[OpenID board] May 19, 2010 OpenID Board Meeting Minutes

Tue Jun 1 01:33:31 UTC 2010

I do not understand why we need to remove XRI.
XRI being complex etc. is an illusion or badly written code.
If XRI is complex, acct: URI is complex, too.
They virtually are the same thing from the processing point of view.
Keeping the identifier compatibility is really important for the RPs and Users.

In addition, I also do not think that OAuth 1.0 style signature adds
significant value.
Instead, it introduces unnecessary complexity. Canonicalization is
always a headache.
You know that this is the stumbling block for many OAuth developers.
I prefer Magic Signatures like approach much better. It does not involve
canonicalization. It dramatically simplifies the implementation.
That is why I used it for the Artifact Binding draft.

Adding RSA-SHA256 with an appropriate padding would be good (but that
is already
defined in Magic Signarues.) though.

Also, I think it would be good at this time to consider splitting the
data format and the
protocol binding. The current OpenID Authn 2.0 is a GET/POST binding of the
OpenID Assertion request and response. Modularity is a big plus when
we consider
various use cases. That also allows us to move forward the relevant
modules incrementally.

OIDF is supposed to be nimble. If we are heavy lifting than
IETF/OASIS/W3C etc.,
then we should let them do it. We must make sure that we are nimble and agile.

=nat

On Mon, May 31, 2010 at 5:19 AM, Chris Messina <chris.messina at gmail.com> wrote:
> After reviewing these meeting notes, I'd like to call out my specific
> hesitancy about the effort to hire Dick Hardt to work on v.Next.
>
> What's missing from the assessment presented in the meeting minutes [1] goes
> beyond what is and isn't "fair". The questions for me are: are we doing the
> right thing, and is it in the best interest of the OpenID Community?
>
> While many of our conversations have focused on the legal requirements and
> stipulations around hiring Dick as a contractor, I think it's important that
> we take a step back and look at this from a non-legal perspective as well.
> Even presuming that all of the aspects related to Dick's conflict of
> interest are legally satisfied, nothing about the consideration for this
> situation so far seems to address whether or not this is the right thing to
> do for the OpenID Foundation, the OpenID brand, and community as a whole.
>
> One of the tensions within the Statement of Work is how far the Foundation
> should go in terms of paying someone to make v.Next happen. On one hand, the
> Foundation directly hiring someone to write and edit OpenID specifications
> will forever change the dynamics of the technology and community. On the
> other, it's difficult to justify such a large contract if the majority of
> work is "coordination".
>
> It may be the case in other foundations that members of the community or
> board members are hired to perform certain work, or to act as editors of
> specifications, but be that as it may, it doesn't serve to convince me that
> it's the right thing for us to do. I'm hard pressed to find a web-oriented
> standards development organization where staff members are paid to write the
> specifications.
>
> I continue to harbor grave reservations about this whole enterprise. The
> conflict of interest seems apparent to me, and seems certain to be perceived
> as one by the community — whether we meet the letter of the law or not. I do
> not believe that there is sufficient desire from the wider community that
> v.Next warrants such an aggressive use of the Foundation's resources. When I
> think about the potential results of this work, it is unclear to me it will
> actually take us any further down the path of advancing OpenID, most of all
> because the community spirit and scrappiness of the initiative will have
> been corrupted, leading many to feel betrayed.
>
> Perhaps this is the natural evolution of community-driven endeavors that
> take on big organization sponsorship, but it's not obvious to me that it
> needs to be the fate of the OpenID initiative.
>
> I would propose this as an alternative for consideration:
>
> Abandon the v.Next branding for this work. I'd offer something like "OpenID
> Labs" or "OpenID Core", because using an indeterminate ordinate for this
> work spooks potential implementors who will wait for v.Next before getting
> started with their own implementations — especially when the core concepts
> of OpenID 2.0 are suited for many applications today.
> Start up an OpenID v2.1 WG to explore modest and incremental improvements to
> OpenID 2.0. Among the improvements (that may best pursued as individual
> point releases): removing XRI, reusing OAuth signatures, simplifying
> discovery, adding support for email-style identifiers using WebFinger, etc.
> Re-double the efforts around the existing extensions, and promote the use of
> the WG process (following examples like Artifact Binding and Contract
> Exchange). Promote using the existing extension model to explore discreet
> new features and functionality for OpenID, rather than trying to cram a
> bunch of new extensions into one larger (and thus more controversial and
> harder to sell) WG.
>
> I would like to reiterate that my resistence to this path first of all has
> nothing to do with Dick's technical abilities, or my confidence in his
> ability to perform good work. I also am representing my own personal
> feelings on this matter as a community-elected board member, and not as an
> employee of Google. Joseph and Eric may or may not agree with my
> assessments, as both community and corporate representatives.
>
> I am also not opposed to seeing OpenID evolve and improve, but have less
> confidence in the broader v.Next proposal than I do in a more conservative,
> incremental path to make changes based on implementations in the wild, that
> involve a broad cross-section of our constituents and builds buy-in as we
> go, rather than after the fact.
>
> I welcome specific feedback and rebuttals.
>
> Chris
>
> [1]
> http://wiki.openid.net/May-19%2C-2010-OpenID-Board-Meeting-Minutes#5MakingProgressinvNext
>
> On Fri, May 28, 2010 at 10:17 AM, Mike Jones <Michael.Jones at microsoft.com>
> wrote:
>>
>> May 19, 2010 OpenID Board Meeting Minutes
>>
>>
>>
>> Present in Person:
>>
>> Don Thibeau, Executive Director
>>
>> Mike Jones
>>
>> John Bradley
>>
>> Brian Kissel
>>
>> Andrew Nash
>>
>> David Recordon
>>
>> Joseph Smarr
>>
>> Nat Sakimura
>>
>> Pamela Dingle
>>
>> Dick Hardt
>>
>> Eric Sachs
>>
>> Raj Mata
>>
>> Allen Tom
>>
>> Mike Ozburn
>>
>> David Turner (representing Tony Nadalin)
>>
>> Chris Messina
>>
>>
>>
>> Present on the Phone:
>>
>> Rob Harles
>>
>> Daniel Jacobson
>>
>> Luke Shepard
>>
>>
>>
>> Absent:
>>
>> Joseph Smarr (proxy to Dick Hardt)
>>
>> Nico Popp (proxy to Brian Kissel)
>>
>> Tony Nadalin (represented by David Turner)
>>
>> Marc Frons
>>
>> Dermot O’Mahony
>>
>> Nataraj (Raj) Nagaratnam
>>
>>
>>
>> Visitors:
>>
>> Scott David, K&L Gates
>>
>> Deepak Kamlani, Global Inventures CEO
>>
>> John Ehrig, Global Inventures
>>
>> Kick Willemse
>>
>>
>>
>> 1.       Legal Counsel
>>
>> Scott David, our new legal counsel introduced himself.  Among other
>> things, he is chair of the ID-Legal group at Identity Commons and has been a
>> regular participant at IIWs.
>>
>>
>>
>> 2.       Board Survey and Resulting Proposed Resolutions
>>
>> We discussed issues of governance, value to members, numbers of board
>> members, and prices of membership classes.  With respect to the proposed
>> resolutions, Dick asked that we consider what problems we’re trying to solve
>> with respect to governance.
>>
>>
>>
>> The board discussed the three proposed resolutions below:
>>
>> 2.  The “community” board representation will always be 1/3 of N (where N=
>> # of sustaining board members).  One challenge to this resolution is to
>> properly define “community” members which will be discussed.
>>
>> 3.  Employees (or contractors) of sustaining members are not eligible to
>> serve as community board representatives.
>>
>> 4.  The Executive Committee will have at least one elected community board
>> representative and at least one sustaining board representative.
>>
>>
>>
>> We decided that these were not necessarily the best solutions to the
>> possible problems, and did not vote on these possible resolutions.  An
>> alternative remedy discussed was enacting a bylaws amendment that would
>> state that if more than one employee or contractor of a company were on the
>> board, that for some classes of votes, the representatives of the company
>> would have at most one vote.  John Bradley said that that limitation might
>> be appropriate for votes about finances, bylaws, and IPR procedures, for
>> instance.
>>
>>
>>
>> Our legal counsel, Scott David, recommended that we investigate the
>> potential conflict of interest in the issue of having multiple people from
>> the same company on the board.  The board decided to have Don and Scott
>> investigate this issue and report back to us with actionable resolutions,
>> possibly based on the discussed alternative remedy.
>>
>>
>>
>> [Chris Messina joined the meeting at this point]
>>
>>
>>
>> Another of the previously proposed resolutions was adopted.  Specifically,
>> John Bradley moved that “All directors must be members of or employed by
>> members the OIDF.”  Pam seconded.  The resolution was unanimously adopted.
>>
>>
>>
>> 3.       Discussion of Designated Funds Proposals
>>
>> The board discussed the merits of and possible mechanisms for allowing
>> sustaining members to designate that a portion of their membership dues be
>> directed towards specific projects.  This could increase the perceived value
>> of sustaining members’ memberships by letting them take credit for funding
>> specific OpenID projects that are of particular value to them.  It would let
>> them “vote with their money”.
>>
>>
>>
>> Several on the board expressed that it would be important to cover the
>> basic costs of running the organization before allowing funds to be
>> designated.  For instance, for staff costs, legal costs, membership
>> services, and web site costs would likely be in this class.
>>
>>
>>
>> Another important consideration discussed was what the approval process
>> would be for projects to which funds could be designated.  Both “approved by
>> default” and “explicit board approval required” models were discussed.  Dick
>> proposed that projects should be approved by default after notifying the
>> board, but giving the board the opportunity to vote to reject a proposed
>> project should it determine that the project was contrary to the
>> foundation’s mission or damaging to the foundation.
>>
>>
>>
>> Scott suggested that we consider distinguishing between program decisions
>> and funding decisions.  He wants it to be clear what actions have been
>> approved by the board.  Deepak suggested that we ensure that projects fit
>> within the organization’s strategy.  Dick suggested that we defer specific
>> wording to Scott.
>>
>>
>>
>> Dick moved that we have Don and Scott work to create a resolution or
>> resolutions to accomplish the intent of this draft resolution:
>>
>> Each sustaining member can direct up to 50% (subject to the requirement
>> that fixed operating costs of the foundation are covered) of their annual
>> membership dues towards projects they select.  Each sustaining member can
>> decide when and where the directed funds are spent.  Any discretionary funds
>> that have not been directed by the end of the year are transferred to the
>> general fund.  Eligible projects are any project presented to the board for
>> funding and require advance full board simple majority approval.
>>
>>  Andrew seconded the motion.  It passed unanimously.
>>
>>
>>
>> Dick proposed that we vote electronically on the motion to be produced
>> before the end of June.  Don agreed to this.
>>
>>
>>
>> 4.       Vertical Focus Areas
>>
>> Raj Mata proposed that we discuss creating some formal vertical focus
>> groups within OpenID.  Examples he mentioned were Consumer, Enterprise,
>> Government, Mobile, and Retail.  Raj agreed to come back with a proposal on
>> this topic to the board at a later time.
>>
>>
>>
>> 5.       Making Progress in v.Next
>>
>> Andrew Nash led a discussion on the need to expeditiously accomplish
>> creating and adopting OpenID v.Next specifications, per the board’s
>> conclusions from the previous meeting and recent summits that one of the
>> most important issues facing OpenID is to improve the product we have to
>> offer.  Andrew stated that it is important to conclude quickly with success.
>>
>>
>>
>> A discussion ensued about whether there should be one v.Next technology
>> spanning a range of use cases or different technologies for specific use
>> cases.  Points were made both about simplicity of implementation and
>> enabling users to have a simple, consistent view of their online identities,
>> and the possible application of profiles of a common technology suite.
>>
>>
>>
>> Andrew Nash moved that we allocate some money towards having Dick Hardt
>> write a v.Next draft specification.  John Bradley seconded the motion.
>>
>>
>>
>> During discussion, a director asked whether Dick would have to resign from
>> the board to be employed as a contractor to the OIDF.  Scott David, our
>> legal counsel, responded that according to our conflict of interest policy,
>> provided the potential conflict is identified in advance and the board
>> decides it is fair to the organization or approved by the board as provided
>> under the bylaws, that the transaction is permitted by the bylaws. He said
>> that therefore, per the bylaws, Dick need not necessarily resign to work as
>> a contractor under these circumstances, but that the specific terms should
>> undergo review by the executive director and counsel once they are decided.
>>
>>
>>
>> During the discussion, the board decided that we would use up to $30,000
>> of the $40,000 previously allocated to the technical committee (none of
>> which has been spent), for this purpose.
>>
>>
>>
>> Andrew accepted a modification of the resolution to have the executive
>> director and counsel produce term sheet by the end of May for up to $30,000
>> with input from the technical committee for Dick to begin v.Next
>> specification work as a contractor to the OIDF and that the executive
>> director and counsel then produce an actual contract reflecting those
>> terms.  John again seconded.
>>
>>
>>
>> The motion carried with all but two members voting in favor.  Chris
>> Messina opposed.  Dick Hardt abstained.
>>
>>
>>
>> 6.       Adjournment
>>
>> Nat moved to adjourn the meeting; Brian seconded.
>>
>>
>>
>> _______________________________________________
>> board mailing list
>> board at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-board
>>
>
>
>
> --
> Chris Messina
> Open Web Advocate, Google
>
> Personal: http://factoryjoe.com
> Follow me on Buzz: http://buzz.google.com/chrismessina
> ...or Twitter: http://twitter.com/chrismessina
>
> This email is:   [ ] shareable    [X] ask first   [ ] private
>
> _______________________________________________
> board mailing list
> board at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-board
>
>

-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en