[OpenID board] April 2, 2020 Executive Committee Call Minutes

Mike Jones Michael.Jones at microsoft.com
Thu Apr 16 23:00:01 UTC 2020

April 2, 2020 Executive Committee Call Minutes

Don Thibeau, Executive Director
Mike Jones
Nat Sakimura
George Fletcher
John Bradley
Bjorn Hjelm

Mike Leszcz, OpenID Foundation
Tom Smedinghoff, Locke Lord LLP

1.       Certification Program Security Review
The OIDF hired a security consultant to review an incident in which a party working on certification had a security problem in their deployment.  A report was produced with some specific recommendations.  Our legal counsel Tom Smedinghoff is also involved.

Tom reviewed the draft report and made some recommendations.  The report is protected by attorney-client privilege.  Tom learned that those running the test suite have access to results.  He also learned that many test results are public.  Tom had recommended that the test team execute an NDA.  He also wanted participants to be aware of when results are made public and in what way.

Mike Jones added points 15 and 16 of the FAQ at https://openid.net/certification/faq/ making our data use policies clear.

2.       Commercial Context for Certification Program
We do not have a reliable model of future demand for certifications.  We also hired a consultant to create a report on the certification marketplace and business mode.  It analyzed our revenues and expenses in the certification marketplace at that time - mainly focusing on FAPI certifications.

One thing we can do is to make OBIE aware of this problem.  They are relying on this program but OBIE's members have often not been utilizing FAPI certification.  Both OBIE and the CMA9 have an investment in the success of the certification program.  Nat will draft a letter and run it by the executive committee in advance.  John said that we likely want to find others to lobby the regulators as well.

We are thinking about ways to reduce certification expenses, particularly once we've made the transition to the Java suite.

John wondered if we can successfully contact the PISPs and solicit their participation.  Tom asked whether there was any contractual commitment.  Don said that there is not.

We intend to return to these topics on a subsequent call.

3.       Revisiting Review of OIDF Membership Fees
We had previously reviewed proposed moderate fee increases and the EC was in favor of them.  We will discuss this on a subsequent call.

4.       Public Health and Economic Crisis
Don, Mike Leszcz, and John Bradley are working on specific plans in response to the possible economic impacts from the public health situation.

5.       Mercurial Migration
Edmund Jay, Nat, and Mike Jones are working on migrating our Bitbucket repositories that use Mercurial.  We plan to migrate them in the order "eap", "openid.bitbucket.org", "mobile", and "connect".

6.       Next Meetings
We will meet on the next two Thursdays at the same time.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20200416/4047449a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: April 2, 2020 Executive Committee Call Minutes.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 31887 bytes
Desc: April 2, 2020 Executive Committee Call Minutes.docx
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20200416/4047449a/attachment-0001.docx>

More information about the board mailing list