4.12. Using Multiple Policies in Combination

In some situations, it is necessary to define multiple registration policies. For example, registrations through the normal IETF process might use one policy, while registrations from outside the process would have a different policy applied.

Thus, a particular registry might want to use a policy such as "RFC Required" or "IETF Review" sometimes, with a designated expert checking a "Specification Required" policy at other times.

The alternative to using a combination requires either that all requests come through RFCs or that requests in RFCs go through review by the designated expert, even though they already have IETF review and consensus.

This can be documented in the IANA Considerations section when the registry is created, for example:

IANA is asked to create the registry "Fruit Access Flags" under the "Fruit Parameters" group. New registrations will be permitted through either the IETF Review policy or the Specification Required policy [BCP26]. The latter should be used only for registrations requested by SDOs outside the IETF. Registrations requested in IETF documents will be subject to IETF review.

Such combinations will commonly use one of {Standards Action, IETF Review, RFC Required} in combination with one of {Specification Required, Expert Review}. Guidance should be provided about when each policy is appropriate, as in the example above.