[OpenID board] April 27, 2016 OpenID Board Meeting Minutes

Pamela Dingle pdingle at pingidentity.com
Mon May 9 12:18:57 UTC 2016


Hey Mike -- I'm not sure it really matters, but I was on the phone for this
meeting.  I didn't say anything because I was in the airport (and then
onboard my aircraft), but was present for whole meeting, only missing the
very beginning and a little bit of the meeting that went over the time at
the end there.

Thanks!

On Mon, May 9, 2016 at 3:01 AM, Mike Jones <Michael.Jones at microsoft.com>
wrote:

> *April 27, 2016 OpenID Board Meeting Minutes*
>
>
>
> *Present:*
>
> Don Thibeau, Executive Director
>
> John Bradley
>
> Mike Jones
>
> Nat Sakimura
>
> George Fletcher
>
> Prateek Mishra
>
> Brian Berliner
>
> Dale Olds
>
> Adam Dawes
>
>
>
> *Present on the Phone:*
>
> Bjorn Hjelm
>
>
>
> *Absent:*
>
> Debbie Bucci
>
> Pamela Dingle
>
> Lydia Varmazis
>
> Tony Nadalin
>
>
>
> *Visitors:*
>
> Tom Smedinghoff, Locke Lord LLP (on the phone)
>
> Mike Leszcz, OIDF (on the phone)
>
> Phil Hunt, Oracle
>
>
>
> *1.       **New Board Member*
>
> We welcomed Oracle to the board.  Prateek Mishra and Phil Hunt are in
> attendance from Oracle.
>
>
>
> Prateek said that Oracle is working to integrate an identity fabric with
> business services – both for external applications and within the company.
> Phil Hunt said that SCIM is very important to Oracle and sees potential
> synergies between SCIM and OpenID Connect.  Phil talked about developing
> best deployment practices.  George and Brian and John affirmed Oracle’s
> goals.  Phil expressed a desire for us to evaluate the possibility of doing
> SCIM interop and possibly conformance work, which the IETF doesn’t do.
>
>
>
> *2.       **Legal and Policy Review*
>
> Tom has been going through our mostly 7-year-old legal documents,
> addressing issues found.  One item was to create a software contribution
> agreement based upon the Google contribution agreement.  Some members and
> potential members had also identified issues.  We are explicitly not
> touching the IPR Policy and IPR Process documents.
>
>
>
> Tom has sent revised copies to the EC for review and is awaiting
> comments.  Then they will be circulated to the full board.  The new
> versions separate policies from procedures.
>
>
>
> Mike described that the IPR policy and process documents are, by design,
> difficult to update.  Nat pointed out that we did update them once, in
> 2009, to streamline the specifications council working group approval
> procedures.
>
>
>
> *3.       **Status of Trademarks*
>
> There is a deadline of May 6th for a response to a trademark registration
> refusal in Canada, which is related to SXIP’s registration of OpenID in
> Canada.  Mike Jones and Don Thibeau are in communication with Dick Hardt
> about assigning SXIP’s registration to the OpenID Foundation, which Dick
> has agreed to do.
>
>
>
> *4.       **OpenID Certification*
>
> Mike reported on the status of the certification program.  The number of
> registrations continues to grow.  Registrations are now being paid for by
> registrants.  OpenID Connect working group members and Don are working with
> Roland Hedberg on advancing the RP certification program during IIW.
>
>
>
> *5.       **Website Update*
>
> Mike reported that we are making substantial progress both towards
> deploying the revised membership Ruby code and towards transitioning from
> Darin Richardson, as our web site developer to Nov Matake, who has agreed
> to become our new web site developer.  Mike and Don have continued to work
> with both Darin and with OSUOSL and are happy to report that the new code
> is now running on a staging server and another server that will be put in
> production to replace the 7-year old Ruby deployment, after the new code
> has been evaluated and accepted.
>
>
>
> *6.       **Working Group Updates*
>
> There were substantive working group updates at the OpenID workshop on
> Monday, so we didn’t repeat most of that content here.
>
>
>
> Adam reported that Google is working on opening up their Android password
> manager and Account Chooser experience to other platforms.  This would
> require a standard password manager API.  That work is happening in the W3C
> Web Credentials working group.  The Account Chooser working group may
> choose to utilize and build upon this functionality.
>
>
>
> *7.       **Financial Update*
>
> The foundation is in sound financial shape.  The legal efforts have been
> the primary cost driver but there are sufficient existing funds to cover
> that work without needing directed funding.
>
>
>
> *8.       **Recognizing Substantive Contributions to the Foundation and
> its Mission*
>
> In recognition of their substantive contributions towards the creation of
> the OpenID Foundation and their long-term technical contributions to OpenID
> Foundation specifications, the foundation elected to honor David Recordon,
> Dick Hardt, and Drummond Reed by offering them lifetime invited expert
> status and accompanying free lifetime individual OpenID Foundation
> memberships.  John made the motion and Adam seconded it.  The motion passed
> unanimously.
>
>
>
> *9.       **Communication about Security Best Practices*
>
> William Denniss led a productive discussion at IIW based on input from
> George Fletcher at the Monday OpenID workshop on OAuth mix-up attacks and
> related issues.  We gathered notes about vulnerabilities for purposes of
> possibly publishing them as an informative note on the OpenID blog.
>
>
>
> Don pointed out that our mission includes adoption.  He said that
> publishing advice to developers is a way of adding value to members,
> including internationally.  We might call it a “Deployment Advisory” in the
> title.  Mike said that it would be OK for the blog category to be “Security
> Advisory” but people thought that was too strong to use in the title.  Our
> communication needs to include information on cross-site request forgery
> and the mix-up attacks.
>
>
>
> We will ask William Denniss to be lead author on the text.  Mike, John,
> George, Phil, and Don will review the text.
>
>
>
> George moved that we publish information conveying the security and
> deployment guidance.  Brian seconded the motion.  John pointed out that we
> can coordinate with NIST, who has mechanisms for publishing security
> advisories, and that that might have a favorable side-effect of helping to
> deepen NISTs engagement with the OpenID Foundation.
>
>
>
> _______________________________________________
> board mailing list
> board at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-board
>
>


-- 
[image: Ping Identity logo] <https://www.pingidentity.com/>
Pam Dingle
Principal Technical Architect
Ping Identity
@ pdingle at pingidentity.com
[image: phone] +1 303.999.5890
[image: twitter] @pamelarosiedee
Connect with us!

[image: pingidentity.com] <https://www.pingidentity.com/>
[image: twitter logo]
<http://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm>
[image:
twitter logo] <https://twitter.com/pingidentity> [image: youtube logo]
<https://www.youtube.com/user/PingIdentityTV> [image: LinkedIn logo]
<https://www.linkedin.com/company/21870> [image: Facebook logo]
<https://www.facebook.com/pingidentitypage> [image: Google+ logo]
<https://plus.google.com/u/0/114266977739397708540> [image: slideshare logo]
<http://www.slideshare.net/PingIdentity> [image: rss feed icon]
<https://www.pingidentity.com/blogs/>
------------------------------
[image: CIS 2016] <https://www.cloudidentitysummit.com/en/index.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20160509/5f6ea255/attachment-0003.html>


More information about the board mailing list