idnits 2.17.1 draft-ietf-iasa2-rfc4071bis-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document obsoletes RFC7691, but the abstract doesn't seem to directly say this. It does mention RFC7691 though, so this could be OK. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 10, 2019) is 1837 days in the past. Is this intentional? Checking references for intended status: Best Current Practice ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-08) exists of draft-ietf-iasa2-rfc2031bis-04 ** Downref: Normative reference to an Informational draft: draft-ietf-iasa2-rfc2031bis (ref. 'I-D.ietf-iasa2-rfc2031bis') == Outdated reference: A later version (-09) exists of draft-ietf-iasa2-rfc7437bis-06 -- Possible downref: Non-RFC (?) normative reference: ref. 'IETF-LLC-A' -- Obsolete informational reference (is this intentional?): RFC 4071 (Obsoleted by RFC 8711) -- Obsolete informational reference (is this intentional?): RFC 4333 (Obsoleted by RFC 8711) -- Obsolete informational reference (is this intentional?): RFC 7691 (Obsoleted by RFC 8711) Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IASA2 B. Haberman 3 Internet-Draft Johns Hopkins University 4 Obsoletes: 4071, 4333, 7691 (if J. Hall 5 approved) CDT 6 Intended status: Best Current Practice J. Livingood 7 Expires: October 12, 2019 Comcast 8 April 10, 2019 10 Structure of the IETF Administrative Support Activity, Version 2.0 11 draft-ietf-iasa2-rfc4071bis-09 13 Abstract 15 The IETF Administrative Support Activity (IASA) was originally 16 established in 2005. In the years since then, the needs of the IETF 17 evolved in ways that required changes to its administrative 18 structure. The purpose of this document is to document and describe 19 the IASA 2.0 structure. 21 Under IASA 2.0, the work of the IETF's administrative and fundraising 22 tasks is conducted by an administrative organization, the IETF 23 Administration Limited Liability Company ("IETF LLC"). Under this 24 structure, the IETF Administrative Oversight Committee (IAOC) was 25 eliminated, and its oversight and advising functions transferred to 26 the IETF LLC Board. 28 The IETF LLC provides the corporate legal home for the IETF, the 29 Internet Architecture Board (IAB), and the Internet Research Task 30 Force (IRTF), and financial support for the operation of the RFC 31 Editor. 33 This document describes the structure of the IETF Administrative 34 Support Activity, version 2 (IASA 2.0). It defines the roles and 35 responsibilities of the IETF LLC Board, the IETF Executive Director, 36 and ISOC in the fiscal and administrative support of the IETF 37 standards process. It also defines the membership and selection 38 rules for the IETF LLC Board. 40 This document obsoletes RFC 4071, RFC 4333, and RFC 7691. 42 Status of This Memo 44 This Internet-Draft is submitted in full conformance with the 45 provisions of BCP 78 and BCP 79. 47 Internet-Drafts are working documents of the Internet Engineering 48 Task Force (IETF). Note that other groups may also distribute 49 working documents as Internet-Drafts. The list of current Internet- 50 Drafts is at https://datatracker.ietf.org/drafts/current/. 52 Internet-Drafts are draft documents valid for a maximum of six months 53 and may be updated, replaced, or obsoleted by other documents at any 54 time. It is inappropriate to use Internet-Drafts as reference 55 material or to cite them other than as "work in progress." 57 This Internet-Draft will expire on October 12, 2019. 59 Copyright Notice 61 Copyright (c) 2019 IETF Trust and the persons identified as the 62 document authors. All rights reserved. 64 This document is subject to BCP 78 and the IETF Trust's Legal 65 Provisions Relating to IETF Documents 66 (https://trustee.ietf.org/license-info) in effect on the date of 67 publication of this document. Please review these documents 68 carefully, as they describe your rights and restrictions with respect 69 to this document. Code Components extracted from this document must 70 include Simplified BSD License text as described in Section 4.e of 71 the Trust Legal Provisions and are provided without warranty as 72 described in the Simplified BSD License. 74 Table of Contents 76 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 77 2. Scope Limitation . . . . . . . . . . . . . . . . . . . . . . 4 78 3. LLC Agreement with the Internet Society . . . . . . . . . . . 4 79 4. Definitions and Principles . . . . . . . . . . . . . . . . . 5 80 4.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 81 4.2. Key Differences From the Old IASA Structure to IASA 2.0 . 6 82 4.3. General IETF LLC Responsibilities . . . . . . . . . . . . 6 83 4.4. IETF LLC Working Principles . . . . . . . . . . . . . . . 7 84 4.5. Principles of the IETF and ISOC Relationship . . . . . . 8 85 4.6. Relationship of the IETF LLC Board to the IETF Leadership 8 86 4.7. Review of IETF Executive Director and IETF LLC Board 87 Decisions . . . . . . . . . . . . . . . . . . . . . . . . 8 88 4.8. Termination and Change . . . . . . . . . . . . . . . . . 9 89 5. Structure of IASA2 . . . . . . . . . . . . . . . . . . . . . 9 90 5.1. IETF Executive Director and Staff Responsibilities . . . 9 91 5.2. IETF LLC Board Responsibilities . . . . . . . . . . . . . 11 92 5.3. Board Design Goals . . . . . . . . . . . . . . . . . . . 13 93 6. IETF LLC Board Membership, Selection and Accountability . . . 13 94 6.1. Board Composition . . . . . . . . . . . . . . . . . . . . 13 95 6.2. IETF LLC-Appointed Directors . . . . . . . . . . . . . . 14 96 6.3. Recruiting IETF LLC Board Directors . . . . . . . . . . . 14 97 6.4. IETF LLC Board Director Term Length . . . . . . . . . . . 14 98 6.5. IETF LLC Board Director Limit . . . . . . . . . . . . . . 15 99 6.6. Staggered Terms . . . . . . . . . . . . . . . . . . . . . 15 100 6.7. IETF LLC Board Director Removal . . . . . . . . . . . . . 15 101 6.8. Filling an IETF LLC Board Director Vacancy . . . . . . . 16 102 6.9. Quorum . . . . . . . . . . . . . . . . . . . . . . . . . 16 103 6.10. Board Voting . . . . . . . . . . . . . . . . . . . . . . 16 104 6.11. Interim Board . . . . . . . . . . . . . . . . . . . . . . 16 105 6.12. Board Positions . . . . . . . . . . . . . . . . . . . . . 17 106 7. IETF LLC Funding . . . . . . . . . . . . . . . . . . . . . . 17 107 7.1. Financial Statements . . . . . . . . . . . . . . . . . . 17 108 7.2. Bank and Investment Accounts . . . . . . . . . . . . . . 18 109 7.3. Financial Audits . . . . . . . . . . . . . . . . . . . . 18 110 7.4. ISOC Financial Support . . . . . . . . . . . . . . . . . 18 111 7.5. IETF Meeting Revenues . . . . . . . . . . . . . . . . . . 18 112 7.6. Sponsorships and Donations to the IETF LLC . . . . . . . 18 113 7.7. Focus of Funding Support . . . . . . . . . . . . . . . . 19 114 7.8. Charitable Fundraising Practices . . . . . . . . . . . . 19 115 7.9. Operating Reserve . . . . . . . . . . . . . . . . . . . . 19 116 7.10. Annual Budget Process . . . . . . . . . . . . . . . . . . 19 117 8. IETF LLC Policies . . . . . . . . . . . . . . . . . . . . . . 20 118 8.1. Conflict of Interest Policy . . . . . . . . . . . . . . . 20 119 8.2. Other Policies . . . . . . . . . . . . . . . . . . . . . 21 120 8.3. Compliance . . . . . . . . . . . . . . . . . . . . . . . 21 121 9. Three-Year Assessment . . . . . . . . . . . . . . . . . . . . 21 122 10. Security Considerations . . . . . . . . . . . . . . . . . . . 22 123 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22 124 12. Pronouns . . . . . . . . . . . . . . . . . . . . . . . . . . 22 125 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 22 126 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 22 127 14.1. Normative References . . . . . . . . . . . . . . . . . . 22 128 14.2. Informative References . . . . . . . . . . . . . . . . . 23 129 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 131 1. Introduction 133 The IETF Administrative Support Activity (IASA) was originally 134 established in 2005. In the years since then, the needs of the IETF 135 evolved in ways that required changes to its administrative 136 structure. The purpose of this document is to document and describe 137 the IASA 2.0 structure. 139 Under IASA 2.0, the work of the IETF's administrative and fundraising 140 tasks is conducted by an administrative organization, the IETF 141 Administration Limited Liability Company ("IETF LLC"). Under this 142 structure, the Internet Administrative Oversight Committee (IAOC) is 143 eliminated, and its oversight and advising functions transferred to 144 the IETF LLC Board. 146 The IETF LLC provides the corporate legal home for the IETF, the 147 Internet Architecture Board (IAB), and the Internet Research Task 148 Force (IRTF), and financial support for the operation of the RFC 149 Editor. 151 [I-D.haberman-iasa20dt-recs] discusses the challenges facing the 152 original IASA structure as well as several options for reorganizing 153 the IETF's administration under different legal structures. This 154 document outlines how the chosen option is structured and describes 155 how the organization fits together with existing and new IETF 156 community structures. 158 Under IASA 2.0, most of the responsibilities that [RFC4071] assigned 159 to the IETF Administrative Director (IAD) and the Internet Society 160 (ISOC) were transferred to the IETF LLC and IETF Administration LLC 161 Executive Director (IETF Executive Director). It is the job of the 162 IETF LLC to meet the administrative needs of the IETF and to ensure 163 that the IETF LLC meets the needs of the IETF community. 165 Eliminating the IAOC meant that changes were required in how trustees 166 could be appointed to the IETF Trust. The details of how this is 167 done are outside the scope of this document but are covered in 168 [I-D.ietf-iasa2-trust-update]. 170 This document obsoletes [RFC4071], which specified the original IASA, 171 [RFC4333], which specified the selection guidelines and process for 172 IAOC members and [RFC7691], which specified terms for IAOC members. 174 2. Scope Limitation 176 The document does not propose any changes related to the standards 177 process as currently conducted by the Internet Engineering Steering 178 Group (IESG) and Internet Architecture Board (IAB). In addition, no 179 changes are made to the appeals chain, the process for making and 180 confirming IETF and IAB appointments, the technical work of the 181 Internet Research Task Force (IRTF), or to ISOC's membership in or 182 support of other organizations. 184 3. LLC Agreement with the Internet Society 186 The LLC Agreement between the IETF LLC and ISOC is available at 187 [IETF-LLC-A]. This IASA2 structure, and thus this document, depends 188 on the LLC Agreement and will refer to it to help explain certain 189 aspects of the legal relationship between the IETF LLC and ISOC. 191 The LLC Agreement was developed between legal representatives of the 192 IETF and ISOC and includes all critical terms of the relationship, 193 while still enabling maximum unilateral flexibility for the IETF LLC 194 Board. The LLC Agreement includes only basic details about how the 195 Board manages itself or manages IETF LLC staff, so that the Board has 196 flexibility to make changes without amending the agreement. The 197 Board can independently develop policy or procedures documents that 198 fill gaps. 200 4. Definitions and Principles 202 4.1. Terminology 204 Although most of the terms, abbreviations, and acronyms used in this 205 document are reasonably well known, first-time readers may find some 206 terminology confusing. This section therefore attempts to provide a 207 quick summary. 209 IAB: Internet Architecture Board (see [RFC2026], [RFC2850]). 211 IAD: IETF Administrative Director, a role obsoleted by this document 212 and the ISOC/IETF LLC Agreement ([IETF-LLC-A]) and replaced by the 213 IETF LLC Executive Director. 215 IAOC: IETF Administrative Oversight Committee, a committee that 216 oversaw IETF administrative activity. The IAOC is obsoleted by this 217 document and replaced by the IETF LLC Board. The IETF Trust was 218 formerly populated by IAOC members. Its membership is now distinct 219 from that of the IETF LLC Board (See [I-D.ietf-iasa2-trust-update]).) 221 IASA: The IETF Administrative Support Activity, consists of the IETF 222 LLC board, employees, and contractors. Uses of the term 'IASA' as a 223 proper noun may imply a subset of these roles, or all of them. 225 IASA 2.0: Version 2.0 of the IETF Administrative Support Activity, 226 defined by this document. 228 IESG: Internet Engineering Steering Group (see [RFC2026], [RFC3710]). 230 IETF: Internet Engineering Task Force (see [RFC3233]). 232 IETF Administration LLC: The legal entity - a disregarded Limited 233 Liability Company (LLC) of The Internet Society - established to 234 provide a corporate legal framework for facilitating current and 235 future activities related to the IETF, IAB, and IRTF. It was 236 established by the ISOC/IETF LLC Agreement ([IETF-LLC-A]) and is 237 referred to as "IETF LLC." 239 IETF LLC Executive Director: the Executive Director for the IETF LLC, 240 responsible for day-to-day administrative and operational direction 241 (See Section 5.1). Also referred to as "IETF Executive Director". 243 IETF LLC Board: The Board of Directors of the IETF LLC. The IETF LLC 244 Board is formally a multi-member "manager" of the IETF LLC on behalf 245 of ISOC (See Section 5.2). 247 ISOC: Internet Society (see [I-D.ietf-iasa2-rfc2031bis] and [ISOC]). 249 4.2. Key Differences From the Old IASA Structure to IASA 2.0 251 o The IAOC and IAD roles defined in RFC 4071 are eliminated. 253 o The former ISOC and IAD responsibilities are assigned to a new 254 organization, IETF Administration LLC. 256 o The Board of Directors of the IETF LLC - formally a multi-member 257 "manager" of the IETF LLC on behalf of ISOC - assumes the 258 oversight responsibilities of the IAOC. 260 o The Board of the IETF LLC is more focused on strategy and 261 oversight than the IAOC was, with the IETF Executive Director and 262 their team in charge of day-to-day operations. 264 o The IAD role is replaced with the IETF Executive Director role. 266 o The role that was previously referred to as "IETF Executive 267 Director" in older documents such as [RFC2026] is now "Managing 268 Director, IETF Secretariat". 270 4.3. General IETF LLC Responsibilities 272 The IETF LLC is established to provide administrative support to the 273 IETF. It has no authority over the standards development activities 274 of the IETF. 276 The responsibilities of the IETF LLC are: 278 o Operations. The IETF LLC is responsible for supporting the 279 ongoing operations of the IETF, including meetings and non-meeting 280 activities. 282 o Finances. The IETF LLC is responsible for managing the IETF's 283 finances and budget. 285 o Fundraising. The IETF LLC is responsible for raising money on 286 behalf of the IETF. 288 o Compliance. The IETF LLC is responsible for establishing and 289 enforcing policies to ensure compliance with applicable laws, 290 regulations, and rules. 292 The manner by which these responsibilities under the IETF LLC are 293 organized is intended to address the problems described in Sections 294 3.1.1., 3.1.2, and 3.1.3 of [I-D.haberman-iasa20dt-recs]. 295 Specifically, this is intended to bring greater clarity around roles, 296 responsibilities, representation, decision-making, and authority. 298 In addition, by having the IETF LLC manage the IETF's finances and 299 conduct the IETF's fundraising, confusion about who is responsible 300 for representing the IETF to sponsors and who directs the uses of 301 sponsorship funds should have been eliminated. Finally, having the 302 IETF LLC reside in a defined, distinct legal entity, and taking 303 responsibility for operations, enables the organization to execute 304 its own contracts without the need for review and approval by ISOC. 306 4.4. IETF LLC Working Principles 308 The IETF LLC is expected to conduct its work according to the 309 following principles: 311 o Transparency. The IETF LLC is expected to keep the IETF community 312 informed about its work, subject to reasonable confidentiality 313 concerns, and to engage with the community to obtain consensus- 314 based community input on key issues and otherwise as needed. The 315 IETF community expects complete visibility into the financial and 316 legal structure of the IETF LLC. This includes information about 317 the IETF LLC annual budget and associated regular financial 318 reports, results of financial and any other independent audits, 319 tax filings, significant contracts or other significant long-term 320 financial commitments that bind the IETF LLC. As discussed in 321 [ietf101-slides], whatever doesn't have a specific justification 322 for being kept confidential is expected to be made public. The 323 Board is expected to develop and maintain a public list of 324 confidential items, describing the nature of the information and 325 the reason for confidentiality. The Board will also publish its 326 operating procedures. 328 o Responsiveness to the community. The IETF LLC is expected to act 329 consistently with the documented consensus of the IETF community, 330 to be responsive to the community's needs, and to adapt its 331 decisions in response to consensus-based community feedback. 333 o Diligence. The IETF LLC is expected to act responsibly so as to 334 minimize risks to IETF participants and to the future of the IETF 335 as a whole, such as financial risks. 337 o Unification: The IETF LLC provides the corporate legal home for 338 the IETF, the Internet Architecture Board (IAB), and the Internet 339 Research Task Force (IRTF), and financial support for the 340 operation of the RFC Editor. 342 o Transfer or Dissolution: Consistent with [IETF-LLC-A], the IETF 343 LLC subsidiary may be transferred from ISOC to another 344 organization, at the request of either party. Similarly, the IETF 345 LLC may be dissolved if necessary. Should either event occur, the 346 IETF community should be closely involved in any decisions and 347 plans. Any transfer, transition, or dissolution should be 348 conducted carefully and with minimal potential disruption to the 349 IETF. 351 The transparency and responsiveness principles are designed to 352 address the concern outlined in Section 3.3 of 353 [I-D.haberman-iasa20dt-recs] about the need for improved timeliness 354 of sharing of information and decisions and seeking community 355 comments. The issue of increased transparency was important 356 throughout the IASA 2.0 process, with little to no dissent. It was 357 recognized that there will naturally be confidentiality requirements 358 about some aspects of contracting, personnel matters, and other 359 narrow areas. 361 4.5. Principles of the IETF and ISOC Relationship 363 The principles of the relationship between the IETF and ISOC are 364 outlined in [I-D.ietf-iasa2-rfc2031bis]. In short, the IETF is 365 responsible for the development of the Internet Standards and ISOC 366 aids the IETF by providing it a legal entity within which the IETF 367 LLC exists, as well as with financial support. 369 4.6. Relationship of the IETF LLC Board to the IETF Leadership 371 The IETF LLC Board is directly accountable to the IETF community for 372 the performance of the IASA 2.0. However, the nature of the Board's 373 work involves treating the IESG, IRTF, and IAB as major internal 374 customers of the administrative support services. The Board and the 375 IETF Executive Director should not consider their work successful 376 unless the IESG, IRTF, and IAB are also satisfied with the 377 administrative support that the IETF is receiving. 379 4.7. Review of IETF Executive Director and IETF LLC Board Decisions 381 The IETF LLC Board is directly accountable to the IETF community for 382 the performance of the IASA 2.0, including hiring and managing the 383 IETF Executive Director. In extreme cases of dissatisfaction with 384 the IETF LLC, the IETF community can utilize the recall process as 385 noted in Section 6.7. 387 Anyone in the community of IETF participants may ask the Board for a 388 formal review of a decision or action by the IETF Executive Director 389 or Board if they believe this was not undertaken in accordance with 390 IETF BCPs or IETF LLC Board policies and procedures. 392 A formal request for review must be addressed to the IETF LLC Board 393 chair and must include a description of the decision or action to be 394 reviewed, an explanation of how, in the requestor's opinion, the 395 decision or action violates the BCPs or IASA 2.0 operational 396 guidelines, and a suggestion for how the situation could be 397 rectified. 399 The IETF LLC shall respond to such requests within a reasonable 400 period, typically within 90 days, and shall publicly publish 401 information about the request and the corresponding response and/or 402 result. 404 4.8. Termination and Change 406 Any major change to the IASA 2.0 arrangements shall require community 407 consensus and deliberation and shall be reflected by a subsequent 408 Best Current Practice (BCP) document. 410 5. Structure of IASA2 412 5.1. IETF Executive Director and Staff Responsibilities 414 The IETF LLC is led by an IETF Executive Director chosen by the 415 Board. The IETF Executive Director is responsible for managing the 416 day-to-day operations of the IETF LLC, including hiring staff to 417 perform various operational functions. The IETF Executive Director 418 and any staff may be employees or independent contractors. 420 Allowing for the division of responsibilities among multiple staff 421 members and contractors is designed to address some of the concerns 422 raised in Section 3.2 (Lack of Resources) and Section 3.4 (Funding/ 423 Operating Model Mismatch and Rising Costs) of 424 [I-D.haberman-iasa20dt-recs]. 426 Based on the amount of work previously undertaken by the IAD and 427 others involved in the IETF administration, the design of the IETF 428 LLC anticipated that the IETF Executive Director may need to hire 429 multiple additional staff members. For example, resources to manage 430 fundraising, to manage the various contractors that are engaged to 431 fulfill the IETF's administrative needs, and to support outreach and 432 communications were envisioned. 434 The IETF has historically benefitted from the use of contractors for 435 accounting, finance, meeting planning, administrative assistance, 436 legal counsel, tools, and web site support, as well as other services 437 related to the standards process (RFC Editor and IANA). Prior to 438 making the transition from IASA to IASA 2.0, the IETF budget 439 reflected specific support from ISOC for communications and 440 fundraising as well as some general support for accounting, finance, 441 legal, and other services. The division of responsibilities between 442 staff and contractors is at the discretion of the IETF Executive 443 Director and their staff. 445 The IETF has a long history of community involvement in the execution 446 of certain administrative functions, in particular development of 447 IETF tools, the NOC's operation of the meeting network, and some 448 outreach and communications activities conducted by the Education and 449 Mentoring Directorate. The IETF LLC staff is expected to respect the 450 IETF community's wishes about community involvement in these and 451 other functions going forward as long as the staff feels that they 452 can meet the otherwise-stated needs of the community. Establishing 453 the framework to allow the IETF LLC to staff each administrative 454 function as appropriate may require the IETF community to document 455 its consensus expectations in areas where no documentation currently 456 exists. 458 In summary, the IETF Executive Director, with support from the team 459 that they alone direct and lead, is responsible for: 461 o Developing and refining an annual budget and other strategic 462 financial planning documents at the direction of the Board. 464 o Executing on the annual budget, including reporting to the Board 465 regularly with forecasts and actual performance to budget. 467 o Hiring and/or contracting the necessary resources to meet their 468 goals, within the defined limits of the IETF Executive Director's 469 authority and within the approved budget. This includes managing 470 and leading any such resources, including performing regular 471 performance reviews. 473 o Following the pre-approval guidelines set forth by the Board for 474 contracts or other decisions that have financial costs that exceed 475 a certain threshold of significance. Such thresholds are expected 476 to be set reasonably high so that the need for such approvals is 477 infrequent and only occurs when something is truly significant or 478 otherwise exceptional. It is expected that the IETF Executive 479 Director is sufficiently empowered to perform the job on a day-to- 480 day basis, being held accountable for meeting high level goals 481 rather than micromanaged. 483 o Regularly updating the Board on operations and other notable 484 issues as reasonable and appropriate. 486 o Ensuring that all staff and/or other resources comply with any 487 applicable policies established or approved by the Board, such as 488 ethics guidelines and/or a code of conduct. 490 5.2. IETF LLC Board Responsibilities 492 This section is intended to provide a summary of key IETF LLC Board 493 responsibilities, but the precise and legally binding 494 responsibilities are defined in the LLC Agreement [IETF-LLC-A] and 495 applicable law. To the extent to which there are unintentional 496 differences or other confusion between this document and these 497 authoritative sources, these sources will control over this document. 499 Board members have fiduciary obligations imposed by the LLC Agreement 500 and applicable law, including duties of loyalty, care and good faith. 501 The Board is responsible to set broad strategic direction for the 502 LLC, and adopt an annual budget, hire or terminate an IETF Executive 503 Director (or amend the terms of their engagement), adopt any employee 504 benefit plans, consult the relevant IETF communities on matters 505 related to the LLC as appropriate, approve any changes to the LLC 506 governance structure, incur any debt, and approve entering into 507 agreements that meet a significant materiality threshold to be 508 determined by the Board. The IETF LLC Board is expected to delegate 509 management of day-to-day activities and related decision-making to 510 staff. 512 Per Section 5(d) of the LLC Agreement and as also described in 513 Section 4.4, the Board shall, as appropriate, act transparently and 514 provide the IETF community with an opportunity to review and discuss 515 any proposed changes to the IETF LLC structure prior to their 516 adoption. 518 The role of the Board is to ensure that the strategy and conduct of 519 the IETF LLC is consistent with the IETF's needs - both its concrete 520 needs and its needs for transparency and accountability. The Board 521 is not intended to directly define the IETF's needs; to the extent 522 that is required, the IETF community should document its needs in 523 consensus-based RFCs (e.g., as the community did in 524 [I-D.ietf-mtgvenue-iaoc-venue-selection-process]) and provide more 525 detailed input via consultations with the Board (such as takes place 526 on email discussion lists or at IETF meetings). 528 Key IETF LLC Board responsibilities include: 530 o Set broad strategic direction for the LLC. 532 o Hire or terminate an IETF Executive Director (or amending the 533 terms of their engagement). 535 o Delegate management of day-to-day activities and related decision- 536 making to staff. 538 o Adopt any employee benefit plans. 540 o Consult the relevant IETF communities on matters related to the 541 LLC, as appropriate. 543 o Approve any changes to the LLC governance structure. 545 o Adopt an annual budget and, as necessary, incur any debt. 547 o Prepare accurate and timely financial statements for ISOC, and in 548 accordance with generally accepted accounting principles. 550 o Provide assistance to help facilitate ISOC's tax compliance, 551 including but not limited to assistance related to preparing the 552 Form 990 and responding to any IRS questions and audits. 554 o Approve entering into agreements that that meet a significant 555 materiality threshold to be determined by the Board. 557 o Limit its activities to the purposes as set forth in Section 4 of 558 the LLC Agreement, in a manner consistent with ISOC's charitable 559 purposes. 561 o Establish an investment policy. 563 o Use best efforts to conduct all of its activities in strict 564 compliance with the LLC Agreement and all applicable laws, rules 565 and regulations. 567 o Ensure that IETF LLC is run in a manner that is transparent and 568 accountable to the IETF community; 570 o Develop policies, including those noted in Section 8), procedures, 571 and a compliance program. 573 o Obtain Commercial General Liability and other appropriate 574 insurance policies, with agreed-upon coverage limits. 576 o Recruit new Directors for consideration in all of the various 577 appointment processes. 579 5.3. Board Design Goals 581 A goal of this Board composition is to balance the need for the IETF 582 LLC to be accountable to the IETF community with the need for this 583 Board to have the expertise necessary to oversee a small non-profit 584 company. The Board is smaller than the previous IAOC and the other 585 leadership bodies of the IETF, in part to keep the Board focused on 586 its rather limited set of strategic responsibilities as noted in 587 Section 5.2. 589 This board structure, with limited strategic responsibilities noted 590 in Section 5.2 and limited size, together with the staff 591 responsibilities noted in Section 5.1, is designed to overcome the 592 challenges described in Section 3.1.4 of [I-D.haberman-iasa20dt-recs] 593 concerning oversight. This establishes a clear line of oversight 594 over staff performance: the IETF LLC Board oversees the IETF 595 Executive Director's performance and has actual legal authority to 596 remove a non-performing IETF Executive Director. The IETF Executive 597 Director is responsible for the day-to-day operation of the IETF LLC. 599 Finally, the Board would be expected to operate transparently, to 600 further address the concern raised in Section 3.3 of 601 [I-D.haberman-iasa20dt-recs]. The default transparency rule arrived 602 at during the IASA 2.0 design process is detailed above in 603 Section 4.4. The Board will need to establish how it will meet that 604 commitment. 606 6. IETF LLC Board Membership, Selection and Accountability 608 The section outlines the composition of the IETF LLC Board, selection 609 of IETF LLC Board Directors, and related details. 611 6.1. Board Composition 613 There is a minimum of 5 directors, expandable to 6 or 7. 615 o 1 IETF Chair or delegate selected by the IESG 617 o 1 Appointed by the ISOC Board of Trustees 619 o 3 Selected by the IETF NomCom, confirmed by the IESG 621 o Up to 2 Appointed by the IETF LLC board itself, on an as-needed 622 basis, confirmed by the IESG 624 For the first slot listed above, the presumption is that the IETF 625 Chair will serve on the board. At the IESG's discretion, another 626 area director may serve instead, or exceptionally the IESG may run a 627 selection process to appoint a director. The goal of having this 628 slot on the board is to maintain coordination and communication 629 between the board and the IESG. 631 6.2. IETF LLC-Appointed Directors 633 As noted above, a maximum of two Directors may be appointed by the 634 IETF LLC Board. They can obviously choose to appoint none, one, or 635 two. These appointments need not be on an exceptional basis, but 636 rather be routine, and may occur at any time of the year since it is 637 on an as-needed basis. 639 The appointment of a Board-appointed Director requires a two-thirds 640 majority vote of the Directors then in office, and the appointee 641 shall take office immediately upon appointment. The term of each 642 appointment is designated by the Board, with the maximum term being 643 three years, or until their earlier resignation, removal or death. 644 The Board may decide on a case-by-case basis how long each term shall 645 be, factoring in the restriction for consecutive terms in 646 Section 6.4. 648 6.3. Recruiting IETF LLC Board Directors 650 The Board itself is expected to take an active role in recruiting 651 potential new Directors, regardless of the process that may be used 652 to appoint them. In particular, the NomCom is primarily focused on 653 considering requirements expressed by the Board and others, reviewing 654 community feedback on candidates, conducting candidate interviews, 655 and ultimately appointing Directors. The Board and others can 656 recruit potential Directors and get them into the consideration 657 process of the NomCom or into open considerations processes of the 658 other appointing bodies if those bodies choose to use such processes. 660 6.4. IETF LLC Board Director Term Length 662 The term length for a Director is three years. The exceptions to 663 this guideline are: 665 o For the terms for some Directors during the first full formation 666 of the IETF LLC Board in order to establish staggered terms and 667 for any appointments to fill a vacancy. 669 o The Director slot occupied by the IETF Chair ex officio or a 670 delegate selected by the IESG will serve a two-year term. This 671 applies regardless of whether the appointed individual is on the 672 IESG, rotates off the IESG during the two-year term, or is not on 673 the IESG. This makes the term length for this slot the same as 674 the term lengths established in [I-D.ietf-iasa2-rfc7437bis], 675 Section 3.4. 677 6.5. IETF LLC Board Director Limit 679 A director may serve no more than two consecutive terms. A director 680 cannot serve a third term until three years have passed since their 681 second consecutive term. An exception is if a Director role is 682 occupied by the IETF Chair ex officio, since that person's service is 683 governed instead by the term lengths established in 684 [I-D.ietf-iasa2-rfc7437bis], Section 3.4. 686 An exception to the two consecutive term rule is for an IETF LLC- 687 appointed Director. For such a Director, they may serve only one 688 term via this appointment method, after which any subsequent terms 689 would be occur via other appointment or selection processes (such as 690 via the NomCom process). 692 Lastly, partial terms of less than three years for the initial 693 appointments to the first full board, for which some Directors will 694 have terms of one or two years, do not count against the term limit. 696 The limit on consecutive terms supports the healthy regular 697 introduction of new ideas and energy into the Board and mitigates 698 potential long-term risk of ossification or conflict, without 699 adversely impacting the potential pool of director candidates over 700 time. 702 6.6. Staggered Terms 704 The Internet Society Board of Trustees, the IESG, the Nominating 705 Committee, and the Board are expected to coordinate with each other 706 to ensure that collectively their appointment or selection processes 707 provide for no more than three Directors' terms concluding in the 708 same year. 710 6.7. IETF LLC Board Director Removal 712 NomCom-appointed and IESG-appointed Directors may be removed with or 713 without cause. A vote in favor of removal must be no fewer than the 714 number of Directors less two. So for example, if there are seven 715 directors, then five votes are required. Directors may also be 716 removed via the IETF recall process defined in 717 [I-D.ietf-iasa2-rfc7437bis], Section 7. 719 6.8. Filling an IETF LLC Board Director Vacancy 721 It shall be the responsibility of each respective body that appointed 722 or selected a Director that vacates the Board to appoint a new 723 Director to fill the vacancy. For example, if a Director selected by 724 the NomCom departs the Board prior to the end of their term for 725 whatever reason, then it is the responsibility of the NomCom (using 726 its mid-term rules, as specified in [I-D.ietf-iasa2-rfc7437bis], 727 Section 3.5) as the original appointing body to designate a 728 replacement that will serve out the remainder of the term of the 729 departed Director. However, this obligation will not apply to 730 vacancies in Board-appointed positions. 732 6.9. Quorum 734 At all meetings of the Board, two-thirds of the Directors then in 735 office shall constitute a quorum for the transaction of business. 736 Unless a greater affirmative vote is expressly required for an action 737 under applicable law, the LLC Agreement, or an applicable Board 738 policy, the affirmative vote of two-thirds of the Directors then in 739 office shall be an act of the Board. 741 6.10. Board Voting 743 Board decisions may be made either by vote communicated in a meeting 744 of the Board (including telephonic and video), or via an asynchronous 745 written (including electronic) process. Absentee voting and voting 746 by proxy shall not be permitted. If a quorum is not present at any 747 meeting of the Board, the Directors present may adjourn the meeting 748 from time to time, without notice other than announcement at the 749 meeting, until a quorum is present. Voting thresholds for Director 750 removal are described in Section 6.7. 752 6.11. Interim Board 754 An initial interim Board was necessary in order to legally form and 755 bootstrap the IETF LLC. As a result, an Interim Board was formed on 756 a temporary basis until the first full board was constituted. 758 The interim Board was comprised of: 760 o The IETF chair, ex officio 762 o The IAOC chair, ex officio 764 o The IAB chair, ex officio 766 o One ISOC trustee, selected by the ISOC Board of Trustees 768 6.12. Board Positions 770 Following the formation of the first permanent Board, and annually 771 thereafter, the Directors shall elect a Director to serve as Board 772 Chair by majority vote. The IETF, IAB and IRTF chairs, and the chair 773 of ISOC's Board, will be ineligible for this Board Chair role. The 774 Board may also form committees of the Board and/or define other roles 775 for Board Directors as necessary. 777 7. IETF LLC Funding 779 The IETF LLC must function within a budget of costs balanced against 780 limited revenues. The IETF community expects the IETF LLC to work to 781 attain that goal, in order to maintain a viable support function that 782 provides the environment within which the work of the IETF, IAB, 783 IRTF, and RFC Editor can remain vibrant and productive. 785 The IETF LLC was generating income from a few key sources at the time 786 that this document was written, as enumerated below. Additional 787 sources of income may be developed in the future, within the general 788 bounds noted in Section 7.8, and some of these may decline in 789 relevance or go away. As a result this list is subject to change 790 over time and is merely an example of the primary sources of income 791 for the IETF LLC at the time of this writing: 793 1. ISOC support 795 2. IETF meeting revenues 797 3. Sponsorships (monetary and/or in-kind) 799 4. Donations (monetary and/or in-kind) 801 7.1. Financial Statements 803 As noted in Section 5.2, the IETF LLC must comply with relevant tax 804 laws, such as filing an annual IRS Form 990. Other official 805 financial statements may also be required. 807 In addition to these official financial statements and forms, the 808 IETF LLC is also expected to report on a regular basis to the IETF 809 community on the current and future annual budget, budget forecasts 810 vs. actuals over the course of a fiscal year, and on other 811 significant projects as needed. This regular reporting to the IETF 812 community is expected to be reported in the form of standard 813 financial statements that reflect the income, expenses, assets, and 814 liabilities of the IETF LLC. 816 7.2. Bank and Investment Accounts 818 The IETF LLC maintains its own bank account, separate and distinct 819 from ISOC. The IETF LLC may at its discretion create additional 820 accounts as needed. Similarly, the IETF LLC may as needed create 821 investment accounts in support of its financial goals and objectives. 823 7.3. Financial Audits 825 The IETF LLC is expected to retain and work with an independent 826 auditor. Reports from the auditor are expected to be shared with the 827 IETF community and other groups and organizations as needed or as 828 required by law. 830 7.4. ISOC Financial Support 832 ISOC currently provides significant financial support to the IETF 833 LLC. Exhibit B of the [IETF-LLC-A] summarizes the financial support 834 from ISOC for the foreseeable future. It is expected that this 835 support will be periodically reviewed and revised, via a cooperative 836 assessment process between ISOC and the IETF LLC. 838 7.5. IETF Meeting Revenues 840 Meeting revenues are another important source of funding that 841 supports the IETF, coming mainly from the fees paid by IETF meeting 842 participants. The IETF Executive Director sets those meeting fees, 843 in consultation with other IETF LLC staff and the IETF community, 844 with approval by the IETF LLC Board. Setting these fees and 845 projecting the number of participants at future meetings is a key 846 part of the annual budget process. 848 7.6. Sponsorships and Donations to the IETF LLC 850 Sponsorships and donations are an essential component of the 851 financial support for the IETF. Within the general bounds noted in 852 Section 7.8, the IETF LLC is responsible for fundraising activities 853 in order to establish, maintain, and grow a strong foundation of 854 donation revenues. This can and does include both direct financial 855 contributions as well as in-kind contributions, such as equipment, 856 software licenses, and services. 858 Sponsorships and donations to the IETF LLC do not (and must not) 859 convey to sponsors and donors any special oversight or direct 860 influence over the IETF's technical work or other activities of the 861 IETF or IETF LLC. This helps ensure that no undue influence may be 862 ascribed to those from whom funds are raised, and so helps to 863 maintain an open and consensus-based IETF standards process. 865 To the extent that the IETF LLC needs to undertake any significant 866 special projects for the IETF, the IETF LLC may need to fundraise 867 distinctly for those special projects. As a result, the IETF LLC may 868 conduct fundraising to support the IETF in general as well as one or 869 more special fundraising efforts (which may also be accounted for 870 distinctly and be held in a separate bank account or investment, as 871 needed). 873 7.7. Focus of Funding Support 875 The IETF LLC exists to support the IETF, IAB, and IRTF. Therefore, 876 the IETF LLC's funding and all revenues, in-kind contributions, and 877 other income that comprise that funding shall be used solely to 878 support activities related to the IETF, IAB, IRTF, and RFC Editor, 879 and for no other purposes. 881 7.8. Charitable Fundraising Practices 883 When the IETF LLC conducts fundraising, it substantiates charitable 884 contributions on behalf of ISOC - meaning that according to US tax 885 law, the IETF LLC must send a written acknowledgment of contributions 886 to donors. The IETF LLC evaluates and facilitates state, federal, 887 and other applicable law and regulatory compliance for ISOC and/or 888 the LLC with respect to such fundraising activities. In addition, 889 the IETF LLC ensures that all fundraising activities are conducted in 890 compliance with any policies developed by the IETF LLC, including but 891 not limited to those noted in Section 8. 893 7.9. Operating Reserve 895 An initial target operating reserve has been specified in Exhibit B 896 of the [IETF-LLC-A]. That says that the IETF LLC should maintain an 897 operating reserve equal to the IETF LLC's budgeted Net Loss for 2019 898 multiplied times three. The IETF LLC, in cooperation with ISOC, may 899 regularly review the financial target for this reserve fund, as noted 900 in the [IETF-LLC-A] or as otherwise necessary. 902 Should the IETF LLC generate an annual budget surplus, it may choose 903 to direct all or part of the surplus towards the growth of the 904 operating reserve. 906 7.10. Annual Budget Process 908 As noted in Section 4.3, the IETF LLC is responsible for managing the 909 IETF's finances and budget. A key part of this responsibility is 910 establishing, maintaining, and successfully meeting an annual budget. 911 This is essential to the continued operation and vibrancy of the 912 IETF's technical activities and establishes trust with ISOC, 913 sponsors, and donors that funds are being appropriately spent, and 914 that financial oversight is being conducted properly. This is also 915 essential to the IETF LLC meeting applicable legal and tax 916 requirements and is a core part of the Board's fiduciary 917 responsibilities. 919 As explained in Section 5.1, the IETF Executive Director is expected 920 to develop, execute, and report on the annual budget. Regular 921 reporting is expected to include forecast vs. budget statements, 922 including updated projections of income and expenses for the full 923 fiscal year. 925 The Board, as explained in Section 5.2, is expected to review and 926 approve the budget, as well as to provide ongoing oversight of the 927 budget and of any other significant financial matters. 929 The annual budget is expected to be developed in an open, 930 transparent, and collaborative manner, in accordance with 931 Section 4.4. The specific timeline for the development, review, and 932 approval of the IETF LLC annual budget is established by the Board 933 and may be revised as needed. 935 8. IETF LLC Policies 937 The Board is expected to maintain policies as necessary to achieve 938 the goals of the IETF LLC, meet transparency expectations of the 939 community, comply with applicable laws or regulations, or for other 940 reasons as appropriate. All policies are expected to be developed 941 with input from the IETF community. Some policies provided by ISOC 942 and past policies developed by the previous IAOC may provide a useful 943 starting point for the Board to consider. 945 8.1. Conflict of Interest Policy 947 The Board is expected to maintain a Conflict of Interest policy for 948 the IETF LLC. While the details are determined by the Board, at a 949 minimum such policy is expected to include the following: 951 o The IETF, ISOC Board, IAB, or IRTF chair cannot be chair of the 952 IETF LLC Board, though they may serve as a Director. 954 o A Director cannot be a paid consultant or employee of the IETF 955 Executive Director or their sub-contractors, nor a paid consultant 956 or employee of ISOC. 958 8.2. Other Policies 960 The Board is expected to maintain additional policies for the IETF 961 LLC as necessary, covering Directors, employees, and contractors, 962 concerning issues such as: 964 o Acceptance of gifts and other non-cash compensation; 966 o Travel and expense reimbursement; 968 o Anti-bribery; 970 o Code of conduct; 972 o Anti-harassment; 974 o Non-discrimination; 976 o Whistleblower; 978 o Document retention; 980 o Export controls; 982 o Anti-terrorism sanctions; 984 o Data protection and privacy; 986 o Social media 988 8.3. Compliance 990 The IETF LLC is expected to implement a compliance program to ensure 991 its compliance with all applicable laws, rules and regulations, 992 including without limitation laws governing bribery, anti-terrorism 993 sanctions, export controls, data protection/privacy, as well as other 994 applicable policies noted in Section 8. In addition, actions and 995 activities of the IETF LLC must be consistent with 501(c)(3) 996 purposes. 998 The IETF LLC is expected report to ISOC and the IETF community on the 999 implementation of its compliance plan on an annual basis. 1001 9. Three-Year Assessment 1003 The IETF LLC, with the involvement of the community, shall conduct 1004 and complete an assessment of the structure, processes, and operation 1005 of IASA 2.0 and the IETF LLC. This should be presented to the 1006 community after a period of roughly three years of operation. The 1007 assessment may potentially include recommendations for improvements 1008 or changes to the IASA2 and/or IETF LLC. 1010 10. Security Considerations 1012 This document describes the structure of the IETF's Administrative 1013 Support Activity (IASA), version 2 (IASA2). It introduces no 1014 security considerations for the Internet. 1016 11. IANA Considerations 1018 This document has no IANA considerations in the traditional sense. 1019 However, some of the information in this document may affect how the 1020 IETF standards process interfaces with the IANA, so the IANA may be 1021 interested in the contents. 1023 12. Pronouns 1025 This document has used "they" and "their" as a non-gender-specific 1026 pronoun to refer to a single individual. 1028 13. Acknowledgments 1030 Thanks to Jari Arkko, Richard Barnes, Brian E Carpenter, Alissa 1031 Cooper, John C Klensin, Bob Hinden, Jon Peterson, Sean Turner and the 1032 IASA2 Working Group for discussions of possible structures, and to 1033 the attorneys of Morgan Lewis and Brad Biddle for legal advice. 1035 14. References 1037 14.1. Normative References 1039 [I-D.ietf-iasa2-rfc2031bis] 1040 Camarillo, G. and J. Livingood, "The IETF-ISOC 1041 Relationship", draft-ietf-iasa2-rfc2031bis-04 (work in 1042 progress), February 2019. 1044 [I-D.ietf-iasa2-rfc7437bis] 1045 Kucherawy, M., Hinden, R., and J. Livingood, "IAB, IESG, 1046 IETF Trust and IETF LLC Selection, Confirmation, and 1047 Recall Process: Operation of the IETF Nominating and 1048 Recall Committees", draft-ietf-iasa2-rfc7437bis-06 (work 1049 in progress), March 2019. 1051 [IETF-LLC-A] 1052 The Internet Society, "Limited Liability Company Agreement 1053 of IETF Administration LLC", August 2018, 1054 . 1057 14.2. Informative References 1059 [I-D.haberman-iasa20dt-recs] 1060 Haberman, B., Arkko, J., Daigle, L., Livingood, J., Hall, 1061 J., and E. Rescorla, "IASA 2.0 Design Team 1062 Recommendations", draft-haberman-iasa20dt-recs-03 (work in 1063 progress), November 2018. 1065 [I-D.ietf-iasa2-trust-update] 1066 Arkko, J. and T. Hardie, "Update to the Process for 1067 Selection of Trustees for the IETF Trust", draft-ietf- 1068 iasa2-trust-update-03 (work in progress), February 2019. 1070 [I-D.ietf-mtgvenue-iaoc-venue-selection-process] 1071 Lear, E., "IETF Plenary Meeting Venue Selection Process", 1072 draft-ietf-mtgvenue-iaoc-venue-selection-process-16 (work 1073 in progress), June 2018. 1075 [ietf101-slides] 1076 Hall, J., "IASA 2.0 IETF-101 Slides", n.d., 1077 . 1080 [ietf102-slides] 1081 Hall, J., "IASA 2.0 IETF-102 Slides", n.d., 1082 . 1085 [ISOC] The Internet Society, "Amended and restated By-Laws of the 1086 Internet Society", July 2018, 1087 . 1090 [RFC2026] Bradner, S., "The Internet Standards Process -- Revision 1091 3", BCP 9, RFC 2026, DOI 10.17487/RFC2026, October 1996, 1092 . 1094 [RFC2850] Internet Architecture Board and B. Carpenter, Ed., 1095 "Charter of the Internet Architecture Board (IAB)", 1096 BCP 39, RFC 2850, DOI 10.17487/RFC2850, May 2000, 1097 . 1099 [RFC3233] Hoffman, P. and S. Bradner, "Defining the IETF", BCP 58, 1100 RFC 3233, DOI 10.17487/RFC3233, February 2002, 1101 . 1103 [RFC3710] Alvestrand, H., "An IESG charter", RFC 3710, 1104 DOI 10.17487/RFC3710, February 2004, 1105 . 1107 [RFC4071] Austein, R., Ed. and B. Wijnen, Ed., "Structure of the 1108 IETF Administrative Support Activity (IASA)", BCP 101, 1109 RFC 4071, DOI 10.17487/RFC4071, April 2005, 1110 . 1112 [RFC4333] Huston, G., Ed. and B. Wijnen, Ed., "The IETF 1113 Administrative Oversight Committee (IAOC) Member Selection 1114 Guidelines and Process", BCP 113, RFC 4333, 1115 DOI 10.17487/RFC4333, December 2005, 1116 . 1118 [RFC7691] Bradner, S., Ed., "Updating the Term Dates of IETF 1119 Administrative Oversight Committee (IAOC) Members", 1120 BCP 101, RFC 7691, DOI 10.17487/RFC7691, November 2015, 1121 . 1123 Authors' Addresses 1125 Brian Haberman 1126 Johns Hopkins University 1128 Email: brian@innovationslab.net 1130 Joseph Lorenzo Hall 1131 CDT 1133 Email: joe@cdt.org 1135 Jason Livingood 1136 Comcast 1138 Email: jason_livingood@comcast.com