NSTIC draft bylaws july 2012


Published on

Original NIST draft Bylaws for NSTIC, version 2, with minimal annotations.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

NSTIC draft bylaws july 2012

  1. 1. NSTIC STEERING GROUP: NIST DRAFT BYLAWS: July 2012ASCII VERSION with limited comments<This is file "NSTICdraftBylawsJuly2012.txt", posted at slideshare.net/jamieXML><** See the end for production information and editing notes.><** All nonnormative text and comments are marked by angle brackets.>====DRAFT BY-LAWS FOR THE IDENTITY ECOSYSTEM STEERING GROUP<<Preface>> The Identity Ecosystem Steering Group By-laws ("By-laws") describethe roles, responsibilities, policies, and procedures that govern the operationof the Identity Ecosystem Steering Group ("Steering Group"). The By-laws shallbe consistent with the Identity Ecosystem Steering Group Charter ("Charter"),which provides the high-level perspective of scope, purpose, and organization.{NIST fn1: For a complete understanding of ... Steering Groups structure theseBy-laws should be read in conjunction with the Charter.} ¶ As stated in theCharter, the primary activities of the Steering Group shall be to:* Adopt and establish standards for the Identity Ecosystem Framework* Develop and maintain policies for the Identity Ecosystem Framework* Develop and maintain processes for the accreditation of Identity EcosystemEntities* Develop and maintain Identity Ecosystem Operating procedures<<0.>> Terms. <**> <"At-Large Delegates": the Management Council Delegates defined in Section> <**> <"Bylaws": as defined in the Preface above.> <**> <"Charter": as defined in the Preface above.> <<0.1>> "Consensus": The absence of sustained objection when a Quorum hasbeen achieved. <**> <"Guiding Principles": as defined in Section 1.3 of theCharter.> <**> <"Identity Ecosystem": as defined in Section 1 of the Charter.> <<0.2>> Identity Ecosystem Management Council ("Management Council"):Provides guidance to the Plenary on the broad objectives envisioned by theNSTIC; produces, prioritizes and monitors progress of Steering Group work plans;provides necessary resources, and ensure that Steering Group work activitiesadhere to the NSTIC Guiding Principles and Goals; and ratifies policy andstandards recommendations approved by the Plenary. <** See sec. 2.2.> <<0.3>> Identity Ecosystem Plenary ("Plenary"): Reviews and recommendstechnical standards for adoption, establishes and maintains theprocedures/policies for governing the Identity Ecosystem, develops andestablishes accountability measures to promote broad adherence to theseprocedures, and facilitates the ongoing operation of the Steering Group. Open toall members of the Steering Group. <** See sec. 2.1.> <<0.4>> Identity Ecosystem Steering Group ("Steering Group"): The overallIdentity Ecosystem governance structure which consists of the Management Counciland the Plenary. The responsibilities, mission, and activities of the SteeringGroup are defined in these By-laws and in the Charter. <<0.5>> "Individual": Any person who does not represent or act on behalfof a Member Organization in any formal or informal capacity within the SteeringGroup. <**> <"Initial Interim Period": as defined in Section 11.> <**> <"Individual Member": as defined in Section 0.9.> <**> <"Management Council": as defined in Section 0.2. See sec.2.2.> <<0.6>> "Management Council Chair": This officer provides generalleadership to the Management Council; oversees votes, and directs the meetingsof the Management Council. <** See sec.> <<0.7>> "Management Council Delegates": Persons elected to represent eachof the 14 Stakeholder Groups on the Management Council. There are an additional
  2. 2. two At-Large Delegates. <<0.8>> "Management Council Vice-Chair": This officer shall assist theSteering Group in maintaining alignment with NSTIC objectives and the NSTICGuiding Principles. This position shall be filled by the Director of the NPO.<** See sec.> <<0.9>> "Member": Any organization ("Member Organization") or individual("Individual Member") that signs the Membership Agreement. <<0.10>> "Member Associates": Employees and associates of MemberOrganizations who participate in the Standing Committees and Working Groups ofthe Plenary. All Member Associates shall be listed in the Membership Agreementand shall comply with the same obligations as the Member Organization under theMembership Agreement. <**> <"Member Organization": as defined in Section 0.9.> <**> <"Member Representative": any Participating MemberRepresentative or Observing Member Representative.> <**> <"Membership Agreement": as defined in Section 1.5.> <**> <"NSTIC": the National Strategy for Trusted Identities in Cyberspace, as defined in Section 1 of the Charter.> <**> <"NPO": the NSTIC National Program Office, as defined in Section 1 of the Charter.> <<0.11>> "Observing Member": Members that do not meet the criteria forParticipating Members, but that wish to maintain a formal and ongoing presencein the Steering Group. Observing Members may still contribute to the work of thePlenary, its Standing Committees, and/or Working Groups, but they shall not bepermitted to vote in Plenary proceedings. <<0.12>> "Observing Member Representative": The person selected by eachObserving Member to execute the Steering Group Membership Agreement and maintaincurrency of Member Associates. <IMMEDIATE AMENDMENT COMMENT: In the above definition <<0.12>>, replace the word "selected" with the new word "designated"; and replace thephrase "to execute the" with the new phrase "in its executed"; and insert the words "to represent the Member and" before the word "maintain". Note: The person who signs for an organizational (legally) may not be their voting representative.> <<0.13>> "Ombudsman": This officer serves to support equitablerepresentation of all stakeholders and individual participants in the IdentityEcosystem and upholds the NSTIC Guiding Principles. <** See sec.> <<0.14>> "Organization": A commercial, governmental, or other separatelyconstituted legal entity and, when applicable, its parent company ororganizations, its subsidiaries, affiliations, divisions, committees, andworking groups. <<0.15>> "Participating Member": Members who actively participate in theSteering Group and the work of the Plenary, its Standing Committees, and/orWorking Groups. Participating Members shall have a vote in Plenary-wideproceedings and in the elections of officers and delegates. <<0.16>> "Participating Member Representative": The person selected byeach Participating Member to execute the Steering Group Membership Agreement,maintain currency of Member Associates, and represent the Membershiporganization in Plenary-wide votes. <** But see sec. 11.> <IMMEDIATE AMENDMENT COMMENT: In the above definition <<0.16>>, replace the word "selected" with the new word "designated"; and replace thephrase "to execute the" with the new phrase "in its executed"; and insert the words "to represent the Member and" before the word "maintain". Note: The person who signs for an organizational (legally) may not be their voting representative.> <**> <"Plenary": as defined in Section 0.3.>
  3. 3. <<0.17>> "Plenary Chair": This officer provides direction for actions,manages meetings, supervises votes/elections, and provides general leadership inthe Plenary. <** See sec. 2.1.2.> <<0.18>> "Quorum": A quorum of the Plenary is defined as greater thanfifty percent of Participating Members and shall be sufficient for thetransaction of business. <<0.19>> "Secretariat": Provides administrative and material support tothe Steering Group. <** See sec. 2.3.> <<0.20>> "Standing Committees": Committees responsible for addressing andcoordinating the ongoing and/or permanent activities that occur within thePlenary. <** See sec. 2.1.4.> <**> <"Stakeholder Group": as defined in Section 1.3.1.> <**> <"Stakeholder Group Delegate": as defined in Section> <**> <"Steering Group": as defined in the Preface above.> <<0.21>> "Unaffiliated Individual": Any Individual Member who chooses notto self-select into one of the other Stakeholder Groups. UnaffiliatedIndividuals shall not represent the interests or act on behalf of a MemberOrganizations or Stakeholder Group. <<0.22>> "Working Groups": Temporary/ad hoc groups that conduct the worknecessary for standards adoption and policy development/implementation asneeded. <** See sec. 2.1.4.>1. Membership.Membership in the Steering Group shall be open and the extent of participationshall be dependent on the members. Membership in the Steering Group shall beopen to organizations and individuals (members) that have an interest in thedevelopment and administration of the Identity Ecosystem. Membershipclassifications, participation levels and member categories are described in thesections that follow. ¶ A member is defined as any organization or individualthat signs the Membership Agreement. 1.1. Membership Classifications. There are two classifications ofmembership – Member Organizations and individuals. A person representing oracting on behalf of a Member Organization in any formal or informal capacitywithin the Steering Group are considered part of that organization and cannot beconsidered an Individual Member. 1.1.1. Member Organizations. An organization shall be permitted tojoin the Steering Group as any one of the Stakeholder Groups with the exceptionof Unaffiliated Individuals. (See section 1.3, Stakeholder Group Affiliation.)An organization shall be defined as a commercial, governmental, or otherseparately constituted legal entity and, when applicable, its parent company ororganizations, its subsidiaries, affiliations, divisions, committees, andworking groups. Divisions, subsidiaries, committees of organizations, etc. arepart of their parent organizations and are not considered separate organizationsfor Steering Group membership purposes. 1.1.2. Individuals. An individual shall be permitted to join theSteering Group as an Unaffiliated Individual (See section, UnaffiliatedIndividuals) or as a member of one of the other Stakeholder Groups. (See section1.3, Stakeholder Group Affiliation.) An individual shall be defined as anyperson who does not represent or act on behalf of a Member Organization in anyformal or informal capacity within the Steering Group. Unaffiliated Individuals. Unaffiliated Individuals shallbe any Individual Member who chooses not to self-select into one of the otherStakeholder Groups. (See section 1.3, Stakeholder Group Affiliation.)Unaffiliated Individuals shall not represent the interests or act on behalf of aMember Organizations or Stakeholder Group. 1.2. Participation Levels. A member shall participate in the Plenary aseither a Participating Member or an Observing Member. 1.2.1. Participating Members. Participating Members shall be membersthat actively participate in the Steering Group and the work of the Plenary,Standing Committees, and/or Working Groups. Participating Members shall have avote in Plenary-wide proceedings and in the elections of officers and delegates.
  4. 4. ¶ The requirements for qualification as a Participating Member are defined insection 1.4, Member Rights and Responsibilities. <But see sec. 11.1.> 1.2.2. Observing Members. Observing Members shall be members that donot meet the criteria for Participating Members, but that wish to maintain aformal and ongoing presence in the Steering Group. Observing Members maycontribute to the work of the Plenary, its Standing Committees, and/or WorkingGroups, but shall not be permitted to vote in Plenary-wide proceedings and inthe elections of officers and delegates. ¶ The requirements for qualificationas an Observing Member are defined in section 1.4, Member Rights andResponsibilities. 1.2.3. Member Representatives. Each Member Organization shalldesignate one person as its official Member Representative. Each MemberOrganization shall determine its own process for selecting its MemberRepresentative. Each Member Organization is authorized to designate alternateMember Representatives in the event a primary Member Representative is unable toattend a meeting. Member Representatives shall be responsible for acting onbehalf of the Membership Organization<,> for executing the Membership Agreementand maintaining currency of Member Associates. ¶ Individual Members shall beconsidered their own Member Representative. No person shall represent more thanone Member Organization. Participating Member Representatives. MemberRepresentatives of Participating Members shall be referred to as ParticipatingMember Representatives. <** See definition in sec. 0.16.> Participating MemberRepresentatives shall be responsible for casting votes in the Plenary. Observing Member Representatives. Member Representativesof Observing Members shall be referred to as Observing Member Representatives.<** See definition in sec. 0.12.> 1.2.4. Member Associates. Each Member Organization may have multipleemployees or associates from its organization who participate in the StandingCommittees and Working Groups of the Plenary. All Member Associates shall belisted in the Membership Agreement and shall comply with the same obligations asthe Member Organization under the Membership Agreement. 1.3. Stakeholder Group Affiliation. Each Member shall self-select intothe Stakeholder Group that they consider best represents its roles or interestsin the Identity Ecosystem. Affiliation into these Stakeholder Groups shall beused for the purposes of electing delegates to the Management Council. MemberRepresentatives and Member Associates shall be affiliated with the StakeholderGroup selected by their respective Member Organization. Individual Membersshall have the option to self-identify into any of the 14 Stakeholder Groups,including Unaffiliated Individuals. (See section 1.3.1, Stakeholder Groups.) 1.3.1. Stakeholder Groups. Members shall choose to affiliate with oneof the following Stakeholder Groups. For detailed descriptions of theStakeholder Groups see the Charter. {NIST fn2: Charter sec. 3.2.2, StakeholderGroups: http://j.mp/NSTICchtr#_Toc330932484.} <<1.3.1.>> 1. Privacy & Civil Liberties <<1.3.1.>> 2. Usability & Human Factors <<1.3.1.>> 3. Consumer Advocates <<1.3.1.>> 4. U.S. Federal Government <<1.3.1.>> 5. U.S. State, Local, Tribal, and Territorial Government <<1.3.1.>> 6. Research, Development, Education & Innovation <<1.3.1.>> 7. Identity & Attribute Providers <<1.3.1.>> 8. Interoperability <<1.3.1.>> 9. Information Technology (IT) Infrastructure <<1.3.1.>> 10. Regulated Industries <<1.3.1.>> 11. Small Business & Entrepreneurs <<1.3.1.>> 12. Security <<1.3.1.>> 13. Relying Parties <<1.3.1.>> 14. Unaffiliated Individuals 1.3.2. Additional Stakeholder Groups. The Steering Group may add,remove, or modify Stakeholder Groups at any time, as necessary. 1.4. Member Rights and Responsibilities. Rights and responsibilities ofParticipating and Observing Members are described in the sections that follow.
  5. 5. 1.4.1. Rights of Members. Members shall have the right to: <<1.4.1.>> a. Serve as members for as long as they meet therequirements of membership defined in section 1.4.2, Responsibilities ofMembers. <<1.4.1.>> b. Submit proposed requirements for the IdentityEcosystem Framework. <<1.4.1.>> c. Participate in the Plenary process and establish theoverall direction of the Plenary through active participation in Working Groups,Standing Committees, or other organizational teams established as needed toaddress specific issues. <<1.4.1.>> d. Participate in the consensus decision-making process. 1.4.2. Responsibilities of Members. Members shall have theresponsibility to: <<1.4.2.>> a. Abide by the Membership Agreement and comply with theCharter and these By-laws. 1.4.3. Additional Rights and Responsibilities of Participating Members.Participating Members shall have the right to: <<1.4.3.>> a. Vote in Steering Group elections in accordance withthese By-laws. <<1.4.3.>> b. Vote on proposed Plenary standards, policies, andprocedures in accordance with these By-laws. <<1.4.3.>> c. Stand for nomination for Management CouncilDelegate, At-Large Delegate, and Plenary and Management Council Chair positions. <<>> Participating Members shall have the responsibility to: <<>> a. Participate in Plenary meetings. (See section5.3.2. Qualifications for Voting Privilege and Restoration.) <<>> b. Review Plenary documents. <<>> c. Ensure that their attendance is accurately recordedby the Secretariat. 1.5. Membership Agreement. To become a member, the Member Representativeshall complete and execute the Steering Group Membership Agreement. ¶ Thecompleted and executed Membership Agreement shall be sent to the Secretariat whoshall collect and record the Membership Agreements. A Member Organization maydesignate someone other than an employee to represent its organization. {NISTfn3: At the initial meeting of the Steering Group a draft Membership Agreementshall be finalized for ratification.} <IMMEDIATE AMENDMENT COMMENT: After the second sentence of Section 1.5, add: "The form of Membership Agreement and any amendments thereto shallbe approved by the Plenary."> 1.6. Changes in Membership Status. Changes in a members status aredescribed in the sections that follow. 1.6.1. Withdrawal of Membership. Members may voluntarily withdraw fromthe Steering Group at any time by stating their intention in writing to theSecretariat. 1.6.2. Termination of Membership. The Management Council may terminatea membership as a result of a material violation of the By-laws. 1.6.3. Administrative Modification of Membership. Any change in legalstatus of members shall result in the appropriate modification of theirmembership by the Secretariat. ¶ Situations that may result in themodification of membership include, but are not limited to: <<1.6.3.>> a. Dissolution of a Member Organization. <<1.6.3.>> b. Acquisition of Member Organization by another MemberOrganization. <<1.6.3.>> c. Change in employment status or affiliation of anindividual.2. Steering Group Structure & Responsibilities.
  6. 6. The Steering Group shall consist of two bodies: the Plenary and the ManagementCouncil. The Steering Group shall also have a Secretariat serving as itsadministrative arm. The roles and responsibilities of each component aredescribed in the sections that follow. 2.1. Identity Ecosystem Plenary. The Plenary shall be responsible forreviewing and recommending technical standards for adoption, establishing andmaintaining the procedures and policies for governing the Identity Ecosystem,developing and establishing accountability measures to promote broad adherenceto these procedures, and facilitating the ongoing operation of the SteeringGroup. The Plenary shall provide for the Plenary Chair, Working Groups andStanding Committees. The roles, responsibilities and participation requirementsof each component are described in the sections that follow. 2.1.1. Plenary Membership. The Plenary shall be open to all SteeringGroup members. 2.1.2. Plenary Chair. The Plenary shall be led by the Plenary Chair.The role of the Plenary Chair is defined in the Charter. {NIST fn4: Charter,sec. 2.1.2, Plenary Chair: http://j.mp/NSTICchtr#_Toc330932477.} Election. With the exception of the initial election,nominees for this position shall be approved by the Nominations Committee. ThePlenary Chair shall be elected by the Participating Members within the Plenaryin accordance with section 3, General Elections. Duties. The Plenary Chair is responsible for the overallmanagement of the Plenary, including the Standing Committees and Working Groups.In fulfilling this role, the Plenary Chair shall act in a purely neutralcapacity, divesting him- or her-self of any organizational or technicalposition. <<>> a. Guide the Secretariat in carrying out itsduties and responsibilities as they pertain to the Plenary. <<>> b. Guide the consensus processes in the Plenary,ensuring that all points of view, to include minority views, are adequatelyexpressed and understood by all present. <<>> c. Ensure that all information and decisions areclearly and effectively communicated. <<>> d. Coordinate with the Management Council andensure that the policy and strategic goals of the Steering Group are being met. <<>> e. Foster an open and amiable atmosphere atPlenary meetings. <<>> f. Assist in the resolution of any appeal againsta Plenary decision. Term of Service. The Plenary Chair shall serve a two-yearterm. The Plenary Chair may serve no more than two terms consecutively but mayserve any number of non-consecutive terms. If the Chair is unable to completehis or her term of office, the Plenary shall elect a successor in accordancewith section 3, General Elections. <But see sec. 11.3.> Authority. The Plenary Chair shall have authority totable or terminate discussion, call for affirmation of consensus, mediate withdissenting parties, and commit or recommit a matter to committee for furtheraction. In the event the Plenary Chair is also a Member Representative, he orshe may not continue to act as Member Representative. 2.1.3. Plenary Responsibilities. The specific responsibilities of thePlenary are described in the sections that follow. General Responsibilities. The Plenary shall: <<>> a. Facilitate the timely review, recommendationand adoption of standards related to the development and governance of theIdentity Ecosystem. <<>> b. Develop and maintain work products andgoverning documents to include: <<>> i. A framework for testing and certifyingIdentity Ecosystem components. <<>> ii. The Identity Ecosystem Framework, asdescribed in the NSTIC.
  7. 7. <<>> iii. Other work products and governingdocuments deemed necessary to establish and maintain the Identity Ecosystem andto promote its adoption. <<>> c. Recommend creation or dissolution of StandingCommittees and Working Groups to perform the Plenarys work. <<>> d. Develop and establish accountability measuresfor the Plenary and its components. <<>> e. Facilitate the ongoing operation of theSteering Group. <<>> f. Perform all other acts necessary andappropriate to the conduct of the Plenarys activities and achievement of thePlenarys goals. Conducting & Participating in Elections. The Plenaryshall be responsible for electing Management Council Delegates, At-LargeDelegates, and Plenary and Management Council Chairs in accordance with section3, General Elections. 2.1.4. Plenary Standing Committees and Working Groups. The roles of thePlenary Standing Committees and Working Groups are defined in the Charter.{NIST fn5: Charter, Secs. 2.1.2, Plenary Standing committees:http://j.mp/NSTICchtr#_Toc330932478 and 2.1.3, Plenary Working Groups:http://j.mp/NSTICchtr#_Toc330932479} Administration. Standing Committees may be proposed bythe Plenary or the Management Council and shall be officially established by theManagement Council. Standing Committees and Working Groups shall create theirown charters, which shall be approved by the Management Council. Charters shall,at a minimum outline the missions, operations, decision making procedures, andleadership selection processes. All charters will support the NSTIC GuidingPrinciples and the Steering Group operating principles. {NIST fn6: Charter,Secs. 1.3, Adherence to the NSTIC Guiding Principles:http://j.mp/NSTICchtr#_Toc330932466 and 1.4, Operating Principles:http://j.mp/NSTICchtr#_Toc330932467.} Working Groups. Participation in and meetings of thePlenary Working Groups shall be open to all members. Standing Committees. Standing Committee Charters shallalso outline participation requirements. <IMMEDIATE AMENDMENT COMMENT: In Section, add the words "circulated for comment to the Participating Members and then" before the words "approved by the Management Council". Sunlight, please.> 2.2. Identity Ecosystem Management Council. The Management Council shallbe comprised of the Management Council Delegates, the Management Council Chair,the Vice Chair, and the Ombudsman. Their roles and responsibilities aredescribed in the sections that follow. The Management Council shall provideguidance to the Plenary on the broad objectives envisioned by the NSTIC, produceworkplans to prioritize work items and monitor progress, and ensure thatSteering Group work activities align with the NSTIC Guiding Principles. TheManagement Council shall ratify policy and standards recommendations approved bythe Plenary. The Management Council shall also be responsible for managing theSteering Groups resources and procuring services once the Steering Group isself-sustaining. 2.2.1 Management Council Participation. The Management Council shallbe open to all Participating Members through the election process prescribed insection 2.2.3, Mgmt. Council Delegate Selection Process. Management CouncilDelegates and At-Large Delegates shall attend Management Council meetings andshall have the right to vote on Management Council matters. 2.2.2. Management Council Delegates. The Management Council shall becomposed of 16 voting delegates including 14 delegates who are elected from theStakeholder Groups and two At-Large Delegates. Stakeholder Group Delegates. There shall be 14Management Council Delegates elected from the Stakeholder Groups in accordancewith section, Stakeholder Group Delegates. At-Large Delegates. There shall be two At-LargeManagement Council Delegates elected in accordance with section, At-
  8. 8. Large Delegates. 2.2.3. Management Council Delegate Selection Process. The managementcouncil selection processes is described in the sections that follow. Stakeholder Group Delegates. Stakeholder Group Delegatesshall be selected through an election held among the Participating Memberswithin each Stakeholder Group in accordance with section 3, General Elections. At-Large Delegates. At-Large Delegates shall be selectedthrough an election held among the Participating Members within the Plenary. AllParticipating Members may vote for candidates being elected for At-LargeDelegate positions in accordance with section 3, General Elections. Delegate Selection Criteria. The Stakeholder GroupDelegates and At-Large Delegates shall be selected in accordance with thecriteria detailed in the Charter. {NIST fn7: Charter, sec. 3.2.1, DelegateSelection Criteria: http://j.mp/NSTICchtr#_Toc330932483.} Management Council Delegate Term of Office. The terms ofManagement Council Delegates shall be as follows: <<>> 1. Management Council Delegates shall serve two-year terms. <But see sec. 11.3.> <And see last sentence of this section.> <<>> 2. There are no term limits for delegates. In the first term of office following the initial interim period –where all delegates shall serve for a period of six months (see Section 11,Initial Interim Period) – one-half of Stakeholder Group Delegates and one At-Large Delegate shall serve a one-year term. Mid-Term Vacancies. Mid-term vacancies may occur due toa Management Council Delegate voluntarily relinquishing their position or achange in a members status according to section 1.6, Change in Member Status.¶ Should a delegate become unable to fulfill their commitment, they shall beexpected to vacate their seat. Once vacated, a replacement must be chosen byelection at the earliest reasonable opportunity in accordance with section 3,General Elections. Vacancies shall not affect the ability to make decisions. 2.2.4. Management Council Officers. The Management Council Officersshall include the Chair, Vice-Chair, and Ombudsman. The selection processes,terms, and responsibilities are described in the sections that follow. Management Council Chair. The selection process, duties,and term of office are described in the sections that follow. For details on therole of the Management Council Chair see the Charter. {NIST fn8: Charter, sec.3.1, Mgmt. Council Composition: http://j.mp/NSTICchtr#_Toc330932481.} Selection Process. Nominees for this position shallbe approved by the Nominations Committee. The Management Council Chair shall beselected by Participating Members in the Plenary in accordance with section 3,General Elections. Duties. The Management Council Chair shall beresponsible for the overall management of the Management Council. The Chairshall: <<>> a. Act in a purely neutral capacity,divesting him or her of any organizational or technical position in ManagementCouncil activities. <<>> b. Guide the Secretariat in carrying out itsduties and responsibilities as they pertain to the Management Council. <<>> c. Guide the consensus process in theManagement Council. <<>> d. Preside over meetings and oversee votesof the Management Council. <<>> e. Ensure that all decisions are clear andmade available in written form to the Secretariat. <<>> f. Coordinate with the Plenary Chair asnecessary to ensure that Steering Group strategic and policy goals are beingmet. <<>> g. Act as the lead spokesperson for theManagement Council between meetings. <<>> h. Assist in the resolution of an appealagainst a Management Council decision. Term of Office. The term of the Management CouncilChair shall be three years, with no restriction on the number of consecutive
  9. 9. terms. <But see sec. 11.3.> Management Council Vice-Chair. The duties and term of officeof the Management Council Vice-Chair are described in the sections that follow.For details on the role of the Management Council Vice-Chair see the Charter.{NIST fn9: Charter, sec. 3.1, Mgmt. Council Composition:http://j.mp/NSTICchtr#_Toc330932481.} Duties. The Management Council Vice-Chair shall: <<>> a. Promote Identity Ecosystem stakeholderinvolvement and engagement. <<>> b. Build consensus on policy frameworksnecessary to achieve the vision. <<>> c. Actively participate within and acrossrelevant public and private sector forums. <<>> d. Assess progress against the goals,objectives, and milestones of the NSTIC. Term of Office. As an ex-officio position on theManagement Council, the Vice Chair position may be held without limit. Ombudsman. The selection criteria, duties, term of officeand authority of the Ombudsman are described in the sections that follow. Forthe role of the Ombudsman see the Charter. {NIST fn10: Charter, sec. 3.1, Mgmt.Council Composition: http://j.mp/NSTICchtr#_Toc330932481.} Selection. The role of the Ombudsman shall beprovided by the Secretariat. The Management Council shall establish criteria forthe selection of the Ombudsman. The Ombudsman shall: <<>> a. Be independent from Steering Groupmembers and Stakeholder Groups. <<>> b. Be capable of maintaining objectivity inthe execution of all duties and responsibilities. <<>> c. Have strong communication, interpersonal,and problem solving skills. <<>> d. Have experience in complaint resolutionand investigation. Duties. The Ombudsman shall: <<>> e. Uphold the NSTIC Steering Group Charter,By-laws, and Operating Principles. <<>> f. Facilitate balanced representation withinthe Steering Group. <<>> g. Develop and implement complaint and issueresolution policies and procedures for the Steering Group. <<>> h. Investigate and assist in the resolutionof issues and complaints associated with Steering Group processes. <<>> i. Report on Ombudsman activities to theManagement Council. <<>> j. Maintain and safeguard records of allOmbudsman activities. <<>> k. Provide information on Ombudsmanactivities, policies, procedures, and processes to the general public including,but not limited to, periodic reports outlining disputes, complaints,recommendations, resolutions and final dispositions. Authority. The Ombudsman shall have the authorityto: <<>> a. Attend all Steering Group meetings andfunctions. <<>> b. Conduct investigations and fact findinginto complaints and issues arising from Steering Group proceedings. <<>> c. Make recommendations and assist in theresolution, mitigation, and prevention of issues and complaints. Steering Group Responsibilities. All members ofthe Steering Groups shall cooperate with the Ombudsman in the execution of hisor her duties. Appropriate Steering Group leadership shall record and publicallyreport all actions taken pursuant to Ombudsman recommendations. Term of Office. There are no term limits for theOmbudsman. 2.2.5. Management Council Responsibilities. The Management Council
  10. 10. shall provide guidance to the Plenary on the broad perspectives envisioned bythe NSTIC and ensure that Steering Group work activities adhere to the NSTICGuiding Principles. The Management Council shall ratify policy and standardsrecommendations approved by the Plenary. The Steering Group shall be initiatedwith the support of the Federal Government. Following the initiation period, theSteering Group shall transition to a self-sustaining organization. TheManagement Council shall be responsible for managing the Steering Groupsresources and procuring services once the Steering Group is self-sustaining. Administrative Activities. The Management Council shallperform administrative duties to facilitate the operations of the SteeringGroup. The Management Council shall: <<>> a. Approve and prioritize work programs and actionplans. <<>> b. Manage the resources necessary to execute workprograms and action plans and to operate the Plenary. <<>> c. Ratify recommendations from the Steering Groupfor the standards, policies, and other components of the Identity EcosystemFramework. <<>> d. Approve charters of the Standing Committees andWorking Groups. <<>> e. Maintain and update Steering Grouporganizational policies and procedures including Charter, By-laws, MembershipAgreement, and intellectual property rights policies. <<>> f. Manage marketing and public relationsactivities. <IMMEDIATE AMENDMENT COMMENT: Add new section 2.2.6 as follows: "2.2.6. Initial approval of Charter and By-laws. Notwithstanding the foregoing, the Plenary may adopt amendments to the Charter and these By-Laws without the ratification or approval of the Management Council for the first 180 days after the initial approval of those documents by the Plenary. However, the Management Council may make recommendations to the Plenary with respect to any such proposals." See related amendment in Section 9.> 2.3. Secretariat. The Secretariat shall serve as the administrative body ofthe Steering Group and promote alignment of the Steering Groups operations withthe NSTIC Guiding Principles. The role and responsibilities of the Secretariatare described in the sections that follow. 2.3.1. Selection of Secretariat. The Secretariat shall initially beprovided by the NSTIC National Program Office. At such time that the SteeringGroup becomes self-sustaining, the Management Council shall be responsible foracquiring secretariat services support. 2.3.2. Secretariat Responsibilities. The Secretariat shall act in aneutral capacity, divesting itself of any technical or other point of view. TheSecretariat is responsible for ensuring that these By-laws and the decisions ofthe Steering Group are followed. The Secretariat is responsible forfacilitating, monitoring, reporting, and ensuring active progress of theSteering Group work to conclusion. The Secretariat shall: <<2.3.2.>> a. Distribute Steering Group documents and processreceived comments and input. <<2.3.2.>> b. Assist the Steering Group leadership in establishingwork priorities, agendas, target dates and other management activities asneeded. <<2.3.2.>> c. Record and make available all decisions of theSteering Group for confirmation, and prepare reports for the Steering Group asrequested. <<2.3.2.>> d. Support the Steering Groups efforts to ensurealignment with the NSTIC Guiding Principles and operating principles. <<2.3.2.>> e. Enable timely and public distribution of SteeringGroup products and information; including, but not limited to, maintenance ofthe Steering Group Website.
  11. 11. <<2.3.2.>> f. Provide the resources and personnel for the Ombudsmanposition. <<2.3.2.>> g. Take and record attendance at Plenary meetings. <<2.3.2.>> h. During the initial election of delegates andofficers, the Secretariat shall satisfy the requirements outlined for theNominations Committee in section 3, General Elections. Once the NominationsCommittee is fully established the Secretariat will no longer be required tofill this role. 2.4. Transparency & Dissemination of Information. The Steering Group shallconduct all operations and administrative actions in an open and transparentmanner. 2.4.1. Open Meetings. Where ever possible, meetings of the SteeringGroup shall be open for public attendance. Electronic tools and mechanisms shallbe made available to enable remote attendance and participation. 2.4.2. Publication of Operations. Essential information about SteeringGroup activities shall be made publicly available through the Steering Groupswebsite. 2.4.3. Material Distribution. The Steering Group shall distribute theresults of its activities through the Steering Group website. The website shallinclude all Plenary deliverables. This includes, but is not limited to,documents, conference presentations, meeting minutes, and publications.3. General ElectionsThe processes for the electing Management Council Delegates, Plenary Chair andManagement Council Chair are described in the sections that follow. 3.1. General Requirements. The general requirements for the electionprocess are: <<3.3.>> 1. Only Participating Members of a Stakeholder Group may votefor Management Council Delegate candidates being elected from that StakeholderGroup. <<3.3.>> 2. Only Participating Members may vote for At-Large ManagementCouncil Delegates, the Plenary Chair, and the Management Council Chair. 3.2. Election Process. The election process is described in the sectionsthat follow. 3.2.1. Call for Candidates When one or more seats become available,the Nominations Committee shall hold a call for candidates as follows: <<3.2.1.>> a. For Management Council Delegate vacancies, therequest shall indicate the number of seats to be filled and provide guidance onspecific candidate attributes that may be needed to fulfill requirements forskills, experience, and cross-industry representation. <<3.2.1.>> b. For the Plenary Chair and Management Council Chairpositions, the request shall be made up to three months prior, but not less thanone month prior, to the end of terms of the Plenary Chair or Management CouncilChair. <<3.2.1.>> c. If no candidate is slated at the end of theevaluation process, the Management Council Chair may request the NominationsCommittee to initiate another call for candidates. <<3.2.1.>> d. The Secretariat shall hold the initial call forManagement Council candidates. 3.2.2. Submission of Candidate Recommendations. The process for thesubmission of candidate recommendations is as follows: <<3.2.2.>> 1. For Plenary Chair, Management Council Chair, andManagement Council At-Large Delegate positions, any member may submitrecommendations for vacancies. <<3.2.2.>> 2. For Management Council Stakeholder Group Delegatepositions, any member affiliated with the Stakeholder Group for which there is avacancy may submit recommendations. 3.2.3. Candidate Evaluations. The Nominations Committee shallevaluate nominations in accordance with eligibility criteria established foreach open position. <But see sec. 2.3.2.h.> These criteria include:
  12. 12. <<3.2.3.>> a. Members may hold only one leadership position withinthe Steering Group. Leadership positions include: <<3.2.3.a.>> i. Management Council Delegate (Stakeholder Groupand At-Large) <<3.2.3.a.>> ii. Management Council Chair <<3.2.3.a.>> iii. Plenary Chair <<3.2.3.>> b. The nominee must confirm his or her willingness to bea candidate for the position. <<3.2.3.>> c. Selection criteria for Management Council Delegatesin the Charter. {NIST fn11: Charter, sec. 3.2.1, Delegate Selection Criteria:http://j.mp/NSTICchtr#_Toc330932483.} <<3.2.3.>> d. The nominee must be a Participating Member. <<3.2.3.>> e. Additional criteria to determine the eligibility ofcandidates for the positions of Plenary Chair and Management Council Chairinclude: <<3.2.3.e.>> i. Breadth of experience. <<3.2.3.e.>> ii. Contributions to the identity managementcommunity. <<3.2.3.e.>> iii. Demonstrated ability to effectively lead asignificant organization or organizations board. 3.2.4. Preparation of a Slate. The Nominations Committee shalldevelop a slate of all eligible candidates from the candidate nominationsreceived during the call for candidates corresponding to the requirements forvacant seats. Candidates shall only appear once per slate. <IMMEDIATE AMENDMENT COMMENT: The second sentence of Section 3.2.4 should be deleted, or amended by adding "[, except for the initial Steering Group elections", if were not going to follow it.> 3.2.5. Confirmation and Approval for Slate of Candidates. The processfor confirming and approving the slate of candidates is as follows. <<3.2.5.>> a. The slate of eligible candidates and theirqualifications shall be presented by the Nominations Committee before thesitting Management Council. <<3.2.5.>> b. Except for the nominations for the initial ManagementCouncil, the sitting Management Council shall review and ratify the slate. <<3.2.5.>> c. Cause for rejection shall be clearly documented sothat the Nominations Committee may propose a new slate or a partial slate. 3.2.6. Voting for Candidates. The process for voting for candidates isas follows: <<3.2.6.>> a. The Secretariat shall prepare ballots for eachelection and distribute sample ballots no less than 15 days prior to anelection. <<3.2.6.>> b. The Secretariat shall administer the vote, tally theballots, and report the results. <<3.2.6.>> c. For elected positions a simple majority vote shalldecide the winner. In the event that there is no majority the candidates withthe two highest vote counts shall participate in a run-off. <<3.2.6.>> d. In the event of an election tie, another ballot thatincludes only the tied candidates shall be conducted in a timely fashion.4. MeetingsThe Steering Group meeting requirements are described in the sections thatfollow. 4.1. Meetings Requirements & Procedures. Except as otherwise noted, thePlenary and Management Council, and all Working Groups and Standing Committeesshall conduct meetings as follows: <<4.1.>> a. Meetings shall be presided over by the respective chair. <<4.1.>> b. Attendance shall be recorded for all meetings. <<4.1.>> c. At the start of every meeting, participants shall reviewthe intellectual property disclosure policy and activities that violate anti-trust law.
  13. 13. <<4.1.>> d. The Plenary and Management Council each shall hold face-to-face meetings at least two times per year. Provisions shall be made to allow formembers to attend via remote electronic mechanisms. <<4.1.>> e. There shall be no defined maximum limit on the number ofmeetings that can be convened. The scheduling of meetings shall be left to thediscretion of the Steering Group body that calls the meeting. <<4.1.>> f. Minutes shall be recorded for all meetings. <<4.1.>> g. Draft meeting minutes shall be distributed or otherwisemade available to the members in attendance for comment and shall be revisedaccordingly. Approved minutes shall be made publicly available as soon aspracticable after meetings. 4.2. Meeting Administration. The sections that follow describeadministrative requirements for Steering Group meetings. 4.2.1. Prior Notice of Meetings. Announcements of full Plenary andManagement Council meetings must be made no fewer than 30 days in advance byemail notice to members, delegates, and officers and posted on the SteeringGroup website. Meetings of Standing Committees and Working Groups should beannounced as far in advance as practicable. 4.2.2. Meeting Agenda. An agenda shall be included in the meetingnotice and shall include the date and time for the meeting, the meetingssubject matter, relevant recommendations of the Working Groups and StandingCommittees, web links to any related working papers, anticipated votes, membercontributions, and other relevant and useful materials. Plenary contributionsshall be posted on the Steering Group website at least 15 business days inadvance. 4.2.3. Attendance. Attendance at Plenary meetings is an obligation ofParticipating Members. The Secretariat shall record the presence of each memberat each Plenary meeting. It shall be the responsibility of members to make theirattendance at meetings known to the Secretariat.5. Decision Making.The decision making procedures for the Steering Group are described in thesections that follow. 5.1. Quorum. A Quorum of the Plenary is defined as greater than fiftypercent of Participating Members and shall be sufficient for the transaction ofbusiness. 5.2. Consensus. The Steering Group shall seek to reach its decisionsthrough a consensus process that emphasizes due diligence and cooperation. Whenno consensus can be reached in a timely manner, the decision shall be reached byvoting as defined in section 5.3, Voting. 5.2.1. Consensus Process The following procedures shall be used in theconsensus process: <<5.2.1.>> a. A quorum is required to reach consensus. <<5.2.1.>> b. The chair of the respective body shall act as thefacilitator of the consensus process. <<5.2.1.>> c. Items that require decisions shall be clearlypresented with all available research and information by the individual, WorkingGroup, or standing committee responsible for the proposal. <<5.2.1.>> d. The proposal shall be discussed and debated by thosein attendance and any amendments or modifications to the proposal shall bepresented. <<5.2.1.>> e. A call for objections shall be made to all members. <<5.2.1.>> f. The absence of sustained objection shall beconsidered consensus. <<5.2.1.>> g. Sustained objections which cannot be resolved throughcontinued discussion will result in the motion being moved to a vote or tabledfor modification. (See section 5.3.1 Matters for Voting.) <<5.2.1.>> h. All members of the Steering Group shall be allowed toparticipate in the consensus decision-making process.
  14. 14. 5.3. Voting. The requirements and processes for voting within theSteering Group bodies are described in the sections that follow. 5.3.1. Matters for Voting. Any matters that are not able to beresolved through the consensus process may be voted upon by the ParticipatingMembers of the Plenary. 5.3.2. Qualifications for Voting Privilege and Restoration. AnyParticipating Member who is absent for two consecutive Plenary meetings shallforfeit the privilege of voting on Plenary matters. Participating Members wholose voting privileges shall maintain all the rights and responsibilities ofObserving Members. ¶ A Participating Member whose voting privileges aresuspended shall have voting privileges restored upon attendance at twoconsecutive meetings. Restoration of voting privileges begins afterdetermination of quorum at the second consecutive meeting attended. ¶ AllParticipating Members attending the first two meetings shall be eligible to voteat those meetings. Thereafter, the provisions of these By-laws shall takeeffect. 5.3.3. Voting Process. The voting process is described in the sectionsthat follow. Voting Procedures. Voting percentages shall becalculated in terms of the number of –yes– and –no– votes cast. ¶ A record ofvoting on all measures requiring a vote shall be maintained by the Secretariat.Participating Members may choose to qualify their votes with comments for therecord. Requirements for Approval. An affirmative vote ofseventy-five percent shall be required to pass technical measures. Technicalmeasures are those that deal with standards, procedures, policies, for theidentity ecosystem framework. ¶ An affirmative vote of a simple majorityshall be required to pass administrative measures. Administrative are those thatdeal with the internal operations of the identity ecosystem steering group.6. Intellectual Property Policy.The Steering Group policy related to Intellectual Property is based on thefollowing principles. <<6.0.1.>> The Steering Group shall function in an open workingenvironment. The Steering Group and its members shall not accept any documentaryor oral disclosure of proprietary information from any member as a part of theconduct of business. In addition, no information of a secret or proprietarynature shall be made available as official documents, and no such documents (ordocuments marked as such) will be made official documents or forwarded to themembership. <<6.0.2.>> All proprietary information which may nonetheless be publiclydisclosed by any participant during any meeting shall be deemed to have beendisclosed on a non-confidential basis, without any restrictions on use byanyone, except that no valid copyright or invention right shall be deemed tohave been waived by such disclosure. <<6.0.3.>> There may be Steering Group proceedings (e.g., accreditationsprocess) that will require separate or specific intellectual propertyrequirements or non-disclosure statements. 6.1. Steering Group Patent Policy - Inclusion of Patents in Steering GroupProducts. Some Steering Group products may include the use of an essentialpatent claim if technical reasons justify this approach. If the Steering Groupreceives a notice that a proposed or an approved Steering Group product mayrequire the use of such a patent claim, the procedures in the following sectionswill be followed. 6.1.1. Statement from patent holder. The Steering Group will requestfrom the patent holder or a party authorized to make assurances on its behalf,in written or electronic form an assurance that a license to such essentialpatent claim(s) will be made available to applicants desiring to utilize thelicense for the purpose of implementing the Steering Group product either: <<6.1.1.>> a. On a non-discriminatory basis and under reasonableterms and conditions; or <<6.1.1.>> b. Without compensation and under reasonable terms and
  15. 15. conditions that are demonstrably free of any unfair discrimination. If the patent holder or party authorized to make assurances on itsbehalf does not agree to these terms, then this decision will be documentedclearly. As it may pose risks to the implementation of the Identity Ecosystem,this decision will be seriously considered by the Steering Group in any relatedactivity or vote. 6.1.2. Record of statement. A record of the patent holders statementwill be retained in the Steering Group files and posted on-line. 6.1.3. Notice. When the Steering Group receives from a patent holderthe assurance set forth in 6.1.1 above, the expected result will include a notesubstantially as follows:NOTE – The users attention is called to the possibility that compliance withthis expected result may require use of an invention covered by patent rights.By publication of Steering Group expected results, no position is taken withrespect to the validity of any such claim(s) or of any patent rights inconnection therewith. If a patent holder has filed a statement of willingness togrant a license under section 6.1.1, details may be obtained from the patentholder. 6.1.4. Responsibility for identifying patents. The Steering Group isnot responsible for identifying patents for which a license may be required foruse of a Steering Group expected result or for conducting inquiries into thelegal validity or scope of those patents that are brought to their attention. 6.2. Copyrights. Copyright in materials produced prior to Membership inthe Steering Group remains the property of the copyright owner. However,copyrighted materials offered for incorporation into Steering Group outputs mustbe made available on a royalty-free basis. ¶ Standards developers whosestandards are referenced in Steering Group outputs retain copyright ownershipand control of the standards themselves.7. Conflict of Interest.Members shall anticipate any situation in which a conflict of interest may ariseand shall bring these concerns before the Steering Group and the Secretariat forresolution. Steering Group members must be sensitive to conflict of interestissues; however, being a member of the Steering Group should not disadvantage anindividual or their organizations. ¶ Members may present arguments andevidence of a conflict of interest to the Management Council and theSecretariat. ¶ In the event a Participating Member Representative has aconflict of interest on a particular vote or discussion and the MemberOrganization does not, the Member Organization may designate a different MemberRepresentative for the purposes of participating in the particular vote ordiscussion.8. Non-Liability.Members, delegates, and officers shall not be liable for the debts, liabilities,or other obligations of the Steering Group.9. Charter and By-laws Ratification & Amendments.Ratification of the initial Charter and By-laws shall be accomplished by simplemajority vote of Participating Member Representatives. ¶ Any subsequentamendments to the Charter or By-laws shall be accomplished by a super majorityvote (75%) of the Participating Member Representatives following a review andapproval of the proposed amendment by the Management Council. <IMMEDIATE AMENDMENT COMMENT: In Section 9, add the phrase ", and any amendments offered for 180 days afterwards," after the words "initial Charter and By-laws"; and add the word "those", after "simple majority vote of"; and add the words "voting at a quoratemeeting" at the end of the first sentence. See related amendment in Section 2.2.6.>
  16. 16. 10. Severability.If any part of these By-laws shall be determined to be invalid, illegal orunenforceable, the validity, legality and enforceability of the remainingprovisions shall not be affected.11. Initial Interim Period.Due to the need to quickly initiate a new organization, the provisions of thissection define an initial interim period for the Steering Group. The provisionsof this section shall be in effect for an initial interim period of 90 days fromthe date of ratification of these By-laws. All By-laws shall be in effect uponratification except as specified in this section. After the initial 90-dayperiod, the provisions of this section will no longer be in effect. 11.1. Participating and Interim Members. An organization or individualshall be permitted to join the Steering Group by executing the MembershipAgreement as a Participating Member or by expressing the intent to join as anInterim Member. Interim Members shall have the same rights and responsibilitiesas Participating Members. Interim Members shall execute the Membership Agreementno later than the end of the initial interim period in order to remain members. 11.1.1. Member Representatives. Each Interim Member shall designate aMember Representative in accordance with section 1.2.3 of these By-laws. 11.1.2. Stakeholder Group Affiliation. Each Interim Member shallself-select into the Stakeholder Group that they consider best represents itsroles or interests in the Identity Ecosystem. 11.2. Elections. The Secretariat shall assume all responsibilities of theNominations Committee for the initial Steering Group elections. The Secretariatshall prepare and distribute candidate slates and ballots for initial SteeringGroup elections as far in advance as practicable. 11.3. Officer and Delegate Terms of Service. The initial terms of servicefor the Management Council Chair, Plenary Chair, and Management CouncilDelegates elected during the initial interim period shall be 6-months.END OF DRAFT BYLAWS====Links:Definitive NIST Draft Charter (PDF): http://www.nist.gov/nstic/reports/SG_Draft_Charter.pdfMirrored Charter, with internal cites (HTML): http://j.mp/NSTICchtr > http://www.nstic.us/wp-content/uploads/2012/07/Charter-Final.htmDefinite NIST Draft Bylaws (PDF) (July revision): http://www.nist.gov/nstic/reports/Discussion_Draft_By-laws_V2.pdfMirrored Bylaws, with internal cites (HTML): http://j.mp/NSTICjulybylaws > http://www.nstic.us/wp-content/uploads/2012/07/Draft_By-laws_Revised.htm<**> Key:The source text of this document is the www.NSTIC.us mirror of the NIST draftBylaws text above. No changes have been made to the unmarked substantivecontent. However:(1) Format has been converted to ASCII and cleaned up for search and editinguses. Some cross-referenced section numbers have been abbreviated or corrected.(2) <<Double angle brackets>> indicate augmented section numbers, whereparagraphs had no identifying number.(3) {Curly brackets} indicate original NIST footnotes.(4) <Angle brackets> include this editors unofficial cross-references andnotes.
  17. 17. (5) "Quote marks" have been added to term definitions, where originally missing."NSTICdraftBylawsAugust2012comments.pdf" is a marked-up PDF version of thisdocument, with line numbers and lots of additional notes and issues, also postedat www.slideshare.net/jamieXML > Documentsjamie.clark@oasis-open.org