[OpenID board] OIDF Privacy Policy

John Ehrig jehrig at inventures.com
Thu Jan 28 00:51:00 UTC 2010

Actually, we already do have an approved and actively in use OIDF
privacy policy (see the attached).  A couple of issues:

1) It is buried in the membership portal and only viewable when you
first sign up as a new member (which is why it took me so long to track
it down) 

2) It seems to be written specifically as a member privacy policy (which
may not really be an issue if we are ok with it as is for that purpose)


I can immediately fix issue #1 by posting it in an easy to find/view


Longer term, we can use this existing policy as a stating point if we
want to improve or broaden it within the legal or privacy committee.   



From: openid-board-bounces at lists.openid.net
[mailto:openid-board-bounces at lists.openid.net] On Behalf Of John Bradley
Sent: Wednesday, January 27, 2010 10:00 AM
To: openid-board at lists.openid.net
Subject: Re: [OpenID board] OIDF Privacy Policy


I think that it would be fine to post redacted versions.


I suspect that a page with the companies and individuals who have signed
up for WG is probably more useful than the scanned agreements


I made a IPR declaration three years ago when the OIDF was formed and
the PAPE WG started.  I don't recall anyone telling me it was going to
be scanned and posted.


I like most people haven't thought about it in a while because there
haven't been new WG.


If we are going to publish information that people give us we need to
make that clear at the time of collection.


We may be violating privacy laws outside the US.   I would prefer to
make sure it is not an issue for the membership.


John B.



On 2010-01-27, at 2:47 PM, Mike Jones wrote:

It would be fine to post digital images with the signatures and address
information redacted - possibly by overlaying them with "Information on
file with OIDF" or something of that sort.  (Sort of how elevators often
contain messages about the elevator license being on file at
such-and-such place.)


                                                            -- Mike


From: openid-board-bounces at lists.openid.net
[mailto:openid-board-bounces at lists.openid.net] On Behalf Of David
Sent: Wednesday, January 27, 2010 9:40 AM
To: openid-board at lists.openid.net
Subject: Re: [OpenID board] OIDF Privacy Policy


Hey John,

I'm happy to have us reconsider the policy.


The idea is to make it incredibly transparent around who has signed what
(when it comes to IP).  So far you're the first person in three years to
say anything about it.


Considering that there can be different versions of documents and some
documents with options, scanning them as PDFs seemed like the easiest
and most accurate method.  99% of the time it's also companies signing
the agreements and using corporate addresses versus personal.


If Global Inventures is able to manage these agreements and keep up to
date online records, I'm less worried about each agreement being
available online.


That said, they should be made available upon request.



On Wed, Jan 27, 2010 at 7:07 AM, John Bradley <jbradley at mac.com> wrote:

In the process of setting up the AX 1.1 WG a number of things have come
to light.

One is some confusion around who needs to submit what sort of agreement,
Personal or Company.
Perhaps our new Secretary can have a look at that.

The more important one is that the OIDF has a practice of positing
scanned documents publicly including peoples signature.

A number of us don't think publicly posting our address info with a scan
of our signature is such a good idea.

I think everyone agrees that who has signed contribution agreements and
what WG they apply to should be public.

However there are ways to do that are less subject to identity theft and
other issues.

I would like to recommend that one of our committees (perhaps the legal
one) or a sub committee.

Review and publish the OIDF privacy policy and specifically if practices
like posting members PII publicly are appropriate.

The board can then consider those recommendations.

In the interim I would like GlobalInventures to redact my signature from
any and all of the IPR agreements they publish.

I don't think we can be credible respecting peoples right to privacy on
the internet if we don't do a credible job with our own members.

There may be other privacy issues I am not currently aware of as well.

I think being proactive about privacy can only increase participation
from the community in general.

John B.
board mailing list
board at lists.openid.net


board mailing list
board at lists.openid.net


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20100127/2bafb4b3/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Privacy Policy.doc
Type: application/msword
Size: 38912 bytes
Desc: Privacy Policy.doc
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20100127/2bafb4b3/attachment-0001.doc>

More information about the board mailing list