IETF Nomcom S. Krishnan Internet-Draft J. Halpern Intended status: Standards Track Ericsson Expires: November 19, 2012 May 18, 2012 Requirements for IETF Nomcom tools draft-krishnan-nomcom-tools-00 Abstract This document defines the requirements for a set of tools for use by the IETF Nomcom. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on November 19, 2012. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Krishnan & Halpern Expires November 19, 2012 [Page 1] Internet-Draft Nomcom tools May 2012 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Meta requirement . . . . . . . . . . . . . . . . . . . . . . . 3 3. Authentication . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Security and Access Control . . . . . . . . . . . . . . . . . . 3 5. Nominations . . . . . . . . . . . . . . . . . . . . . . . . . . 4 6. Acceptances and Declines . . . . . . . . . . . . . . . . . . . 5 7. Questionnaires . . . . . . . . . . . . . . . . . . . . . . . . 5 8. Feedback Collection . . . . . . . . . . . . . . . . . . . . . . 6 9. Security considerations . . . . . . . . . . . . . . . . . . . . 6 10. Normative References . . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7 Krishnan & Halpern Expires November 19, 2012 [Page 2] Internet-Draft Nomcom tools May 2012 1. Introduction The IETF Nominations Committee (Nomcom) is a body that selects candidates for the open IESG, IAB and IAOC positions. There is a need for a set of tools to aid the Nomcom to operate efficiently. This document lays out a few requirements for such a tool 2. Meta requirement There is an existing tool for supporting Nomcom work. The set of requirements specified in this document are mainly enhancement requirements or behavior changes to the existing tool. Unless otherwise stated all of the current functions of the existing Nomcom tool need to be supported in the new tool as well. o META-001: The tool MUST provide all the functionality that is provided by the current Nomcom tool except in the cases where one of the requirements specified in this document overrides the current behavior. 3. Authentication All access to the Nomcom tools needs to be authenticated. The users of the tools may have different privileges based on their role. The tool needs to support at least three levels of access:Community member, Nomcom member, Nomcom chair. o AUTH-001: The tool MUST allow the members of the community to login with their existing ietf.org credentials. o AUTH-002: The tool MUST allow the members of the community to create a new login with an automated system. The system MUST verify that e-mail address used for creating the login. o AUTH-003: The tool MUST allow the Nomcom chair to input a list of email addresses to be provided the Nomcom member role. 4. Security and Access Control All communication between the community and the Nomcom and amongst the members of the Nomcom needs to be stored in an encrypted form. This information can only be accessed by the members of the Nomcom. o SEC-000: The security procedures for the tool MUST be structured so that even system administrators do not have routine or accidental visibility to the confidential feedback or discussion.. Krishnan & Halpern Expires November 19, 2012 [Page 3] Internet-Draft Nomcom tools May 2012 o SEC-001: The tool MUST allow the Nomcom chair to input a public key ("Nomcom public key"). o SEC-002: All communication sent to the Nomcom mailing list MUST be encrypted with the Nomcom public key before being committed to persistent storage. o SEC-003: All community feedback entered using the Nomcom tool MUST be encrypted with the Nomcom public key before being committed to persistent storage. o SEC-004: After logging in, the tool MUST allow the Nomcom members to input a private key ("Nomcom private key") that corresponds to the Nomcom public key. This key MUST be used to decrypt the feedback/communications that the member is trying to access. This entry should be flushed after the user logs out. o SEC-005: The data accumulated by the tool MUST be stored in a fashion that prevents accidental exposure of the data to people who administer the server(s) on which the data is stored. 5. Nominations After the Nomcom is consituted, the Nomcom chair issues a call for nominations for the open positions. There are two broad ways in which nominees are introduced into the system. The predominant way is that the nominations can be entered into the system directly by members of the community. The secondary way is that the nominees are entered in by the members of the Nomcom. In both of the cases an email address for the nominee needs to be entered into the tool. o NOM-001: The tool MUST allow the members of the community to enter nominations into the Public Nomcom tool. o NOM-002: The tool MUST allow the members of the Nomcom to enter nominations into the Private Nomcom tool. The tool MUST allow the Nomcom member to optionally enter information about the originator of the nomination. The tool MUST record the identity of the originator of the nomination for audit purposes. o NOM-003: The tool MUST allow the Nomcom chair to specify the format of the information that is required for the nominations o NOM-004: The tool MUST email the nominee after the nomination mentioning the position(s) that they have been nominated for. This email MUST NOT disclose to the nominee the identity of the person who performed the nomination. o NOM-005: The tool MUST allow the content of this email to be customized by the Nomcom chair. o NOM-006: The tool MUST automatically attach the questionnaires for the positions for which the nominee has been nominated to this email. Krishnan & Halpern Expires November 19, 2012 [Page 4] Internet-Draft Nomcom tools May 2012 o NOM-007: The tool MUST be able to identify duplicate nominations of the same person with the same email address and consolidate them to point to the same nominee. o NOM-008: In case the same person has been nominated multiple times using different email addresses the tool MUST allow the Nomcom chair to mark duplicate nominations of the same person and consolidate them to point to the same nominee. o NOM-009: The tool MUST allow setting of a communication email address for a nominee that is different that the email address with which they were nominated. o NOM-010: The tool MUST keep track of the accept and decline status for the nominees. 6. Acceptances and Declines After receiving the nomination mail, the nominees usually respond to indicate either their acceptance of the nomination or their unwillingness to do so. o AD-001: The tool MUST allow the nominees to indicate their acceptance or decline of their nomination. This is preferably done by providing distinct hyperlinks in the email that the nominees receive. o AD-002: The tool MUST allow the Nomcom chair to point to responses from the nominees and flag them as Acceptances or declines. o AD-003: The tool MUST allow the Nomcom chair to manually flag nominees as accepting or declining without the need for any nominee action. o AD-004: The tool MUST allow to view a list of all nominees along with their accepance or decline status. o AD-005: The tool MUST be configurable to send reminder mails to all nominees who have not responded, either on specified dates or at specified intervals. The contents of the reminder mails MUST be customizable by the Nomcom chair. o AD-006: The tool MUST be able to generate a summary report containing statistics (total/accept/decline/no response) concerning nominations by position. 7. Questionnaires The nominees fill in a questionnaire for each of the positions for which they accept a nomination. o QR-001: The tool MUST allow the Nomcom chair to enter a different questionnaire for each of the open positions. Krishnan & Halpern Expires November 19, 2012 [Page 5] Internet-Draft Nomcom tools May 2012 o QR-002: The tool MUST allow the Nomcom chair to point to responses from the nominees and flag them as Questionnaires. o QR-003: The tool MUST allow the Nomcom members to directly access the filled in questionnaires of the nominees. o QR-004: The tool MUST keep track of the questionnaire receipt status for the nominees. 8. Feedback Collection Community feedback is very important in the Nomcom process. Community feedback about the nominees is the primary mechanism by which the Nomcom members evaluate the nominees. o FB-001: The tool MUST allow the members of the community to enter feedback about any of the accepting nominees into the Public Nomcom tool. o FB-002: The tool MUST allow the members of the Nomcom to enter feedback about any of the accepting nominees into the Private Nomcom tool. The tool MUST allow the Nomcom member to optionally enter information about the originator of the feedback. o FB-003: The tool MUST allow the Nomcom members to view the feedback entered for each nominee. If the submitter of the feedback did not wish to be anonymous, the identity of the submitter should also be visible along with the feedback. o FB-004: The Nomcom members MUST be able to enter their interview comments as feedback for the nominee being interviewed. o FB-005: All email received on the Nomcom mailing list MUST be archived. o FB-006: The tool must allow the Nomcom chair to manually move any of the archived mails into the feedback section of a nominee. 9. Security considerations The tool must authenticate all users and must allow classifying logins into 3 roles. Nomcom chair, Nomcom member and community member. All communications to/from the Nomcom and among the members of the Nomcom must be stored in an encrypted form. 10. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. Krishnan & Halpern Expires November 19, 2012 [Page 6] Internet-Draft Nomcom tools May 2012 Authors' Addresses Suresh Krishnan Ericsson 8400 Blvd Decarie Town of Mount Royal, Quebec Canada Email: suresh.krishnan@ericsson.com Joel Halpern Ericsson Email: joel.halpern@ericsson.com Krishnan & Halpern Expires November 19, 2012 [Page 7]