Internet DRAFT - draft-ietf-iasa2-rfc4071bis

draft-ietf-iasa2-rfc4071bis







IASA2                                                        B. Haberman
Internet-Draft                                  Johns Hopkins University
Obsoletes: 4071, 4333, 7691 (if                                  J. Hall
           approved)                                                 CDT
Intended status: Best Current Practice                      J. Livingood
Expires: October 14, 2019                                        Comcast
                                                          April 12, 2019


   Structure of the IETF Administrative Support Activity, Version 2.0
                     draft-ietf-iasa2-rfc4071bis-11

Abstract

   The IETF Administrative Support Activity (IASA) was originally
   established in 2005.  In the years since then, the needs of the IETF
   evolved in ways that required changes to its administrative
   structure.  The purpose of this document is to document and describe
   the IETF Administrative Support Activity, version 2 (IASA 2.0).  It
   defines the roles and responsibilities of the IETF Administration LLC
   Board, the IETF Executive Director, and the Internet Society in the
   fiscal and administrative support of the IETF standards process.  It
   also defines the membership and selection rules for the IETF
   Administration LLC Board.

   This document obsoletes RFC 4071, RFC 4333, and RFC 7691.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on October 14, 2019.








Haberman, et al.        Expires October 14, 2019                [Page 1]

Internet-Draft                    IASA2                       April 2019


Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Scope Limitation  . . . . . . . . . . . . . . . . . . . . . .   4
   3.  LLC Agreement with the Internet Society . . . . . . . . . . .   4
   4.  Definitions and Principles  . . . . . . . . . . . . . . . . .   5
     4.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   5
     4.2.  Key Differences From the Old IASA Structure to IASA 2.0 .   6
     4.3.  General IETF LLC Responsibilities . . . . . . . . . . . .   6
     4.4.  IETF LLC Working Principles . . . . . . . . . . . . . . .   7
     4.5.  Principles of the IETF and ISOC Relationship  . . . . . .   8
     4.6.  Relationship of the IETF LLC Board to the IETF Leadership   8
     4.7.  Review of IETF Executive Director and IETF LLC Board
           Decisions . . . . . . . . . . . . . . . . . . . . . . . .   8
     4.8.  Termination and Change  . . . . . . . . . . . . . . . . .   9
   5.  Structure of IASA2  . . . . . . . . . . . . . . . . . . . . .   9
     5.1.  IETF Executive Director and Staff Responsibilities  . . .   9
     5.2.  IETF LLC Board Responsibilities . . . . . . . . . . . . .  11
     5.3.  Board Design Goals  . . . . . . . . . . . . . . . . . . .  12
   6.  IETF LLC Board Membership, Selection and Accountability . . .  13
     6.1.  Board Composition . . . . . . . . . . . . . . . . . . . .  13
     6.2.  IETF LLC-Appointed Directors  . . . . . . . . . . . . . .  14
     6.3.  Recruiting IETF LLC Board Directors . . . . . . . . . . .  14
     6.4.  IETF LLC Board Director Term Length . . . . . . . . . . .  14
     6.5.  IETF LLC Board Director Limit . . . . . . . . . . . . . .  15
     6.6.  Staggered Terms . . . . . . . . . . . . . . . . . . . . .  15
     6.7.  IETF LLC Board Director Removal . . . . . . . . . . . . .  15
     6.8.  Filling an IETF LLC Board Director Vacancy  . . . . . . .  16
     6.9.  Quorum  . . . . . . . . . . . . . . . . . . . . . . . . .  16
     6.10. Board Voting  . . . . . . . . . . . . . . . . . . . . . .  16
     6.11. Interim Board . . . . . . . . . . . . . . . . . . . . . .  16
     6.12. Board Positions . . . . . . . . . . . . . . . . . . . . .  17
   7.  IETF LLC Funding  . . . . . . . . . . . . . . . . . . . . . .  17



Haberman, et al.        Expires October 14, 2019                [Page 2]

Internet-Draft                    IASA2                       April 2019


     7.1.  Financial Statements  . . . . . . . . . . . . . . . . . .  17
     7.2.  Bank and Investment Accounts  . . . . . . . . . . . . . .  18
     7.3.  Financial Audits  . . . . . . . . . . . . . . . . . . . .  18
     7.4.  ISOC Financial Support  . . . . . . . . . . . . . . . . .  18
     7.5.  IETF Meeting Revenues . . . . . . . . . . . . . . . . . .  18
     7.6.  Sponsorships and Donations to the IETF LLC  . . . . . . .  18
     7.7.  Focus of Funding Support  . . . . . . . . . . . . . . . .  19
     7.8.  Charitable Fundraising Practices  . . . . . . . . . . . .  19
     7.9.  Operating Reserve . . . . . . . . . . . . . . . . . . . .  19
     7.10. Annual Budget Process . . . . . . . . . . . . . . . . . .  19
   8.  IETF LLC Policies . . . . . . . . . . . . . . . . . . . . . .  20
     8.1.  Conflict of Interest Policy . . . . . . . . . . . . . . .  20
     8.2.  Other Policies  . . . . . . . . . . . . . . . . . . . . .  21
     8.3.  Compliance  . . . . . . . . . . . . . . . . . . . . . . .  21
   9.  Three-Year Assessment . . . . . . . . . . . . . . . . . . . .  21
   10. Security Considerations . . . . . . . . . . . . . . . . . . .  22
   11. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  22
   12. Pronouns  . . . . . . . . . . . . . . . . . . . . . . . . . .  22
   13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  22
   14. References  . . . . . . . . . . . . . . . . . . . . . . . . .  22
     14.1.  Normative References . . . . . . . . . . . . . . . . . .  22
     14.2.  Informative References . . . . . . . . . . . . . . . . .  23
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  24

1.  Introduction

   The IETF Administrative Support Activity (IASA) was originally
   established in 2005.  In the years since then, the needs of the IETF
   evolved in ways that required changes to its administrative
   structure.  The purpose of this document is to document and describe
   the IASA 2.0 structure.

   Under IASA 2.0, the work of the IETF's administrative and fundraising
   tasks is conducted by an administrative organization, the IETF
   Administration Limited Liability Company ("IETF LLC").  Under this
   structure, the IETF Administrative Oversight Committee (IAOC) is
   eliminated, and its oversight and advising functions transferred to
   the IETF LLC Board.

   The IETF LLC provides the corporate legal home for the IETF, the
   Internet Architecture Board (IAB), and the Internet Research Task
   Force (IRTF), and financial support for the operation of the RFC
   Editor.

   [I-D.haberman-iasa20dt-recs] discusses the challenges facing the
   original IASA structure as well as several options for reorganizing
   the IETF's administration under different legal structures.  This
   document outlines how the chosen option is structured and describes



Haberman, et al.        Expires October 14, 2019                [Page 3]

Internet-Draft                    IASA2                       April 2019


   how the organization fits together with existing and new IETF
   community structures.

   Under IASA 2.0, most of the responsibilities that [RFC4071] assigned
   to the IETF Administrative Director (IAD) and the Internet Society
   (ISOC) were transferred to the IETF LLC and IETF Administration LLC
   Executive Director (IETF Executive Director).  It is the job of the
   IETF LLC to meet the administrative needs of the IETF and to ensure
   that the IETF LLC meets the needs of the IETF community.

   Eliminating the IAOC meant that changes were required in how trustees
   could be appointed to the IETF Trust.  The details of how this is
   done are outside the scope of this document but are covered in
   [I-D.ietf-iasa2-trust-update].

   This document obsoletes [RFC4071], which specified the original IASA,
   [RFC4333], which specified the selection guidelines and process for
   IAOC members and [RFC7691], which specified terms for IAOC members.

2.  Scope Limitation

   The document does not propose any changes related to the standards
   process as currently conducted by the Internet Engineering Steering
   Group (IESG) and Internet Architecture Board (IAB) (see BCP 9
   [RFC2026], BCP 39 [RFC2850]).  In addition, no changes are made to
   the appeals chain, the process for making and confirming IETF and IAB
   appointments (see BCP 10 [I-D.ietf-iasa2-rfc7437bis]), the technical
   work of the Internet Research Task Force (IRTF) (see BCP 8
   [RFC2014]), or to ISOC's membership in or support of other
   organizations.

3.  LLC Agreement with the Internet Society

   The LLC Agreement between the IETF LLC and ISOC is available at
   [IETF-LLC-A].  This IASA2 structure, and thus this document, depends
   on the LLC Agreement and will refer to it to help explain certain
   aspects of the legal relationship between the IETF LLC and ISOC.

   The LLC Agreement was developed between legal representatives of the
   IETF and ISOC and includes all critical terms of the relationship,
   while still enabling maximum unilateral flexibility for the IETF LLC
   Board.  The LLC Agreement includes only basic details about how the
   Board manages itself or manages IETF LLC staff, so that the Board has
   flexibility to make changes without amending the agreement.  The
   Board can independently develop policy or procedures documents that
   fill gaps.





Haberman, et al.        Expires October 14, 2019                [Page 4]

Internet-Draft                    IASA2                       April 2019


4.  Definitions and Principles

4.1.  Terminology

   Although most of the terms, abbreviations, and acronyms used in this
   document are reasonably well known, first-time readers may find some
   terminology confusing.  This section therefore attempts to provide a
   quick summary.

   IAB: Internet Architecture Board (see [RFC2026], [RFC2850]).

   IAD: IETF Administrative Director, a role obsoleted by this document
   and the ISOC/IETF LLC Agreement ([IETF-LLC-A]) and replaced by the
   IETF LLC Executive Director.

   IAOC: IETF Administrative Oversight Committee, a committee that
   oversaw IETF administrative activity.  The IAOC is obsoleted by this
   document and replaced by the IETF LLC Board.  The IETF Trust was
   formerly populated by IAOC members.  Its membership is now distinct
   from that of the IETF LLC Board (See [I-D.ietf-iasa2-trust-update]).)

   IASA: The IETF Administrative Support Activity, consists of the IETF
   LLC board, employees, and contractors.  Uses of the term 'IASA' as a
   proper noun may imply a subset of these roles, or all of them.

   IASA 2.0: Version 2.0 of the IETF Administrative Support Activity,
   defined by this document.

   IESG: Internet Engineering Steering Group (see [RFC2026], [RFC3710]).

   IETF: Internet Engineering Task Force (see [RFC3233]).

   IETF Administration LLC: The legal entity - a disregarded Limited
   Liability Company (LLC) of The Internet Society - established to
   provide a corporate legal framework for facilitating current and
   future activities related to the IETF, IAB, and IRTF.  It was
   established by the ISOC/IETF LLC Agreement ([IETF-LLC-A]) and is
   referred to as "IETF LLC."

   IETF LLC Executive Director: the Executive Director for the IETF LLC,
   responsible for day-to-day administrative and operational direction
   (See Section 5.1).  Also referred to as "IETF Executive Director".

   IETF LLC Board: The Board of Directors of the IETF LLC.  The IETF LLC
   Board is formally a multi-member "manager" of the IETF LLC on behalf
   of ISOC (See Section 5.2).

   ISOC: Internet Society (see [I-D.ietf-iasa2-rfc2031bis] and [ISOC]).



Haberman, et al.        Expires October 14, 2019                [Page 5]

Internet-Draft                    IASA2                       April 2019


4.2.  Key Differences From the Old IASA Structure to IASA 2.0

   o  The IAOC and IAD roles defined in RFC 4071 are eliminated.

   o  The former ISOC and IAD responsibilities are assigned to a new
      organization, IETF Administration LLC.

   o  The Board of Directors of the IETF LLC - formally a multi-member
      "manager" of the IETF LLC on behalf of ISOC - assumes the
      oversight responsibilities from the IAOC.

   o  The Board of the IETF LLC is more focused on strategy and
      oversight than the IAOC was, with the IETF Executive Director and
      their team in charge of day-to-day operations.

   o  The IAD role is replaced with the IETF Executive Director role.

   o  The role that was previously referred to as "IETF Executive
      Director" in older documents such as [RFC2026] is now "Managing
      Director, IETF Secretariat".

4.3.  General IETF LLC Responsibilities

   The IETF LLC is established to provide administrative support to the
   IETF.  It has no authority over the standards development activities
   of the IETF.

   The responsibilities of the IETF LLC are:

   o  Operations.  The IETF LLC is responsible for supporting the
      ongoing operations of the IETF, including meetings and non-meeting
      activities.

   o  Finances.  The IETF LLC is responsible for managing the IETF's
      finances and budget.

   o  Fundraising.  The IETF LLC is responsible for raising money on
      behalf of the IETF.

   o  Compliance.  The IETF LLC is responsible for establishing and
      enforcing policies to ensure compliance with applicable laws,
      regulations, and rules.

   The manner by which these responsibilities under the IETF LLC are
   organized is intended to address the problems described in Sections
   3.1.1., 3.1.2, and 3.1.3 of [I-D.haberman-iasa20dt-recs].
   Specifically, this is intended to bring greater clarity around roles,
   responsibilities, representation, decision-making, and authority.



Haberman, et al.        Expires October 14, 2019                [Page 6]

Internet-Draft                    IASA2                       April 2019


   In addition, by having the IETF LLC manage the IETF's finances and
   conduct the IETF's fundraising, confusion about who is responsible
   for representing the IETF to sponsors and who directs the uses of
   sponsorship funds should have been eliminated.  Finally, having the
   IETF LLC reside in a defined, distinct legal entity, and taking
   responsibility for operations, enables the organization to execute
   its own contracts without the need for review and approval by ISOC.

4.4.  IETF LLC Working Principles

   The IETF LLC is expected to conduct its work according to the
   following principles:

   o  Transparency.  The IETF LLC is expected to keep the IETF community
      informed about its work, subject to reasonable confidentiality
      concerns, and to engage with the community to obtain consensus-
      based community input on key issues and otherwise as needed.  The
      IETF community expects complete visibility into the financial and
      legal structure of the IETF LLC.  This includes information about
      the IETF LLC annual budget and associated regular financial
      reports, results of financial and any other independent audits,
      tax filings, significant contracts or other significant long-term
      financial commitments that bind the IETF LLC.  Whatever doesn't
      have a specific justification for being kept confidential is
      expected to be made public.  The Board is expected to develop and
      maintain a public list of confidential items, describing the
      nature of the information and the reason for confidentiality.  The
      Board will also publish its operating procedures.

   o  Responsiveness to the community.  The IETF LLC is expected to act
      consistently with the documented consensus of the IETF community,
      to be responsive to the community's needs, and to adapt its
      decisions in response to consensus-based community feedback.

   o  Diligence.  The IETF LLC is expected to act responsibly so as to
      minimize risks to IETF participants and to the future of the IETF
      as a whole, such as financial risks.

   o  Unification: The IETF LLC provides the corporate legal home for
      the IETF, the Internet Architecture Board (IAB), and the Internet
      Research Task Force (IRTF), and financial support for the
      operation of the RFC Editor.

   o  Transfer or Dissolution: Consistent with [IETF-LLC-A], the IETF
      LLC subsidiary may be transferred from ISOC to another
      organization, at the request of either party.  Similarly, the IETF
      LLC may be dissolved if necessary.  Should either event occur, the
      IETF community should be closely involved in any decisions and



Haberman, et al.        Expires October 14, 2019                [Page 7]

Internet-Draft                    IASA2                       April 2019


      plans.  Any transfer, transition, or dissolution should be
      conducted carefully and with minimal potential disruption to the
      IETF.

   The transparency and responsiveness principles are designed to
   address the concern outlined in Section 3.3 of
   [I-D.haberman-iasa20dt-recs] about the need for improved timeliness
   of sharing of information and decisions and seeking community
   comments.  The issue of increased transparency was important
   throughout the IASA 2.0 process, with little to no dissent.  It was
   recognized that there will naturally be confidentiality requirements
   about some aspects of contracting, personnel matters, and other
   narrow areas.

4.5.  Principles of the IETF and ISOC Relationship

   The principles of the relationship between the IETF and ISOC are
   outlined in [I-D.ietf-iasa2-rfc2031bis].  In short, the IETF is
   responsible for the development of the Internet Standards and ISOC
   aids the IETF by providing it a legal entity within which the IETF
   LLC exists, as well as with financial support.

4.6.  Relationship of the IETF LLC Board to the IETF Leadership

   The IETF LLC Board is directly accountable to the IETF community for
   the performance of the IASA 2.0.  However, the nature of the Board's
   work involves treating the IESG, IRTF, and IAB as major internal
   customers of the administrative support services.  The Board and the
   IETF Executive Director should not consider their work successful
   unless the IESG, IRTF, and IAB are also satisfied with the
   administrative support that the IETF is receiving.

4.7.  Review of IETF Executive Director and IETF LLC Board Decisions

   The IETF LLC Board is directly accountable to the IETF community for
   the performance of the IASA 2.0, including hiring and managing the
   IETF Executive Director.  In extreme cases of dissatisfaction with
   the IETF LLC, the IETF community can utilize the recall process as
   noted in Section 6.7.

   Anyone in the community of IETF participants may ask the Board for a
   formal review of a decision or action by the IETF Executive Director
   or Board if they believe this was not undertaken in accordance with
   IETF BCPs or IETF LLC Board policies and procedures.

   A formal request for review must be addressed to the IETF LLC Board
   chair and must include a description of the decision or action to be
   reviewed, an explanation of how, in the requestor's opinion, the



Haberman, et al.        Expires October 14, 2019                [Page 8]

Internet-Draft                    IASA2                       April 2019


   decision or action violates the BCPs or IASA 2.0 operational
   guidelines, and a suggestion for how the situation could be
   rectified.

   The IETF LLC shall respond to such requests within a reasonable
   period, typically within 90 days, and shall publicly publish
   information about the request and the corresponding response and/or
   result.

4.8.  Termination and Change

   Any major change to the IASA 2.0 arrangements shall require community
   consensus and deliberation and shall be reflected by a subsequent
   Best Current Practice (BCP) document.

5.  Structure of IASA2

5.1.  IETF Executive Director and Staff Responsibilities

   The IETF LLC is led by an IETF Executive Director chosen by the
   Board.  The IETF Executive Director is responsible for managing the
   day-to-day operations of the IETF LLC, including hiring staff to
   perform various operational functions.  The IETF Executive Director
   and any staff may be employees or independent contractors.

   Allowing for the division of responsibilities among multiple staff
   members and contractors is designed to address some of the concerns
   raised in Section 3.2 (Lack of Resources) and Section 3.4 (Funding/
   Operating Model Mismatch and Rising Costs) of
   [I-D.haberman-iasa20dt-recs].

   Based on the amount of work previously undertaken by the IAD and
   others involved in the IETF administration, the design of the IETF
   LLC anticipated that the IETF Executive Director may need to hire
   multiple additional staff members.  For example, resources to manage
   fundraising, to manage the various contractors that are engaged to
   fulfill the IETF's administrative needs, and to support outreach and
   communications were envisioned.

   The IETF has historically benefited from the use of contractors for
   accounting, finance, meeting planning, administrative assistance,
   legal counsel, tools, and web site support, as well as other services
   related to the standards process (RFC Editor and IANA).  Prior to
   making the transition from IASA to IASA 2.0, the IETF budget
   reflected specific support from ISOC for communications and
   fundraising as well as some general support for accounting, finance,
   legal, and other services.  The division of responsibilities between




Haberman, et al.        Expires October 14, 2019                [Page 9]

Internet-Draft                    IASA2                       April 2019


   staff and contractors is at the discretion of the IETF Executive
   Director and their staff.

   The IETF has a long history of community involvement in the execution
   of certain administrative functions, in particular development of
   IETF tools, the NOC's operation of the meeting network, and some
   outreach and communications activities conducted by the Education and
   Mentoring Directorate.  The IETF LLC staff is expected to respect the
   IETF community's wishes about community involvement in these and
   other functions going forward as long as the staff feels that they
   can meet the otherwise-stated needs of the community.  Establishing
   the framework to allow the IETF LLC to staff each administrative
   function as appropriate may require the IETF community to document
   its consensus expectations in areas where no documentation currently
   exists.

   In summary, the IETF Executive Director, with support from the team
   that they alone direct and lead, is responsible for:

   o  Developing and refining an annual budget and other strategic
      financial planning documents at the direction of the Board.

   o  Executing on the annual budget, including reporting to the Board
      regularly with forecasts and actual performance to budget.

   o  Hiring and/or contracting the necessary resources to meet their
      goals, within the defined limits of the IETF Executive Director's
      authority and within the approved budget.  This includes managing
      and leading any such resources, including performing regular
      performance reviews.

   o  Following the pre-approval guidelines set forth by the Board for
      contracts or other decisions that have financial costs that exceed
      a certain threshold of significance.  Such thresholds are expected
      to be set reasonably high so that the need for such approvals is
      infrequent and only occurs when something is truly significant or
      otherwise exceptional.  It is expected that the IETF Executive
      Director is sufficiently empowered to perform the job on a day-to-
      day basis, being held accountable for meeting high level goals
      rather than micromanaged.

   o  Regularly updating the Board on operations and other notable
      issues as reasonable and appropriate.

   o  Ensuring that all staff and/or other resources comply with any
      applicable policies established or approved by the Board, such as
      ethics guidelines and/or a code of conduct.




Haberman, et al.        Expires October 14, 2019               [Page 10]

Internet-Draft                    IASA2                       April 2019


5.2.  IETF LLC Board Responsibilities

   This section is intended to provide a summary of key IETF LLC Board
   responsibilities, but the precise and legally binding
   responsibilities are defined in the LLC Agreement [IETF-LLC-A] and
   applicable law.  To the extent to which there are unintentional
   differences or other confusion between this document and these
   authoritative sources, these sources will control over this document.

   Board members have fiduciary obligations imposed by the LLC Agreement
   and applicable law, including duties of loyalty, care and good faith.
   The Board is responsible to set broad strategic direction for the
   LLC, and adopt an annual budget, hire or terminate an IETF Executive
   Director (or amend the terms of their engagement), adopt any employee
   benefit plans, consult the relevant IETF communities on matters
   related to the LLC as appropriate, approve any changes to the LLC
   governance structure, incur any debt, and approve entering into
   agreements that meet a significant materiality threshold to be
   determined by the Board.  The IETF LLC Board is expected to delegate
   management of day-to-day activities and related decision-making to
   staff.

   Per Section 5(d) of the LLC Agreement and as also described in
   Section 4.4, the Board shall, as appropriate, act transparently and
   provide the IETF community with an opportunity to review and discuss
   any proposed changes to the IETF LLC structure prior to their
   adoption.

   The role of the Board is to ensure that the strategy and conduct of
   the IETF LLC is consistent with the IETF's needs - both its concrete
   needs and its needs for transparency and accountability.  The Board
   is not intended to directly define the IETF's needs; to the extent
   that is required, the IETF community should document its needs in
   consensus-based RFCs (e.g., as the community did in
   [I-D.ietf-mtgvenue-iaoc-venue-selection-process]) and provide more
   detailed input via consultations with the Board (such as takes place
   on email discussion lists or at IETF meetings).

   Key IETF LLC Board responsibilities include:

   o  Set broad strategic direction for the LLC.

   o  Hire or terminate an IETF Executive Director (or amending the
      terms of their engagement).

   o  Delegate management of day-to-day activities and related decision-
      making to staff.




Haberman, et al.        Expires October 14, 2019               [Page 11]

Internet-Draft                    IASA2                       April 2019


   o  Adopt any employee benefit plans.

   o  Consult the relevant IETF communities on matters related to the
      LLC, as appropriate.

   o  Approve any changes to the LLC governance structure.

   o  Adopt an annual budget and, as necessary, incur any debt.

   o  Prepare accurate and timely financial statements for ISOC, and in
      accordance with generally accepted accounting principles.

   o  Provide assistance to help facilitate ISOC's tax compliance,
      including but not limited to assistance related to preparing the
      Form 990 and responding to any IRS questions and audits.

   o  Approve entering into agreements that that meet a significant
      materiality threshold to be determined by the Board.

   o  Limit its activities to the purposes as set forth in Section 4 of
      the LLC Agreement, in a manner consistent with ISOC's charitable
      purposes.

   o  Establish an investment policy.

   o  Use best efforts to conduct all of its activities in strict
      compliance with the LLC Agreement and all applicable laws, rules
      and regulations.

   o  Ensure that IETF LLC is run in a manner that is transparent and
      accountable to the IETF community;

   o  Develop policies, including those noted in Section 8), procedures,
      and a compliance program.

   o  Obtain Commercial General Liability and other appropriate
      insurance policies, with agreed-upon coverage limits.

   o  Recruit new Directors for consideration in all of the various
      appointment processes.

5.3.  Board Design Goals

   A goal of this Board composition is to balance the need for the IETF
   LLC to be accountable to the IETF community with the need for this
   Board to have the expertise necessary to oversee a small non-profit
   company.  The Board is smaller than the previous IAOC and the other
   leadership bodies of the IETF, in part to keep the Board focused on



Haberman, et al.        Expires October 14, 2019               [Page 12]

Internet-Draft                    IASA2                       April 2019


   its rather limited set of strategic responsibilities as noted in
   Section 5.2.

   This board structure, with limited strategic responsibilities noted
   in Section 5.2 and limited size, together with the staff
   responsibilities noted in Section 5.1, is designed to overcome the
   challenges described in Section 3.1.4 of [I-D.haberman-iasa20dt-recs]
   concerning oversight.  This establishes a clear line of oversight
   over staff performance: the IETF LLC Board oversees the IETF
   Executive Director's performance and has actual legal authority to
   remove a non-performing IETF Executive Director.  The IETF Executive
   Director is responsible for the day-to-day operation of the IETF LLC.

   Finally, the Board would be expected to operate transparently, to
   further address the concern raised in Section 3.3 of
   [I-D.haberman-iasa20dt-recs].  The default transparency rule arrived
   at during the IASA 2.0 design process is detailed above in
   Section 4.4.  The Board will need to establish how it will meet that
   commitment.

6.  IETF LLC Board Membership, Selection and Accountability

   The section outlines the composition of the IETF LLC Board, selection
   of IETF LLC Board Directors, and related details.

6.1.  Board Composition

   There is a minimum of 5 directors, expandable to 6 or 7.

   o  1 IETF Chair or delegate selected by the IESG

   o  1 Appointed by the ISOC Board of Trustees

   o  3 Selected by the IETF NomCom, confirmed by the IESG

   o  Up to 2 Appointed by the IETF LLC board itself, on an as-needed
      basis, confirmed by the IESG

   For the first slot listed above, the presumption is that the IETF
   Chair will serve on the board.  At the IESG's discretion, another
   area director may serve instead, or exceptionally the IESG may run a
   selection process to appoint a director.  The goal of having this
   slot on the board is to maintain coordination and communication
   between the board and the IESG.







Haberman, et al.        Expires October 14, 2019               [Page 13]

Internet-Draft                    IASA2                       April 2019


6.2.  IETF LLC-Appointed Directors

   As noted above, a maximum of two Directors may be appointed by the
   IETF LLC Board.  They can obviously choose to appoint none, one, or
   two.  These appointments need not be on an exceptional basis, but can
   be routine, and may occur at any time of the year since it is on an
   as-needed basis.

   The appointment of a Board-appointed Director requires a two-thirds
   majority vote of the Directors then in office, and the appointee
   shall take office immediately upon appointment and IESG confirmation.
   The term of each appointment is designated by the Board, with the
   maximum term being three years, or until their earlier resignation,
   removal or death.  The Board may decide on a case-by-case basis how
   long each term shall be, factoring in the restriction for consecutive
   terms in Section 6.5.

6.3.  Recruiting IETF LLC Board Directors

   The Board itself is expected to take an active role in recruiting
   potential new Directors, regardless of the process that may be used
   to appoint them.  In particular, the NomCom is primarily focused on
   considering requirements expressed by the Board and others, reviewing
   community feedback on candidates, conducting candidate interviews,
   and ultimately appointing Directors.  The Board and others can
   recruit potential Directors and get them into the consideration
   process of the NomCom or into open considerations processes of the
   other appointing bodies if those bodies choose to use such processes.

6.4.  IETF LLC Board Director Term Length

   The term length for a Director is three years.  The exceptions to
   this guideline are:

   o  For the terms for some Directors during the first full formation
      of the IETF LLC Board in order to establish staggered terms and
      for any appointments to fill a vacancy.

   o  The Director slot occupied by the IETF Chair ex officio or a
      delegate selected by the IESG will serve a two-year term.  This
      applies regardless of whether the appointed individual is on the
      IESG, rotates off the IESG during the two-year term, or is not on
      the IESG.  This makes the term length for this slot the same as
      the term lengths established in [I-D.ietf-iasa2-rfc7437bis],
      Section 3.4.






Haberman, et al.        Expires October 14, 2019               [Page 14]

Internet-Draft                    IASA2                       April 2019


6.5.  IETF LLC Board Director Limit

   A director may serve no more than two consecutive terms.  A director
   cannot serve a third term until three years have passed since their
   second consecutive term.  An exception is if a Director role is
   occupied by the IETF Chair ex officio, since that person's service is
   governed instead by the term lengths established in
   [I-D.ietf-iasa2-rfc7437bis], Section 3.4.

   The term limits specified above apply to an individual, even if that
   individual is appointed in different ways over time.  For example, an
   individual appointed to two terms by the ISOC Board of Trustees may
   not immediately be appointed to a third term by the IETF NomCom.  A
   Director appointed by the IETF LLC itself may only serve for one term
   by that appointment method, and any subsequent terms would have to be
   via other methods; in any case, the term limits above apply to that
   individual.

   Lastly, partial terms of less than three years for the initial
   appointments to the first full board, for which some Directors will
   have terms of one or two years, do not count against the term limit.

   The limit on consecutive terms supports the healthy regular
   introduction of new ideas and energy into the Board and mitigates
   potential long-term risk of ossification or conflict, without
   adversely impacting the potential pool of director candidates over
   time.

6.6.  Staggered Terms

   The Internet Society Board of Trustees, the IESG, the Nominating
   Committee, and the Board are expected to coordinate with each other
   to ensure that collectively their appointment or selection processes
   provide for no more than three Directors' terms concluding in the
   same year.

6.7.  IETF LLC Board Director Removal

   NomCom-appointed and IESG-appointed Directors may be removed with or
   without cause.  A vote in favor of removal must be no fewer than the
   number of Directors less two.  So for example, if there are seven
   directors, then five votes are required.  Directors may also be
   removed via the IETF recall process defined in
   [I-D.ietf-iasa2-rfc7437bis], Section 7.







Haberman, et al.        Expires October 14, 2019               [Page 15]

Internet-Draft                    IASA2                       April 2019


6.8.  Filling an IETF LLC Board Director Vacancy

   It shall be the responsibility of each respective body that appointed
   or selected a Director that vacates the Board to appoint a new
   Director to fill the vacancy.  For example, if a Director selected by
   the NomCom departs the Board prior to the end of their term for
   whatever reason, then it is the responsibility of the NomCom (using
   its mid-term rules, as specified in [I-D.ietf-iasa2-rfc7437bis],
   Section 3.5) as the original appointing body to designate a
   replacement that will serve out the remainder of the term of the
   departed Director.  However, this obligation will not apply to
   vacancies in Board-appointed positions.

6.9.  Quorum

   At all meetings of the Board, two-thirds of the Directors then in
   office shall constitute a quorum for the transaction of business.
   Unless a greater affirmative vote is expressly required for an action
   under applicable law, the LLC Agreement, or an applicable Board
   policy, the affirmative vote of two-thirds of the Directors then in
   office shall be an act of the Board.

6.10.  Board Voting

   Board decisions may be made either by vote communicated in a meeting
   of the Board (including telephonic and video), or via an asynchronous
   written (including electronic) process.  Absentee voting and voting
   by proxy shall not be permitted.  If a quorum is not present at any
   meeting of the Board, the Directors present may adjourn the meeting
   without notice, other than announcement at the meeting, until a
   quorum is present.  Voting thresholds for Director removal are
   described in Section 6.7.

6.11.  Interim Board

   An initial interim Board was necessary in order to legally form and
   bootstrap the IETF LLC.  As a result, an Interim Board was formed on
   a temporary basis until the first full board was constituted.

   The interim Board was comprised of:

   o  The IETF chair, ex officio

   o  The IAOC chair, ex officio

   o  The IAB chair, ex officio

   o  One ISOC trustee, selected by the ISOC Board of Trustees



Haberman, et al.        Expires October 14, 2019               [Page 16]

Internet-Draft                    IASA2                       April 2019


6.12.  Board Positions

   Following the formation of the first permanent Board, and annually
   thereafter, the Directors shall elect a Director to serve as Board
   Chair by majority vote.  The IETF, IAB and IRTF chairs, and the chair
   of ISOC's Board, will be ineligible for this Board Chair role.  The
   Board may also form committees of the Board and/or define other roles
   for Board Directors as necessary.

7.  IETF LLC Funding

   The IETF LLC must function within a budget of costs balanced against
   limited revenues.  The IETF community expects the IETF LLC to work to
   attain that goal, in order to maintain a viable support function that
   provides the environment within which the work of the IETF, IAB,
   IRTF, and RFC Editor can remain vibrant and productive.

   The IETF LLC was generating income from a few key sources at the time
   that this document was written, as enumerated below.  Additional
   sources of income may be developed in the future, within the general
   bounds noted in Section 7.8, and some of these may decline in
   relevance or go away.  As a result this list is subject to change
   over time and is merely an example of the primary sources of income
   for the IETF LLC at the time of this writing:

   1.  ISOC support

   2.  IETF meeting revenues

   3.  Sponsorships (monetary and/or in-kind)

   4.  Donations (monetary and/or in-kind)

7.1.  Financial Statements

   As noted in Section 5.2, the IETF LLC must comply with relevant tax
   laws, such as filing an annual IRS Form 990.  Other official
   financial statements may also be required.

   In addition to these official financial statements and forms, the
   IETF LLC is also expected to report on a regular basis to the IETF
   community on the current and future annual budget, budget forecasts
   vs. actuals over the course of a fiscal year, and on other
   significant projects as needed.  This regular reporting to the IETF
   community is expected to be reported in the form of standard
   financial statements that reflect the income, expenses, assets, and
   liabilities of the IETF LLC.




Haberman, et al.        Expires October 14, 2019               [Page 17]

Internet-Draft                    IASA2                       April 2019


7.2.  Bank and Investment Accounts

   The IETF LLC maintains its own bank account, separate and distinct
   from ISOC.  The IETF LLC may at its discretion create additional
   accounts as needed.  Similarly, the IETF LLC may as needed create
   investment accounts in support of its financial goals and objectives.

7.3.  Financial Audits

   The IETF LLC is expected to retain and work with an independent
   auditor.  Reports from the auditor are expected to be shared with the
   IETF community and other groups and organizations as needed or as
   required by law.

7.4.  ISOC Financial Support

   ISOC currently provides significant financial support to the IETF
   LLC.  Exhibit B of the [IETF-LLC-A] summarizes the financial support
   from ISOC for the foreseeable future.  It is expected that this
   support will be periodically reviewed and revised, via a cooperative
   assessment process between ISOC and the IETF LLC.

7.5.  IETF Meeting Revenues

   Meeting revenues are another important source of funding that
   supports the IETF, coming mainly from the fees paid by IETF meeting
   participants.  The IETF Executive Director sets those meeting fees,
   in consultation with other IETF LLC staff and the IETF community,
   with approval by the IETF LLC Board.  Setting these fees and
   projecting the number of participants at future meetings is a key
   part of the annual budget process.

7.6.  Sponsorships and Donations to the IETF LLC

   Sponsorships and donations are an essential component of the
   financial support for the IETF.  Within the general bounds noted in
   Section 7.8, the IETF LLC is responsible for fundraising activities
   in order to establish, maintain, and grow a strong foundation of
   donation revenues.  This can and does include both direct financial
   contributions as well as in-kind contributions, such as equipment,
   software licenses, and services.

   Sponsorships and donations to the IETF LLC do not (and must not)
   convey to sponsors and donors any special oversight or direct
   influence over the IETF's technical work or other activities of the
   IETF or IETF LLC.  This helps ensure that no undue influence may be
   ascribed to those from whom funds are raised, and so helps to
   maintain an open and consensus-based IETF standards process.



Haberman, et al.        Expires October 14, 2019               [Page 18]

Internet-Draft                    IASA2                       April 2019


   To the extent that the IETF LLC needs to undertake any significant
   special projects for the IETF, the IETF LLC may need to fundraise
   distinctly for those special projects.  As a result, the IETF LLC may
   conduct fundraising to support the IETF in general as well as one or
   more special fundraising efforts (which may also be accounted for
   distinctly and be held in a separate bank account or investment, as
   needed).

7.7.  Focus of Funding Support

   The IETF LLC exists to support the IETF, IAB, and IRTF.  Therefore,
   the IETF LLC's funding and all revenues, in-kind contributions, and
   other income that comprise that funding shall be used solely to
   support activities related to the IETF, IAB, IRTF, and RFC Editor,
   and for no other purposes.

7.8.  Charitable Fundraising Practices

   When the IETF LLC conducts fundraising, it substantiates charitable
   contributions on behalf of ISOC - meaning that according to US tax
   law, the IETF LLC must send a written acknowledgment of contributions
   to donors.  The IETF LLC evaluates and facilitates state, federal,
   and other applicable law and regulatory compliance for ISOC and/or
   the LLC with respect to such fundraising activities.  In addition,
   the IETF LLC ensures that all fundraising activities are conducted in
   compliance with any policies developed by the IETF LLC, including but
   not limited to those noted in Section 8.

7.9.  Operating Reserve

   An initial target operating reserve has been specified in Exhibit B
   of the [IETF-LLC-A].  That says that the IETF LLC should maintain an
   operating reserve equal to the IETF LLC's budgeted Net Loss for 2019
   multiplied times three.  The IETF LLC, in cooperation with ISOC, may
   regularly review the financial target for this reserve fund, as noted
   in the [IETF-LLC-A] or as otherwise necessary.

   Should the IETF LLC generate an annual budget surplus, it may choose
   to direct all or part of the surplus towards the growth of the
   operating reserve.

7.10.  Annual Budget Process

   As noted in Section 4.3, the IETF LLC is responsible for managing the
   IETF's finances and budget.  A key part of this responsibility is
   establishing, maintaining, and successfully meeting an annual budget.
   This is essential to the continued operation and vibrancy of the
   IETF's technical activities and establishes trust with ISOC,



Haberman, et al.        Expires October 14, 2019               [Page 19]

Internet-Draft                    IASA2                       April 2019


   sponsors, and donors that funds are being appropriately spent, and
   that financial oversight is being conducted properly.  This is also
   essential to the IETF LLC meeting applicable legal and tax
   requirements and is a core part of the Board's fiduciary
   responsibilities.

   As explained in Section 5.1, the IETF Executive Director is expected
   to develop, execute, and report on the annual budget.  Regular
   reporting is expected to include forecast vs. budget statements,
   including updated projections of income and expenses for the full
   fiscal year.

   The Board, as explained in Section 5.2, is expected to review and
   approve the budget, as well as to provide ongoing oversight of the
   budget and of any other significant financial matters.

   The annual budget is expected to be developed in an open,
   transparent, and collaborative manner, in accordance with
   Section 4.4.  The specific timeline for the development, review, and
   approval of the IETF LLC annual budget is established by the Board
   and may be revised as needed.

8.  IETF LLC Policies

   The Board is expected to maintain policies as necessary to achieve
   the goals of the IETF LLC, meet transparency expectations of the
   community, comply with applicable laws or regulations, or for other
   reasons as appropriate.  All policies are expected to be developed
   with input from the IETF community.  Some policies provided by ISOC
   and past policies developed by the previous IAOC may provide a useful
   starting point for the Board to consider.

8.1.  Conflict of Interest Policy

   The Board is expected to maintain a Conflict of Interest policy for
   the IETF LLC.  While the details are determined by the Board, at a
   minimum such policy is expected to include the following:

   o  The IETF, ISOC Board, IAB, or IRTF chair cannot be chair of the
      IETF LLC Board, though they may serve as a Director.

   o  A Director cannot be a paid consultant or employee of the IETF
      Executive Director or their sub-contractors, nor a paid consultant
      or employee of ISOC.







Haberman, et al.        Expires October 14, 2019               [Page 20]

Internet-Draft                    IASA2                       April 2019


8.2.  Other Policies

   The Board is expected to maintain additional policies for the IETF
   LLC as necessary, covering Directors, employees, and contractors,
   concerning issues such as:

   o  Acceptance of gifts and other non-cash compensation;

   o  Travel and expense reimbursement;

   o  Anti-bribery;

   o  Code of conduct;

   o  Anti-harassment;

   o  Non-discrimination;

   o  Whistleblower;

   o  Document retention;

   o  Export controls;

   o  Anti-terrorism sanctions;

   o  Data protection and privacy;

   o  Social media

8.3.  Compliance

   The IETF LLC is expected to implement a compliance program to ensure
   its compliance with all applicable laws, rules and regulations,
   including without limitation laws governing bribery, anti-terrorism
   sanctions, export controls, data protection/privacy, as well as other
   applicable policies noted in Section 8.  In addition, actions and
   activities of the IETF LLC must be consistent with 501(c)(3)
   purposes.

   The IETF LLC is expected report to ISOC and the IETF community on the
   implementation of its compliance plan on an annual basis.

9.  Three-Year Assessment

   The IETF LLC, with the involvement of the community, shall conduct
   and complete an assessment of the structure, processes, and operation
   of IASA 2.0 and the IETF LLC.  This should be presented to the



Haberman, et al.        Expires October 14, 2019               [Page 21]

Internet-Draft                    IASA2                       April 2019


   community after a period of roughly three years of operation.  The
   assessment may potentially include recommendations for improvements
   or changes to the IASA2 and/or IETF LLC.

10.  Security Considerations

   This document describes the structure of the IETF's Administrative
   Support Activity (IASA), version 2 (IASA2).  It introduces no
   security considerations for the Internet.

11.  IANA Considerations

   This document has no IANA considerations in the traditional sense.
   However, some of the information in this document may affect how the
   IETF standards process interfaces with the IANA, so the IANA may be
   interested in the contents.

12.  Pronouns

   This document has used "they" and "their" as a non-gender-specific
   pronoun to refer to a single individual.

13.  Acknowledgments

   Thanks to Jari Arkko, Richard Barnes, Brian E Carpenter, Alissa
   Cooper, John C Klensin, Bob Hinden, Jon Peterson, Sean Turner and the
   IASA2 Working Group for discussions of possible structures, and to
   the attorneys of Morgan Lewis and Brad Biddle for legal advice.

14.  References

14.1.  Normative References

   [I-D.ietf-iasa2-rfc2031bis]
              Camarillo, G. and J. Livingood, "The IETF-ISOC
              Relationship", draft-ietf-iasa2-rfc2031bis-04 (work in
              progress), February 2019.

   [I-D.ietf-iasa2-rfc7437bis]
              Kucherawy, M., Hinden, R., and J. Livingood, "IAB, IESG,
              IETF Trust and IETF LLC Selection, Confirmation, and
              Recall Process: Operation of the IETF Nominating and
              Recall Committees", draft-ietf-iasa2-rfc7437bis-06 (work
              in progress), March 2019.







Haberman, et al.        Expires October 14, 2019               [Page 22]

Internet-Draft                    IASA2                       April 2019


   [IETF-LLC-A]
              The Internet Society, "Limited Liability Company Agreement
              of IETF Administration LLC", August 2018,
              <https://www.ietf.org/documents/180/
              IETF-LLC-Agreement.pdf>.

14.2.  Informative References

   [I-D.haberman-iasa20dt-recs]
              Haberman, B., Arkko, J., Daigle, L., Livingood, J., Hall,
              J., and E. Rescorla, "IASA 2.0 Design Team
              Recommendations", draft-haberman-iasa20dt-recs-03 (work in
              progress), November 2018.

   [I-D.ietf-iasa2-trust-update]
              Arkko, J. and T. Hardie, "Update to the Process for
              Selection of Trustees for the IETF Trust", draft-ietf-
              iasa2-trust-update-03 (work in progress), February 2019.

   [I-D.ietf-mtgvenue-iaoc-venue-selection-process]
              Lear, E., "IETF Plenary Meeting Venue Selection Process",
              draft-ietf-mtgvenue-iaoc-venue-selection-process-16 (work
              in progress), June 2018.

   [ISOC]     The Internet Society, "Amended and restated By-Laws of the
              Internet Society", July 2018,
              <https://www.internetsociety.org/about-internet-society/
              governance-policies/by-laws/>.

   [RFC2014]  Weinrib, A. and J. Postel, "IRTF Research Group Guidelines
              and Procedures", BCP 8, RFC 2014, DOI 10.17487/RFC2014,
              October 1996, <https://www.rfc-editor.org/info/rfc2014>.

   [RFC2026]  Bradner, S., "The Internet Standards Process -- Revision
              3", BCP 9, RFC 2026, DOI 10.17487/RFC2026, October 1996,
              <https://www.rfc-editor.org/info/rfc2026>.

   [RFC2850]  Internet Architecture Board and B. Carpenter, Ed.,
              "Charter of the Internet Architecture Board (IAB)",
              BCP 39, RFC 2850, DOI 10.17487/RFC2850, May 2000,
              <https://www.rfc-editor.org/info/rfc2850>.

   [RFC3233]  Hoffman, P. and S. Bradner, "Defining the IETF", BCP 58,
              RFC 3233, DOI 10.17487/RFC3233, February 2002,
              <https://www.rfc-editor.org/info/rfc3233>.






Haberman, et al.        Expires October 14, 2019               [Page 23]

Internet-Draft                    IASA2                       April 2019


   [RFC3710]  Alvestrand, H., "An IESG charter", RFC 3710,
              DOI 10.17487/RFC3710, February 2004,
              <https://www.rfc-editor.org/info/rfc3710>.

   [RFC4071]  Austein, R., Ed. and B. Wijnen, Ed., "Structure of the
              IETF Administrative Support Activity (IASA)", BCP 101,
              RFC 4071, DOI 10.17487/RFC4071, April 2005,
              <https://www.rfc-editor.org/info/rfc4071>.

   [RFC4333]  Huston, G., Ed. and B. Wijnen, Ed., "The IETF
              Administrative Oversight Committee (IAOC) Member Selection
              Guidelines and Process", BCP 113, RFC 4333,
              DOI 10.17487/RFC4333, December 2005,
              <https://www.rfc-editor.org/info/rfc4333>.

   [RFC7691]  Bradner, S., Ed., "Updating the Term Dates of IETF
              Administrative Oversight Committee (IAOC) Members",
              BCP 101, RFC 7691, DOI 10.17487/RFC7691, November 2015,
              <https://www.rfc-editor.org/info/rfc7691>.

Authors' Addresses

   Brian Haberman
   Johns Hopkins University

   Email: brian@innovationslab.net


   Joseph Lorenzo Hall
   CDT

   Email: joe@cdt.org


   Jason Livingood
   Comcast

   Email: jason_livingood@comcast.com













Haberman, et al.        Expires October 14, 2019               [Page 24]