In November 2020, the ICANN Board approved a recommendation from ATRT3 to create a Prioritization Framework to integrate community, board, and org priorities into annual strategic & budget planning. The prioritization framework was intended to "achiev[e] an agreed upon definition of what it would mean for the prioritization process to “operate by consensus of the individual SO/ACs, Board, and org members that are participating in the prioritization process.”[1] ICANN's planning department is responsible for facilitating prioritization at an organizational level to ensure that prioritized projects are included the annual Operating and Financial plans.

History edit

ICANN's Multistakeholder Model provides for the development of consensus-driven, bottom-up policy and recommendations from the community of stakeholders in the ICANN ecosystem. Over time, the generation of policy proposals, consensus advice, and recommendations has outstripped the ICANN board and orginization's ability to implement such proposals. This has resulted in bottlenecks at the board and org levels around policy implementation: the attention of the board is strained by the number of inputs from constituent bodies; and within the organization, resource limitations make it challenging to respond to all of the mandates generated by board approval of recommendations.[2]

The Third Accountability and Transparency Review made several recommendations regarding the transparency of ICANN's decision-making process, as well as the creation of engagement processes for community-wide concerns. These included a proposed holistic review of ICANN's constituent organizations and re-factoring of existing Organizational Reviews into continuous improvement processes.[3] In addition, the review team proposed the creation of a "consensus model" for prioritizing the work of ICANN org and the recommendations derived from policy development processes, cross-community working groups, organizational and specific reviews, and other sources.[3]

Project Timeline edit

<timeline>

  1. All measures are in pixels

ImageSize = width:900 height:auto barincrement:40 PlotArea = left:20 right:20 bottom:20 top:20 AlignBars = justify

DateFormat = mm/dd/yyyy Period = from:04/01/2021 till:01/31/2023 TimeAxis = orientation:horizontal Colors =

  id:grid value:rgb(0.9,0.9,0.9)

Define $dx = 60

BarData=

   Barset:Phases

PlotData=

  align:left textcolor:black fontsize:M mark:(line,black) width:15
  barset:Phases color:yellowgreen
     at:04/27/2021 shift:(8,-5) text:2021 - Project Launch Webinar
     from:06/01/2021 till:10/31/2021 shift:(125,-5) text:"June-October 2021 ~Consultation Phase with Community & Board"
     at:06/02/2021 shift:(8,-5) text:2021 - ICANN 71 Planning & Finance Update
     at:10/13/2021 shift:(8,-5) text:72 Planning & Prioritization Update
     from:11/01/2021 till:02/28/2022 shift:(90,-5) text:"November 2021-February 2022 ~Drafting & Publication of Briefing Paper"
     at:02/24/2022 shift:(8,-5) text:73 Planning & Prioritization Update
     from:03/01/2022 till:04/30/2022 shift:($dx,-5) text:"March-April 2022 ~Prioritization Process Pilot"
     from:05/01/2022 till:06/30/2022 shift:($dx,-5) text:"May-June 2022 ~Adjustments to Framework"
     at:01/01/2023 shift:(8,-5) text:"FY 2024~Launch"
     

</timeline>

Pilot edit

The prioritization project ran a pilot within the planning process for fiscal year 2023. The pilot will be used to assess the process design and identify improvements. The current plan, subject to process design and consultation, is for the prioritization process to be inserted into the early phases of the strategic and budget planning arc.[2] The Briefing Paper and the Pilot will both present opportunities for public comment on the process. During ICANN 73's Prep Week, the Planning & Prioritization update reported that the briefing paper would be delivered by the end of February 2022. This was later than the initially proposed timeline. The timing of the pilot program timing remained the same.[4] The pilot included five sessions in March 2022, during which participants reviewed a list of Board-approved recommendations from Specific Reviews pending ICANN Org implementation. Each recommendation was evaluated in terms of its levels of urgency and importance. Participants needed to either (#) agree with the prioritization level provided by the org and provide an explanation, or (#) adjust the level of prioritization and explain their reasoning. In early April, the org held a wrap-up session with all of the participants to discuss and identify lessons learned from the pilot for the next version of the framework.[5]

Planning Prioritization Group edit

Planning Prioritization Group (PPG) members were appointed by participating community groups to discuss and agree on a pilot version of prioritizing a list of activities, as described in the Draft Planning Prioritization Framework on 22 February 2022. The group has nine members and nine alternates. One of each from the ASO, ALAC, ccNSO, GAC, RSSAC, and SSAC, and three from the GNSO (one from the CSG, CPH, and NCSG).[6] Members include:[7]

Recommendations Considered during the Pilot edit

In total, 45 recommendations were considered during the pilot.[8]

Specific Reviews Recommendation ICANN Org Priority Level
P1 = highest priority
P4 = lowest priority
Rationale ICANN COMMUNITY PPG Priority Level P1 = highest priority
P4 = lowest priority
Rationale
ATRT3 Rec 3.1-3.4 - Periodic and Organizational Reviews P1 Based on the current ICANN Bylaws requirement, the next RDS Review (RDS3) is in Sep 2023, but all further RDS review should be suspended for now. P1 Agreed
- 13 Apr 2022
ATRT3 Rec 3.1-3.4 - Periodic and Organizational Reviews P1 Redesigns the process of reviews. P1 Agreed
- 13 Apr 2022
ATRT3 Rec 3.1-3.4 - Periodic and Organizational Reviews P1 Requires ICANN Board action and differs from what is currently stated in the ByLaws. P1 Agreed
- 13 Apr 2022
CCT Recommendation 1 P1 Essential to have a framework in place for data collection P1 Agreed
- 19 Apr 2022
CCT Recommendation 8 P1 Recommendations 8, 11, 13 items 1, 2, 4 to be handled in a single implementation. Recommendation 11 is a prerequisite P1 Agreed
- 19 Apr 2022
CCT Recommendation 11 P1 ditto P1 Agreed
- 19 Apr 2022
CCT Recommendation 13 - items 1, 2, 4 P1 ditto P1 Agreed
- 19 Apr 2022
SSR2 Rec 10.1 P1 need a common community understanding of what is DNS Abuse and related terms P1 Agreed
- 19 Apr 2022
SSR2 Rec 21.1 P1 Efforts to implement the new Root Zone Management System are already underway. This recommendation will build on existing efforts to enhance security in the
Root Zone System.
P1 Agreed
- 19 Apr 2022
ATRT3 Rec 4 - Strategic and Operational Plans P2 Need time to develop template and structure for this new reporting rerquirement P2 Agree with ICANN org pre assessment.
- 19 Apr 2022
ATRT3 Rec 4 - Strategic and Operational Plans P2 ditto P2 Agree with ICANN org pre assessment.
- 19 Apr 2022
ATRT3 Rec 4 - Strategic and Operational Plans P2 ditto P2 Agree with ICANN org pre assessment.
- 19 Apr 2022
ATRT3 Rec 4 - Strategic and Operational Plans P2 ditto P2 Agree with ICANN org pre assessment.
- 19 Apr 2022
ATRT3 Rec 4 - Strategic and Operational Plans P2 ditto P2 Agree with ICANN org pre assessment.
- 19 Apr 2022
CCT Recommendation 7 P2 determined by CCT-RT to be a high priority P4 - 19 April 2022
ATRT3 Rec 3.5 - Holistic Review P1 needs to be run as a pilot first, to be designed with the community. TBD obtained consensus on "Importance"; not yet obtained consensus on "Urgency"
- 13 Apr 2022
ATRT3 Rec 3.6 - Continuous Improvement Program P1 New review/program to be designed with each individual SO/AC/NC TBD obtained consensus on "Importance"; not yet obtained consensus on "Urgency"
- 19 Apr 2022
RDS-WHOIS2 R11.2 P1 This recommendation about RDAP is rated by the RDS-WHOIS2 as high. TBD skip for now due to lack of information
- 19 April 2022
CCT Recommendation 13 - item 4 (in part), 5 P2 fold into a voluntary pilot survey of contracted parties. TBD
CCT Recommendation 20 ditto TBD
CCT Recommendation 23 Items A, C (in part) & D P2 ditto TBD
CCT Recommendation 24 B P2 ditto TBD
CCT Recommendation 23 Item B ditto TBD
CCT Recommendation 21 item 2 P2 rated by the CCT-RT as high. TBD
CCT Recommendation 22 P2 ditto TBD
CCT Recommendation 26 P2 ditto TBD
RDS-WHOIS2 SG.1 P2 included in the next round of contractual negotiations with the contracted parties TBD
RDS-WHOIS2 CC.1 P2 ditto TBD
SSR2 Rec 23.2 P2 determined by SSR2 as a medium priority TBD
CCT Recommendation 6 P3 determined by CCT-RT as a low priority TBD
CCT Recommendation 13 - item 3 P3 determined by CCT-RT as a low priority TBD
SSR2 Rec 16.1 P3 May include dependencies on EPDP related work TBD
SSR2 Rec 23.1 P3 Dependent on completion on SSR2 Review Rec 23.2. TBD
ATRT3 Rec 1 - Public Input P4 implemented in 2021 TBD
ATRT3 Rec 1 - Public Input P4 ditto TBD
ATRT3 Rec 2 - Implementation of ATRT2 Recommendations P4 determined by ATRT3 as a low priority TBD
RDS-WHOIS2 R1.3 P4 Work is underway to determine which measures are needed to ensure that appropriate information on Caucus group activities is provided to the community. TBD
RDS-WHOIS2 R3.1 P4 Updates to web documentation were made - action needed on the need to include users/focus groups. TBD
RDS-WHOIS2 R15.1 P4 ditto TBD
RDS-WHOIS2 LE.1 P4 ICANN org conducted a study on the topic of differentiation of legal vs. natural persons' registration data; two surveys on the Standardized System for Access and Disclosure (SSAD) Operational Design Phase (ODP). ICANN org is working on streamlined mechanisms to request, receive, and gather feedback from the community and stakeholders TBD
RDS-WHOIS2 LE.2 P4 ditto TBD
SSR2 Rec 1.1 P4 already implemented or need to be retired due to Internet landscape changes TBD
SSR2 Rec 22.1 P4 determined by SSR2 as a low priority TBD
SSR2 Rec 22.2 P4 determined by SSR2 as a low priority TBD
SSR2 Rec 24.2 P4 implemented as part of Information Transparency Initiative TBD
Priority Level 1 edit

As of April 2022, the ICANN Community PPG has listed the following recommendations as priority level 1:[9]

  • Recs 3.1-3.4 from the ATRT3:
    • Suspend RDS reviews
    • One clearly scoped CCT Review that starts two years after the next round of new gTLDs and lasts one year. A framework of data collection must precede the next round of gTLDs prior to review member selection
    • ATRT Reviews should continue but shall start no later than two years after the approval by the Board of the first recommendation of the Holistic Review; recommend whether the Board should terminate or amend other periodic reviews or create periodic reviews; all documentation required for the review shall be available at the first meeting of the review team when terms of reference shall be established.
  • Recs 1, 8, 11, and 13.1,2,4 from the CCT:
    • Formalize and promote ongoing data collection.
    • Conduct periodic surveys of registrants that gather both objective and subjective information to create more concrete, actionable information.
    • Conduct periodic end-user consumer surveys with more behavioral measures of consumer trust toward generating more concrete, actionable information.
    • Collect data on the impact of restrictions on who can buy domains within certain new gTLDs (registration restrictions) to help regularly determine and report:
      1. Whether consumers and registrants are aware that certain new gTLDs have registration restrictions;
      2. Compare consumer trust levels between new gTLDs with varying degrees of registration restrictions;
      3. Assess the costs and benefits of registration restrictions to the public (to include impacts on competition and consumer choice)
  • Recs 10.1 and 21.1 from the SSR2:
    • ICANN org should post a web page that:
      1. includes their working definitions of DNS Abuse for projects, documents, and contracts. The definition should explicitly note what types of security threats ICANN org currently considers within (and outside) its remit to address through contractual and compliance mechanisms
      2. Explains the difference between DNS Abuse and security threats and malicious conduct
      3. list all current abuse-related obligations in contracts with contracted parties, including any procedures and protocols for responding to abuse
      4. updates annually, date the latest version, and link to older versions with associated dates of publication
    • ICANN Org and PTI operations should accelerate the implementation of new Root Zone Management System (RZMS) security measures regarding the authentication and authorization of requested changes and offer TLD operators the opportunity to take advantage of those security measures, particularly MFA and encrypted email.

References edit