/rfc8712>. + + [RFC8713] Kucherawy, M., Ed., Hinden, R., Ed., and J. Livingood, + Ed., "IAB, IESG, IETF Trust, and IETF LLC Selection, + Confirmation, and Recall Process: Operation of the IETF + Nominating and Recall Committees", BCP 10, RFC 8713, + DOI 10.17487/RFC8713, February 2020, + <https://www.rfc-editor.org/info/rfc8713>. + +12.2. Informative References + + [IASA2RECS] + Haberman, B., Arkko, J., Daigle, L., Livingood, J., Hall, + J., and E. Rescorla, "IASA 2.0 Design Team + Recommendations", Work in Progress, Internet-Draft, draft- + haberman-iasa20dt-recs-03, 27 November 2018, + <https://tools.ietf.org/html/draft-haberman-iasa20dt-recs- + 03>. + + [ISOC] The Internet Society, "Amended and restated By-Laws of the + Internet Society", October 2019, + <https://www.internetsociety.org/about-internet-society/ + governance-policies/by-laws/>. + + [RFC2014] Weinrib, A. and J. Postel, "IRTF Research Group Guidelines + and Procedures", BCP 8, RFC 2014, DOI 10.17487/RFC2014, + October 1996, <https://www.rfc-editor.org/info/rfc2014>. + + [RFC2026] Bradner, S., "The Internet Standards Process -- Revision + 3", BCP 9, RFC 2026, DOI 10.17487/RFC2026, October 1996, + <https://www.rfc-editor.org/info/rfc2026>. + + [RFC2850] Internet Architecture Board and B. Carpenter, Ed., + "Charter of the Internet Architecture Board (IAB)", + BCP 39, RFC 2850, DOI 10.17487/RFC2850, May 2000, + <https://www.rfc-editor.org/info/rfc2850>. + + [RFC3233] Hoffman, P. and S. Bradner, "Defining the IETF", BCP 58, + RFC 3233, DOI 10.17487/RFC3233, February 2002, + <https://www.rfc-editor.org/info/rfc3233>. + + [RFC3710] Alvestrand, H., "An IESG charter", RFC 3710, + DOI 10.17487/RFC3710, February 2004, + <https://www.rfc-editor.org/info/rfc3710>. + + [RFC4071] Austein, R., Ed. and B. Wijnen, Ed., "Structure of the + IETF Administrative Support Activity (IASA)", BCP 101, + RFC 4071, DOI 10.17487/RFC4071, April 2005, + <https://www.rfc-editor.org/info/rfc4071>. + + [RFC4333] Huston, G., Ed. and B. Wijnen, Ed., "The IETF + Administrative Oversight Committee (IAOC) Member Selection + Guidelines and Process", BCP 113, RFC 4333, + DOI 10.17487/RFC4333, December 2005, + <https://www.rfc-editor.org/info/rfc4333>. + + [RFC7691] Bradner, S., Ed., "Updating the Term Dates of IETF + Administrative Oversight Committee (IAOC) Members", + BCP 101, RFC 7691, DOI 10.17487/RFC7691, November 2015, + <https://www.rfc-editor.org/info/rfc7691>. + + [RFC8714] Arkko, J. and T. Hardie, "Update to the Process for + Selection of Trustees for the IETF Trust", BCP 101, + RFC 8714, DOI 10.17487/RFC8714, February 2020, + <https://www.rfc-editor.org/info/rfc8714>. + + [RFC8718] Lear, E., Ed., "IETF Plenary Meeting Venue Selection + Process", BCP 226, RFC 8718, DOI 10.17487/RFC8718, + February 2020, <https://www.rfc-editor.org/info/rfc8718>. + +Acknowledgments + + Thanks to Jari Arkko, Richard Barnes, Brian E. Carpenter, Alissa + Cooper, John C. Klensin, Bob Hinden, Jon Peterson, Sean Turner, and + the IASA2 Working Group for discussions of possible structures, and + to the attorneys of Morgan Lewis and Brad Biddle for legal advice. + + Coauthor Hall performed work on this document before employment at + the Internet Society, and his affiliation listed in this document is + for identification purposes only. + +Authors' Addresses + + Brian Haberman + Johns Hopkins University + + Email: brian@innovationslab.net + + + Joseph Lorenzo Hall + Internet Society + + Email: hall@isoc.org + + + Jason Livingood + Comcast + + Email: jason_livingood@comcast.com |