IETF Nomcom S. Krishnan
Internet-Draft J. Halpern
Intended status: Standards Track Ericsson
Expires: December 6, 2012 June 4, 2012
Requirements for IETF Nominations Committee tools
draft-krishnan-nomcom-tools-01
Abstract
This document defines the requirements for a set of tools for use by
the IETF Nominations Committee.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 6, 2012.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Krishnan & Halpern Expires December 6, 2012 [Page 1]
Internet-Draft Nomcom tools June 2012
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Meta requirement . . . . . . . . . . . . . . . . . . . . . . . 3
3. Authentication . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Security and Access Control . . . . . . . . . . . . . . . . . . 3
5. Nominations . . . . . . . . . . . . . . . . . . . . . . . . . . 4
6. Acceptances and Declines . . . . . . . . . . . . . . . . . . . 5
7. Questionnaires . . . . . . . . . . . . . . . . . . . . . . . . 6
8. Feedback Collection . . . . . . . . . . . . . . . . . . . . . . 6
9. Security considerations . . . . . . . . . . . . . . . . . . . . 7
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7
11. Normative References . . . . . . . . . . . . . . . . . . . . . 7
Appendix A. Example for key generation . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8
Krishnan & Halpern Expires December 6, 2012 [Page 2]
Internet-Draft Nomcom tools June 2012
1. Introduction
The IETF Nominations Committee (Nomcom) is a body that selects
candidates for the open IESG, IAB and IAOC positions. There is a
need for a set of tools to aid the Nomcom to operate efficiently.
This document lays out a few requirements for such a tool
2. Meta requirement
There is an existing tool for supporting Nomcom work. The set of
requirements specified in this document are mainly enhancement
requirements or behavior changes to the existing tool. Unless
otherwise stated all of the current functions of the existing Nomcom
tool need to be supported in the new tool as well.
o META-001: The tool MUST provide all the functionality that is
provided by the current Nomcom tool except in the cases where one
of the requirements specified in this document overrides the
current behavior. The current Nomcom tool can be found at the
following URLs; https://www.ietf.org/group/nomcom/2011/private/
that displays the Nomcom private parts of the tool and
https://www.ietf.org/group/nomcom/2011/ that displays the
community member accessible parts of the tool.
3. Authentication
All access to the Nomcom tools needs to be authenticated. The users
of the tools may have different privileges based on their role. The
tool needs to support at least three levels of access:Community
member, Nomcom member, Nomcom chair.
o AUTH-001: The tool MUST allow the members of the community to
login with their existing datatracker.ietf.org credentials.
o AUTH-002: The tool MUST allow the members of the community to
create a new login with an automated system. The system MUST
verify that e-mail address used for creating the login.
o AUTH-003: The tool MUST allow the secretariat to input an email
address to be provided the Nomcom chair role and a list of email
addresses to be provided the Nomcom member role.
4. Security and Access Control
All communication between the community and the Nomcom and amongst
the members of the Nomcom needs to be stored in an encrypted form.
This information can only be accessed by the members of the Nomcom.
Krishnan & Halpern Expires December 6, 2012 [Page 3]
Internet-Draft Nomcom tools June 2012
o SEC-000: The security procedures for the tool MUST be structured
so that even system administrators do not have routine or
accidental visibility to the confidential feedback or discussion.
o SEC-001: The tool MUST allow the Nomcom chair to input a public
key ("Nomcom public key"). This key is generated by the Nomcom
chair independent of the tool using the procedure described in
Appendix A.
o SEC-002: All communication sent to the Nomcom mailing list MUST be
encrypted with the Nomcom public key before being committed to
persistent storage.
o SEC-003: All community feedback entered using the Nomcom tool MUST
be encrypted with the Nomcom public key before being committed to
persistent storage.
o SEC-004: After logging in, the tool MUST allow the Nomcom members
to input a private key ("Nomcom private key") that corresponds to
the Nomcom public key. This key MUST be used to decrypt the
feedback/communications that the member is trying to access. Once
entered, this key should be stored using an encrypted cookie.
This entry should be flushed after the user logs out.
o SEC-005: The data accumulated by the tool MUST be stored in a
fashion that prevents accidental exposure of the data to people
who administer the server(s) on which the data is stored.
5. Nominations
After the Nomcom is consituted, the Nomcom chair issues a call for
nominations for the open positions. There are two broad ways in
which nominees are introduced into the system. The predominant way
is that the nominations can be entered into the system directly by
members of the community. The secondary way is that the nominees are
entered in by the members of the Nomcom. In both of the cases an
email address for the nominee needs to be entered into the tool.
o NOM-001: The tool MUST allow the members of the community to enter
nominations into the Public Nomcom tool.
o NOM-002: The tool MUST allow the members of the Nomcom to enter
nominations into the Private Nomcom tool. The tool MUST allow the
Nomcom member to optionally enter information about the originator
of the nomination. The tool MUST record the identity of the
originator of the nomination for audit purposes.
o NOM-003: The tool MUST allow the Nomcom chair to specify the
information that is required for the nominations. This
information will be entered by the Nomcom chair as freeform text,
and will be presented to the individual performing the nomination.
o NOM-004: The tool MUST email the nominee after the nomination
mentioning the position(s) that they have been nominated for.
This email MUST NOT disclose to the nominee the identity of the
Krishnan & Halpern Expires December 6, 2012 [Page 4]
Internet-Draft Nomcom tools June 2012
person who performed the nomination.
o NOM-005: The tool MUST allow the content of this email to be
customized by the Nomcom chair.
o NOM-006: The tool MUST automatically attach the questionnaires for
the positions for which the nominee has been nominated to this
email.
o NOM-007: The tool MUST be able to identify duplicate nominations
of the same person with the same email address and consolidate
them to point to the same nominee.
o NOM-008: In case the same person has been nominated multiple times
using different email addresses the tool MUST allow the Nomcom
chair to mark duplicate nominations of the same person and
consolidate them to point to the same nominee.
o NOM-009: The tool MUST allow setting of a communication email
address for a nominee that is different that the email address
with which they were nominated.
o NOM-010: The tool MUST be able to use the datatracker address book
system as the basis for requirements NOM-007, NOM-008, and NOM-009
but MUST allow the Nomcom chair to perform manual overrides.
o NOM-011: The tool MUST keep track of the accept and decline status
for the nominees.
6. Acceptances and Declines
After receiving the nomination mail, the nominees usually respond to
indicate either their acceptance of the nomination or their
unwillingness to do so.
o AD-001: The tool MUST allow the nominees to indicate their
acceptance or decline of their nomination. This is preferably
done by providing distinct hyperlinks in the email that the
nominees receive.
o AD-002: The tool MUST allow the Nomcom chair to point to responses
from the nominees and flag them as Acceptances or declines.
o AD-003: The tool MUST allow the Nomcom chair to manually flag
nominees as accepting or declining without the need for any
nominee action.
o AD-004: The tool MUST allow to view a list of all nominees along
with their accepance or decline status.
o AD-005: The tool MUST allow the reporting of accepance or decline
status both per nominee as well as per open position.
o AD-006: The tool MUST be configurable to send reminder mails to
all nominees who have not responded, either on specified dates or
at specified intervals. The contents of the reminder mails MUST
be customizable by the Nomcom chair.
Krishnan & Halpern Expires December 6, 2012 [Page 5]
Internet-Draft Nomcom tools June 2012
o AD-006: The tool MUST be able to generate a summary report
containing statistics (total/accept/decline/no response)
concerning nominations by position.
7. Questionnaires
The nominees fill in a questionnaire for each of the positions for
which they accept a nomination.
o QR-001: The tool MUST allow the Nomcom chair to enter a different
questionnaire for each of the open positions.
o QR-002: The tool MUST allow the Nomcom chair to point to responses
from the nominees and flag them as Questionnaires.
o QR-003: The tool MUST allow the Nomcom members to directly access
the filled in questionnaires of the nominees.
o QR-004: The tool MUST keep track of the questionnaire receipt
status for the nominees. The filled in questionnaires are
received as emails to the Nomcom mailing list.
o QR-005: Like all other correspondance on the Nomcom mailing list,
the questionnaires MUST be encrypted by the Nomcom public key
before being stored.
o QR-006: The Nomcom chair MUST be able to flag an email as the
filled in questionnaire for a nominee corresponding to a specific
open position.
o QR-007: Once flagged, the questionnaire provided by the nominee
for a specific position MUST be directly accessible without
needing to look through all the other feedback received for that
nominee.
8. Feedback Collection
Community feedback is very important in the Nomcom process.
Community feedback about the nominees is the primary mechanism by
which the Nomcom members evaluate the nominees.
o FB-001: The tool MUST allow the members of the community to enter
feedback about any of the accepting nominees into the Public
Nomcom tool.
o FB-002: The tool MUST allow the members of the Nomcom to enter
feedback about any of the accepting nominees into the Private
Nomcom tool. The tool MUST allow the Nomcom member to optionally
enter information about the originator of the feedback.
o FB-003: The tool MUST allow the Nomcom members to view the
feedback entered for each nominee. If the submitter of the
feedback did not wish to be anonymous, the identity of the
submitter should also be visible along with the feedback.
Krishnan & Halpern Expires December 6, 2012 [Page 6]
Internet-Draft Nomcom tools June 2012
o FB-004: The Nomcom members MUST be able to enter their interview
comments as feedback for the nominee being interviewed.
o FB-005: All email received on the Nomcom mailing list MUST be
archived. This includes all correspondance among the Nomcom
members, feedback received over email as well as filled in
questionnaires.
o FB-006: The tool MUST allow the Nomcom chair to manually move any
of the archived mails into the feedback section of one or more
nominees for one or more open positions. This is required because
a single email may contain feedback concerning more than one
nominee or more than one open position.
9. Security considerations
The tool must authenticate all users and must allow classifying
logins into 3 roles. Nomcom chair, Nomcom member and community
member. All communications to/from the Nomcom and among the members
of the Nomcom must be stored in an encrypted form.
10. Acknowledgements
The authors would like to thank Russ Housley for his valuable
comments for improving this document.
11. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3777] Galvin, J., "IAB and IESG Selection, Confirmation, and
Recall Process: Operation of the Nominating and Recall
Committees", BCP 10, RFC 3777, June 2004.
Appendix A. Example for key generation
The Nomcom chair generates a public/private key pait to be used to
encrypt Nomcom correspondence and feedback. As an example, the
Nomcom chair can use openssl to generate the key pair using the
following commands
$ openssl genrsa 2048 | tee private.key # Generate a new private key
$ openssl rsa -pubout -in private.key # Output public key that
matches private key
Krishnan & Halpern Expires December 6, 2012 [Page 7]
Internet-Draft Nomcom tools June 2012
$ openssl req -new -x509 -key private.key -days 500 -subj
"/CN=Nomcom12/emailAddress=nomcom12@ietf.org" | tee public.cert #
Create a certificate from the private key
The certificate can then be provided to the tool in order to extract
the public key.
Authors' Addresses
Suresh Krishnan
Ericsson
8400 Blvd Decarie
Town of Mount Royal, Quebec
Canada
Email: suresh.krishnan@ericsson.com
Joel Halpern
Ericsson
Email: joel.halpern@ericsson.com
Krishnan & Halpern Expires December 6, 2012 [Page 8]