[OpenID board] April 4, 2019 Executive Committee Call Minutes
Michael.Jones at microsoft.com
Mon Apr 29 23:21:10 UTC 2019
April 4, 2019 Executive Committee Call Minutes
Don Thibeau, Executive Director
Takehisa Shibata, KDDI
Tom Smedinghoff, Locke Lord LLP
1. Membership Update
Akamai (which acquired Janrain) has joined the board and will be represented by John Summers. Ping Identity's new board representative is Wesley Dunnington.
2. Open Banking Implementation Entity
OBIE decided not to follow through on their handshake agreement to pre-pay for 15 certifications. We are disappointed that the proposed agreement fell through. Don has asked them to confirm that they will deprecate their test suite in September. He also asked them to confirm that the CMA 9 banks will certify at least once a year. They plan to send their members to our certification suite going forward.
3. Certification Update
Financial-grade API (FAPI) Read/Write OP certification launched on April 1st. We already have FAPI certifications from ForgeRock and Authlete. There is keen interest by other vendors. We don't know when we'll receive the first certifications from banks.
There are no FAPI RP certification instructions yet, but they are expected later this month. FAPI RP certification will launch in pilot mode.
Joseph Heenan is working on FAPI CIBA certification code.
There are also several developments for OpenID Connect certification. The Form Post Response Mode profiles have reached production status. The Third Party Initiated Login profiles are in pilot mode. And the new Logout tests are live at new-op.certification.openid.net and are being tested by early testers. As expected, having these tests is raising some questions about the intended semantics of some features of the logout specs. This is valuable feedback before these specifications become final.
4. FAPI Standardization Update
The FAPI working group is now having three calls every two weeks to accelerate progress, including working on CIBA and diligently tracking issues. The MODRNA CIBA Implementer's Draft is generic. There are profiles for mobile operators and Financial-grade APIs being defined. The FAPI CIBA profile tightens a number of things - possibly enabling formal verification.
5. Libraries Program Update
Don reports that Adam Dawes isn't sure when his proposed directed funding for libraries will come through.
George talked about possible library options. We could allow people to update their libraries to the OpenID GitHub. We currently have people contribute their code to working groups, which provides a clean IPR container. Even beyond that, the Foundation could designate some libraries as being high-quality and well-resourced, when appropriate.
We don't have policies in place for how many maintainers contributed libraries need to have or policies for how to add and remove maintainers. For instance, a former AppAuth maintainer can no longer maintain one of the projects and it's not clear how to choose successors.
Mike repeated that our current procedures are for people to contribute code to working groups and it's up to the working group whether to work on it. Mike stated that he's against us hosting random code. George agreed.
Nat reminded us that there's a standing deliverable for Don to create a report on how other organizations manage libraries. He plans to deliver that report before our board meeting in Mountain View.
Mike stated that it's a working group decision right now who to add and remove as maintainers and whether to start or stop working on a library. For instance, George could propose a new AppAuth maintainer that he has in mind to the Connect working group.
6. Liaison Update
The Financial Data Exchange (FDX) and the OpenID Foundation have announced that they are collaborating. See https://openid.net/2019/04/02/financial-data-exchange-openid-foundation-take-step-towards-global-standard-for-financial-data-sharing/. FDX is supportive of the FAPI standard and test suite. Expect a similar announcement with the Financial Data and Technology Association (FDATA) in the next few weeks.
Project Verify is a joint venture by 4 major telcos in the US. We are working on a liaison relationship with them. Michael Engan is a lead architect of Project Verify. He and Bjorn Hjelm are advocates for them using OpenID Foundation standards. Don is in communication with entities in Canada, Australia, and New Zealand as well.
7. Recruitment Effort
Don is preparing a recruitment campaign targeted at those who have certified. It will communicate actionable certification and foundation information for their benefit, including letting them know about FAPI certification and that Connect certification prices will go up in June.
8. Upcoming Events
There's an OpenID Workshop the day before IIW and a board meeting during IIW. There's an OpenID Workshop and board meeting at EIC. The entire certification team will be at EIC, so this is a unique opportunity for board members and other active members to meet with our certification engineers. There's an OpenID Workshop and board meeting at Identiverse.
9. Decentralized Identity News
Nat reports that Microsoft released Open Source using the OpenID Connect Self-Issued protocol for DID authorization.
10. French, Polish, and Czech Open Banking and FAPI
John met with STET (the French open banking entity) last week and described FAPI and CIBA to them and compared them to their existing approaches. He'll be continuing the conversation. The FAPI working group is analyzing the Polish and Czech open banking APIs, which are also different than FAPI.
-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: April 4, 2019 Executive Committee Call Minutes.docx
Size: 33244 bytes
Desc: April 4, 2019 Executive Committee Call Minutes.docx
More information about the board