[OpenID board] July 9, 2015 OpenID Executive Committee Call Minutes

Mike Jones Michael.Jones at microsoft.com
Wed Aug 19 21:53:06 UTC 2015

July 9, 2015 OpenID Executive Committee Call Minutes

Don Thibeau, Executive Director
Mike Jones
John Bradley
Adam Dawes
George Fletcher
Nat Sakimura

John Ehrig, Global Inventures
Tom Smedinghoff, Edwards Wildman Palmer LLP
Mike Leszcz, Open Identity Exchange (OIX)

1.       Connect WG and RP Test Suite Update
Decisions on how to proceed on simplifying the logout spec were made.  The RP certification test suite testing is under way.

2.       Self-Certification Pricing
The need and agreement to nominally charge ($200) for certification to cover costs was re-confirmed.  The short term forecast for the number of certifications is expected to stay in the dozens.  Our IT vendor Delineate (aka Refresh Media) will be providing a quote to enable certification invoicing on the OIDF website and will rolled out in the September time frame.

3.       Next EC Call
The next EC will be rescheduled for September 3rd to accommodate vacation conflicts

4.       Formation of a Liaison Committee
The EC unanimously agreed to recommend to the board approving the formation of a liaison committee and to assign the responsibility and authority to the liaison committee for communications to the Foundation's liaisons as proposed:
RESOLUTION L. Formation of liaison committee and delegation of power to the committee

WHEREAS the OpenID Foundation board recognises the importance of the liaison communications being made in a timely fashion, now

(1) the liaison committee (LC) to be created with its member being the liaison officers and EC members;
(2) the LC to be given a delegation of power as to the creation and authorization of the liaison communications to the liaison organisation;
(3) the LC's decision shall be by the simple majority of the LC members either in a quorate meeting or the majority of the entire LC expressed by the written consent by the LC members;
(4) The LC shall report the liaison communication made in the next board meeting after the communication was made.

5.       Certificate for openid.net
The issue is that browsers are trying to depreciate end certificates with SHA1 signatures. Chrome shows our cert as invalid and MS will as well by January 2017 or before.  Currently certificates that expire in more than 12 months show up as insecure in Chrome. Our current cert from Verisign is signed with SHA1 and expires in August 2018. Our web site is not actually insecure but the browser warnings are going to ramp up.  The only reason to still have a SHA1 cert is to support XP pre SP3 and those people are now going to not work many places on the net as people update certs.  Given that our cert expires in 2018, we are going to need to replace it sooner than that; the question is when.  Symantec may be able to provide guidance on how we should update the certificate.   Inventures got the cert last year.

6.       Certification Guidelines

Adam offered that we should be clear about precedence if trade-offs need to be made . With the exception of point #1, adoption being most crucial, he was not sure we have consensus on the balance but will leave it to later discussion about how to balance these when they conflict.

The EC unanimously agreed to recommend to the board approving the certification guidelines as revised and presented.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20150819/49ff06df/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: July 9, 2015 OpenID Executive Committee Call Minutes.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 25376 bytes
Desc: July 9, 2015 OpenID Executive Committee Call Minutes.docx
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20150819/49ff06df/attachment-0001.docx>

More information about the board mailing list