[OpenID board] Colloboration with IDTBD (was: Brett's proposals?)

[Nat Sakimura]

I just noticed that this thread was not happening in the mailing list
but only on a list of mail addresses. Posting to the list now (with
some edit since there are things that was determined already on IDTBD
side.)

=nat

---------- Forwarded message ----------
From: Nat Sakimura <n-sakimura at nri.co.jp>
Date: Mon, Apr 6, 2009 at 12:20 PM
Subject: Re: Brett's proposals?
To: "Don Thibeau (OIDF ED)" <don at oidf.org>, Brian Kissel
<bkissel at janrain.com>, Scott Kveton <scott at kveton.com>
Cc: Nat Sakimura <sakimura at gmail.com>


Hi.

My comments inline:

--------------------------------------------------
From: "Don Thibeau (OIDF ED)" <don at oidf.org>
Sent: Sunday, April 05, 2009 10:46 PM
To: "'Brian Kissel'" <bkissel at janrain.com>; "'Scott Kveton'" <scott at kveton.com>
Cc: "Sakimura Nat" <n-sakimura at nri.co.jp>; "'Nat Sakimura'" <sakimura at gmail.com>
Subject: RE: Brett's proposals?

> Scott
> Let add this to our Monday discussion
>
> Don
>
> From: Brian Kissel [mailto:bkissel at janrain.com]
> Sent: Wednesday, April 01, 2009 9:13 PM
> To: Scott Kveton
> Cc: Don Thibeau (OIDF ED); Nat Sakimura (n-sakimura at nri.co.jp); Nat Sakimura (sakimura at gmail.com)
> Subject: RE: Brett's proposals?
>
>
> This is from the presentation material that Brett sent to the board.  Nat, do you have any other material or thoughts?
>
>
> OpenID-relevant Programs
> • Marketing
> – OpenID branding program (could brand > than spec?)

This is not there anymore. It was merely a tossing up an idea on part
of Brett, and it was subsequently dropped.
>
> – Relying Party “Users Group” summits (Privacy, UX, Assurance, Requirements, Best Practices)

This is probably a topic that we could find a synergy.
For example, for UX, both OpenID and SAML uses redirects and finding a
UX and educating the
users on appropriate action on them is something both community can
benefit from.

Privacy, Assurance, Requirements are something that Liberty has been good at.
Since they have good amount of technology consumers such as government,
they are good at dealing with these topics. OpenID community probably
would be able to
gain from working on these topics with them.

> – Published Case Studies, Testimonials & Awards
> – Analyst “tours” & ongoing AR management
> – Public Relations: formal and grass-roots

These comes under the "Education and outreach", I think.
For Analyst "tours", doing it together with them (SAML people)
will limit their ability to downplay OpenID. This is good for us.
Also, eventually, we will get a better understanding from Analyst.

For general pubic education, I think it is important to portray
it as "Proprietary Silo v.s. Standard Based SSO", for example.
We can definitely coordinate on this line to expand the SSO
opportunities. Given that the vast majority of the market
is in "Proprietary Silo" camp, it is absurd to be fighting
inside the small territory we have now.

> – IDTBD “conferences” internationally

We should definitely piggy back on this.
That's what OpenID Japan has been doing in Japan,
without any cost on us!
For many of the audiences, these opportunity happened to be
the first real exposure to OpenID, and many of them got interested,
and later joined OpenID Japan.
For example, OIDF-J has the top bank, the top insurance,
the top retailer, all three mobile carriers, etc. I found them
in Liberty "conferences".
Yes. I being there has also contributed to attract more audiences,
but if OpenID is better, why should we worry that these people will
convert to the other camp?

> – Speakers Bureau & Conference placement program

If we can agree that the battle to be fought is against "Proprietary Silos",
then we should be able to coordinate the message and do this.

> • Certification (combination of formal & informal)

This is something that Liberty excelled in the past.
We should be able to leverage on their experience.
Product certification is kind of important from the buyer's
perspective, you know.

> – Interoperability (OpenID, Oauth, InfoCard, SAML, XDI, WS*, ID-WSF, Portable Contacts, etc.)

This is Concordia and OSIS. We should continue doing it.

> – Identity Assurance (OP’s at level 2)

RPs need Identity Assurance. Although there are other Identity
Assurance projects (e.g.,
ISO and ITU), it is fair to say that Liberty's framework is one of the
baseline that we
have right now, especially on the auditing etc.

> • Funded one-off projects (research, bounties, events, SMEs, etc.)

They have more fund than we do. We could benefit from them if we can
persuade them. Also, this is a cost saving opportunity for us.

>
> Relationship b/w OIDF & IDTBD
> • OIDF & IDTBD coordinate investments
> – reciprocal membership (Board level?)

If it is a reciprocal membership at the same fee, it has no
financial impact, so it may be good to have as well, though,
I must note that OIDF Board is much more powerful than
IDTBD board.

> – joint marketing committee (events & campaigns)

Joint marketing committee is good to have.
We could save substantially on the market research cost etc.

> • OIDF uses IDTBD governance & infrastructure
> – Common Work Groups

OIDF is a Standard Setting Organization while IDTBD is not.
What IDTBD could provide is the precursor to the OIDF WG,
that we are lacking right now. We may be able to leverage
on their infrastructure to save our cost.

For the infrastructure, it is a cost saving opportunity as well
as a good advertisement opportunity and they agreed to
support OpenID in their site.
Once that is done, all the IDTBD members are going to be
exposed to OpenID, and some member might want to
support the Company's OP. Somebody like JanRain or
Vidoop may be able to help them out as well.

> – Common membership? (needs more discussion)

As a community board member, I would have to ask
"how much overlap do we have here?" If there is little,
common membership would not have too much financial impact.
If they do, it means something.

>From an individual company's point of view,
it is good to have common membership, though.

> – Coordinated branding (“XYZ, an OpenID IDTBD Initiative”)

I do not think it will work, at least for the short term.

> – Common marketing programs
> • Market Impact on OpenID: increased acceptance by Gov & Enterprise & Telco, greater utility = greater value to users

That's what OIDF-J has been doing, and we benefited greatly.
IMHO, we should explore this in the U.S. and other countries
especially Europe and Oceania as well.
IDTBD has much more international footprint than OIDF.
We should leverage on it.

Technically, we can also leverage on the network for the internationalization.

I understand that there are concerns among the board members that
the name OpenID being associated with IDTBD is detrimental and distracting.
Unfortunately, I have not fully understood why nor have seen the logical
reasons behind it. This may be due to some market conditions
or some "planned activities" in the U.S. that I am not familiar with.
It would be good to find them out (#1).

> • Operational Impact on OIDF: less overhead = less cost, free to direct resources on high value OpenID-specific activities

Now that we have Inventure in place, this may be a little less of an
issue than before.
However, there are bunch of other services that IDTBD could provide.
I think it is worthwhile studying them.

Some additional (but somewhat overlapping) points:

* Policy and Legal
IDTBD has more international footprint and international governmental
representation.
Thus, it is easier to deal with Policy and Legal issues there than at OIDF.
We could leverage on it.

* Accessibility
As government has to be accessibility conscious, and these tends to
differ from one language to another, IDTBD seems to be a better fit forum
than OIDF for this kind of thing as well. We could leverage on IDTBD for this
kind of things.

* Cross-communities coordination and collaboration
Reach to IDTBD members, such as Telco, Financials, Governments, etc.
As outlined above. A lot of them misunderstand OpenID as inherently
insecure protocol that is not usable by them. We can re-educate them
by going into their forum.

IMHO, it is a big "+" in terms of the cost benefit overall, unless (#1) is
really substantial.

Now, in reality, as an immediate next step, I would like to suggest
the following:

(a) SAML/OpenID Interop WG
 As far as I know, either the STORK project (EU governments) or IDABC
will start the interop later this year. It would be good to start a WG at
IDTBD on this to provide a technical feedback to them. Note: Concordia
is just requirement gathering, so this WG is a step ahead.
It might create a compatible profile or may result in requesting
both SSTC and OIDF to create a profile/extension.

(b) Embrace their launch
 Whether OIDF likes it or not, IDTBD gets launched. It is better then
to embrace it than ignore it, as a gesture of "Openness", by issuing
a comment or endorsement that states OIDF is pleased that IDTBD is formed to
strengthen the requirement gathering and interop etc. for the identity
technologies. I know many of you dislike the past behavior of the
Liberty Alliance of their closedness etc. I am one of them, actually.
But we must not replicate that closedness. Them being closed and
us being open and embracing gives much better market perception
than us retaliating to their past behavior.
If we can agree on (a), then it might be good to include it in the comment.

Cheers,

=nat

>
>
>
> Cheers,
>
>
>
> Brian
>
> ==============
>
> Brian Kissel
>
> Cell: 503.866.4424
>
> Fax: 503.296.5502
>
>
>
>
>
> -----Original Message-----
> From: scott.kveton at gmail.com [mailto:scott.kveton at gmail.com] On Behalf Of Scott Kveton
> Sent: Wednesday, April 01, 2009 5:25 PM
> To: Brian Kissel
> Subject: Brett's proposals?
>
>
>
> Hi Brian,
>
>
>
> I can't seem to find any of Brett's proposal to the board in my email.
>
> Can you forward something over if you can find it?
>
>
>
> Thanks,
>
>
>
> - Scott
>
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus signature database 3982 (20090402) __________
>
>
>
> The message was checked by ESET NOD32 Antivirus.
>
>
>
> http://www.eset.com
>
>
>



-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/