There has apparently been no comments on these.... I thought I'd make a pass...
Some thoughts: S1, para 3: s/Such support includes/The support for current work includes/
this works either way for me - "current" seems to say "the next sentences describe what is currently done, and the future may be different".
Suggest that we accept the edit.
Fine.
S1, Para 3:The IASA is also ultimately responsible for the financial activities associated with IETF administrative support such as collecting IETF meeting fees, paying invoices, managing budgets and financial accounts, and so forth.
Given that IETF/IASA is operating as some sort of subsidiary of ISOC, I'm not sure that IASA can be ultimately responsible for anything. s/ultimately/day-to-day/ or some such?
I'd go for just deleting "ultimately". The work may be contracted out, so it's not day-to-day, but "ultimately" is just trouble.
Also fine.
S1, para 4: 'and met well' ? Nice thought but what does it *actually* mean?
That we (the IETF) like the result? I would like this to stay, undefined as it is.
The only thing I would say here is that, whilst the IASA and the IAD are to be the IETF's servants (with will expressed by the IAOC in the normal course of events), asking them to 'meet something well' is in a sense asking them to second guess what we really meant rather than spelling it out properly in the first place. Are we really asking for them to be proactive rather totally reactive? This is usually what is meant when somebody gets an 'exceed' on their performance assessment: So why don't we spell it out.. make it quite clear that we are not after a passive servant but an organisation that thinks for itself to produce the best possible solution within the various constraints the IAD and IASA should be encouraged to advise the IETF/IAOC on best options for implementation and suggest ways in which processes could be improved.
S2.2: I know that US data protection laws and practices are not as well developed as European ones, but I think there ought to be some duty to protect the data and generate a suitable privacy policy, as well as keep it available. (Item 7).
I think there should be - but don't see a good way of capturing it here. I'd let it go for now and try to instruct the IASA later....
I' am happy with the words negotiated between Harald and Brian.
S2.2: Should the IASA be responsible for ensuring that the IETF (especially if it is run as a subsidiary) fulfils its legal and regulatory responsibilities? It certainly needs to maintain any records that might be needed for such purposes beyond just financial matters. I am not expert in US company law but I am sure there must be *some* things they would need to do.
Hm. Yes. It needs to deal with subpoenas and other irritations, for instance.
But this is a bit like saying "you are responsible for staying wet while in water"..... I can't think of text at the moment....
Responsibilities of the IAD: 'Working with ISOC to maintain records needed to fulfil the IETF's legal and regulatory duties, and providing information to allow IETF to respond in a timely fashion to any legal or regulatory requests.'
S3.1, para 3: This para states that signing powers will be delegated to the IAD up to some specified limit. Who has signing powers beyond this? This is just part of a much wider point about the actual powers of the IETF/IAOC and the relationship with ISOC which I will discuss at the end of these notes.
The text at the moment doesn't say exactly that - it says that "we'll work it out"...... I don't know what more it CAN say....
Can you make it clear that IAOC has a role in authorizing larger payments even if they actually have to be signed by ISOC president or whatever?
S3.1: I think this whole section should be much clearer about exactly what powers are delegated to the IAD to make commitments, as opposed to just negotiating: ISOC executes the contracts but the IAD will want to know that ISOC is a rubber stamp/back stop for this process and is not going to start second guessing him if he operates within the parameters set for him. This is related to the long discussion on Issue 739. There is also the potential for dispute between IAOC and IAD/ISOC which is not really addressed.
Not sure what to add here, if anything - this will have to be worked out in practical terms, and the IAOC will have to work out the details in cooperation with the ISOC President.
Should there be specific language?
The problem I saw was that the words seemed to be a little unclear as to whether the IAD could actually authorise contracts as well as negotiate them: does the signing power apply only to signing checks or also to signing contracts on behalf of ISOC?
s3.4: It would be nice to see a requirement that minutes were published in a set period or at least in a timely fashion after meetings, rather than just regularly.
Suggest s/regularly/in a timely fashion/. Easy change....
Good.
s4:While there are no hard rules regarding how the IAB and the IESG should select members of the IAOC, such appointees need not be current IAB or IESG members (and probably should not be, if only to avoid overloading the existing leadership). The IAB and IESG should choose people with some knowledge of contracts and financial procedures, who are familiar with the administrative support needs of the IAB, the IESG, or the IETF standards process. The IAB and IESG should follow a fairly open process for these selections, perhaps with an open call for nominations or a period of public comment on the candidates. The procedure for IAB selection of ISOC Board of Trustees [RFC3677] might be a good model for how this could work. After the IETF gains some experience with IAOC selection, these selection mechanisms should be documented more formally.
Given the comments in S3, para 1, should the appointees by 'regular members' of the IETF (i.e., people with a good track record of attending IETF meetings) as with NomCom members are their appointees?
Actually previous discussion indicates that we do NOT want to impose such a requirement - the people who know how to supervise a business construct like IASA are not the same people who know how to design an efficient transport protocol. So we want to have this open for "getting the right people", I think.
I would agree that the regular attendees are not necessarily the right candidates but S3 para 1 seems to imply they ought to be, so you may want to emphasise this greater freedom of action (and any limits on it) in S4.
Makes sense?
Harald
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf