Document: draft-ietf-iasa-bcp-04.txt From: Elwyn Davies Date: 20 januari 2005 I have come to this with relatively fresh eyes since I have stayed out of the governance discussions since my work on the problem WG a while back and have only just started following this work again in the last couple of weeks. So pardon me if I am reopening old discussions inappropriately (somebody will doubtless tell me!) Some thoughts: S1, para 3: s/Such support includes/The support for current work includes/ S1, Para 3: > The IASA is also ultimately responsible for the financial > activities associated with IETF administrative support such as > collecting IETF meeting fees, paying invoices, managing budgets and > financial accounts, and so forth. Given that IETF/IASA is operating as some sort of subsidiary of ISOC, I'm not sure that IASA can be ultimately responsible for anything. s/ultimately/day-to-day/ or some such? S1, para 4: 'and met well' ? Nice thought but what does it *actually* mean? S2.2: I know that US data protection laws and practices are not as well developed as European ones, but I think there ought to be some duty to protect the data and generate a suitable privacy policy, as well as keep it available. (Item 7). S2.2: Should the IASA be responsible for ensuring that the IETF (especially if it is run as a subsidiary) fulfils its legal and regulatory responsibilities? It certainly needs to maintain any records that might be needed for such purposes beyond just financial matters. I am not expert in US company law but I am sure there must be *some* things they would need to do. S3, para 3 (also S3.2): Is it a matter of being mealy mouthed, or does the IAOC sub-committee (effectively) not have firing as well as hiring powers over the IAD? S3.1, para 3: This para states that signing powers will be delegated to the IAD up to some specified limit. Who has signing powers beyond this? This is just part of a much wider point about the actual powers of the IETF/IAOC and the relationship with ISOC which I will discuss at the end of these notes. S3.1: I think this whole section should be much clearer about exactly what powers are delegated to the IAD to make commitments, as opposed to just negotiating: ISOC executes the contracts but the IAD will want to know that ISOC is a rubber stamp/back stop for this process and is not going to start second guessing him if he operates within the parameters set for him. This is related to the long discussion on Issue 739. There is also the potential for dispute between IAOC and IAD/ISOC which is not really addressed. s3.4: It would be nice to see a requirement that minutes were published in a set period or at least in a timely fashion after meetings, rather than just regularly. s4: > While there are no hard rules regarding how the IAB and the IESG > should select members of the IAOC, such appointees need not be > current IAB or IESG members (and probably should not be, if only to > avoid overloading the existing leadership). The IAB and IESG should > choose people with some knowledge of contracts and financial > procedures, who are familiar with the administrative support needs > of > the IAB, the IESG, or the IETF standards process. The IAB and IESG > should follow a fairly open process for these selections, perhaps > with an open call for nominations or a period of public comment on > the candidates. The procedure for IAB selection of ISOC Board of > Trustees [RFC3677] might be a good model for how this could work. > After the IETF gains some experience with IAOC selection, these > selection mechanisms should be documented more formally. Given the comments in S3, para 1, should the appointees by 'regular members' of the IETF (i.e., people with a good track record of attending IETF meetings) as with NomCom members are their appointees? So much for the nits: There has been a considerable amount of discussion both earlier on Scenario C and after Pete Resnick's Issue 739 about the 'new' IETF's dependence on the ongoing good will of the ISOC BoT. I understand that this document is intended, in some sense, to represent the best deal we can achieve in retaining a degree of independence from ISOC whilst relying on the financial clout and legal status of ISOC. I think some of the items I highlighted above provide areas where this rather fragile independence could be further eroded if they remain as they are currently. The exact degree of delegation of powers to the IAD, whether the IAOC has really any say in firing an IAD and where signature powers lie in matters beyond the limit delegated to the IAD are all critical to this and need to be addressed explicitly IMO. The issue of whether there is anything further that could be done to provide a dispute resolution process if the IAOC or the IETF as a whole cannot agree with ISOC's approach and yet people do not want to start divorce proceeding remains FFS. Can I finally remind people that although the legalistic stuff is being carried out under US law (or so I take it), the IETF aspires to be an International body, and sensitivities vary, especially on things like data protection!