AUP draft#3

William Manning <bmanning@is.rice.edu> Mon, 21 March 1994 12:47 UTC

Date: Mon, 21 Mar 1994 06:31:35 -0600
Reply-To: "IETF WG on internet school networking (ISN)" <ISN-WG%UNMVMA.BITNET@arizvm1.ccit.arizona.edu>
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: William Manning <bmanning@is.rice.edu>
Subject: AUP draft#3
To: Multiple recipients of list ISN-WG <ISN-WG%UNMVMA.BITNET@arizvm1.ccit.arizona.edu>
Message-ID: <9403210747.aa09562@CNRI.Reston.VA.US>

This is the version I will use as the basis of discussion next week.
As always, comments and concerns are welcome.
        ----------------------------------------------

Internet School Networking Working Group                B. Manning
INTERNET DRAFT                                          SESQUINET
                                                        D. Perkins
                                                        Houston ISD



                        Acceptable Use Policy Definition

Status of this Memo

This document is an Internet Draft.  Internet Drafts are working
documents of the Internet Engineering Task Force (IETF), its Areas,
and its Working Groups.  Note that other groups may also distribute
working documents as Internet Drafts.

Internet Drafts are draft documents valid for a maximum of six months.
Internet Drafts may be updated, replaced, or obsoleted by other
documents at any time.  It is not appropriate to use Internet Drafts
as reference material or to cite them other than as a "working draft"
or "work in progress."

Please check the 1id-abstracts.txt listing contained in the
internet-drafts Shadow Directories on nic.ddn.mil, nnsc.nsf.net,
nic.nordu.net, ftp.nisc.sri.com, or munnari.oz.au to learn the current
status of any Internet Draft.

0. Abstract

This paper covers basic fundamentals that must be understood when
one defines, interprets, or implements acceptable use policies over
the Internet.

1. Background

Acceptable Use Policies (AUP) are an implicit part of internetworking.
Everyone has one, whether published or not.  This applies to networks
that provide transit paths for other networks as well as end sites and
the individual users that use systems.  A better understanding of an
AUP, and how to formulate one seems to be increasingly important as the
global net encompases new  environments as varied as K12 schools and
real-time systems.  AUP's are used to determine pricing, customer base,
type and quality of service metrics, and a host of other provider services.

2. AUP components

In defining your particular AUP there are three areas that must be addressed.
They are where you get service from, who your peers are, and whom you
provide service to.  A good understanding of these concepts will make or
break the AUP you formulate.

2.1  Where you get service from

Each entity gets its service from one or more other providers,  either
a level three service, such as IP transit, or a level two service, such
as circuits.  The provider of such services usually has an AUP in the
form of an agreement or contract specifying terms and conditions of use.
This forms the basis for the type of service offerings that you as an
entity can provide.  If you get service from several providers,  all of
them need to be considered in the formation of policy.

2.2 Who your peers are

Are your policies consistent with those offered by your peers?  In many
cases, the formation of policy will define who your peers are.  It is
important to clearly identify which areas you intend to reach and the
community you wish to be a contributing, productive part of.  Once this
is clear, formulate polices along those lines.

2.3 Who you provide service to

It is required that you inform those who use your services just what
your policies are.  Without this information, it will be almost impossible
for them to distinguish what to expect from your service offering.
Without a clear policy it is possible that litigation may ensue. It
is important to reflect community standards in the creation of policy.

3.  AUP issues

IP provided services can be complex  They comprise both information
and communication.  In the formulation of policy it is critical that
the policy provide for security _and_ access to information and
communication while ensuring that the resource use does not overburden
the system's capabilities. These conflicting demands must be analyzed
and a synthesis arrived at.  This hints a fourth component of an AUP,
that it has a method to extract compliance.  This is so site specific
that further analysis will not be attempted here.

Some items that should be considered in the formation of policy are:
        - privacy                       - morals & ethics
        - freedom of expression         - legal constraints
        - safety                        - harassment
        - plagiarism                    - resource utilization
        - indemnification               - targeted areas of interest
        - expected behaviours           - remedies and recourse

This should not be considered as an exhaustive list but as pointers for
those types of things to be considered when policy is formed.

4. Security

Security and Liability are not covered in this memo.

5. Summary

Acceptable Use is here to stay. As the Interconnected mesh of networks
grows, the choices presented to end-users mandate that provider
expectations are clearly presented. Use of these guidelines will help
create a clearer, better defined environment for everyone.


Don Perkins   - HISD
Bill Manning  - Rice University

For further reference, see the following materials:

ALA - Library Bill of Rights - 1948
Bill of Rights & Responsibilities of Electronic Community of Learners - Aug1993
EFF archives of acceptable use policies
CoVis Proactive Policy for the Internetworked School
--
Regards,
Bill Manning

AUP draft#3 William Manning