From Michael.Jones at microsoft.com Mon Aug 10 19:25:09 2020 From: Michael.Jones at microsoft.com (Mike Jones) Date: Mon, 10 Aug 2020 19:25:09 +0000 Subject: [OpenID board] July 30, 2020 Executive Committee Call Minutes Message-ID: July 30, 2020 Executive Committee Call Minutes Present: Don Thibeau - Executive Director Mike Jones Nat Sakimura Bjorn Hjelm George Fletcher John Bradley Absent: (none) Visitors: Mike Leszcz - OpenID Foundation Tom Smedinghoff - Locke Lord LLP Filip Verley - Google Sam Goto - Google Justin Toupin - Google 1. Google's WebID Proposal Google gave us an update on their WebID proposal. It is motivated by the changing privacy landscape on the Web. The Web evolution under way to prevent cross-site tracking changes some things that OpenID Connect relies upon. The WebID work is in the early stages. Google wants to involve the OpenID Foundation as much as possible. They sent us a letter inviting us to collaborate. WebID recently moved to the W3C Web Incubator Community Group - at https://github.com/WICG/WebID. The spec is at https://github.com/WICG/WebID/blob/master/design.md. George Fletcher has joined the community group. Nat asked Sam if he wants to eventually take a community group specification to a working group. They started in WICG to try to find a place where browser vendors and IdPs are present. Future plans are TBD. W3C WebAppSec WG is a future possibility. WICG is designed for early incubations. Okta, Janrain/Akamai, and Auth0 are involved. Nat asked what the next steps are. All are encouraged to read the spec and provide feedback in the issue tracker. George suggested working on use cases and deployment models. Don suggested a blog post on openid.net. Nat suggested a subgroup within the OpenID Connect working group be formed to participate in this work. George will send a link to the Connect working group tomorrow. 2. Government Update Don Thibeau reported that the FDIC has requested information on industry approaches to financial services security and certification. The FTC also just sent a similar request, as did the Consumer Financial Protection Bureau (CFPB). We may want to collaborate with industry partners like FDX to report on the effectiveness of self-certification in the financial services industry. The feedback deadline for the FDIC is September 20, 2020. See these documents from the FDIC and CFPB. 3. Certification Migration Update We finally received our first OpenID Connect certifications with the new tool yesterday; Filip Skokan certified to all of the 11 OP profiles. He attempted to certify to the RP profiles today but discovered that tests for two of the RP profiles were never created - RP Config and RP Dynamic. Serkan ?zkan thinks that he can create these in the next two weeks within his remaining migration budget - which he believes will exhaust it. Microsoft tested AAD V2 and sent feedback on the new tool last week. Edmund Jay tested his PHP OP; Nat is preparing a submission. Tests by Filip and Microsoft identified improvements that need to be made to the instructions. People continue actively using the existing Python-based testing suite. Roland Hedberg reports that there were 21 active testing configurations in the last 14 days. A new certification request using this tool came in from OGIS-RI yesterday. We currently have a warning in the Python suite that it will be decommissioned soon. Mike Jones suggested that we send affirmative warning that we plan to turn it off at the end of August. Mike Jones suggested updating the warnings. Don proposed a blog post. Nat suggested that we reach out to those who have certified. Mike Jones suggested that he and Mike Leszcz work on blog post and the e-mail notification text. Nat proposed that we resolve to notify people that we plan to decommission the old certification suite at the end of August. The resolution passed unanimously. 4. Liaison Update Nat led a workshop with the International Institute of Finance (IIF) - the financial arm of the IMF. This is a group of international bankers and regulators. We are working to fold our FAPI and eKYC-IDA work into these international efforts. See this post from the IIF, which includes a photo of our own Don Thibeau! We're working with the Digital Identity Coalitions of the World Economic Forum. The OIDF has been invited as a liaison partner into the coalition. We had a join presentation at the virtual Identiverse with FDX, OBIE, and Australian open banking representatives. Australia went live with a soft launch of FAPI in July. The FDX will announce their support for FAPI in September. Nat reports that Canada and Brazil are working towards FAPI. Russia is translating the FAPI specs into Russian. 5. Events We continue planning and executing high-touch virtual workshops with partners, especially in the financial space. The fall virtual Internet Identity Workshop (IIW) has been announced, and will be held October 20-22, 2020. We could hold a virtual OIDF workshop in association with it. 6. Membership Update HSBC joined as a member - the first of the CMA9 to join. IBM obtained FAPI certifications. 7. Next Meeting There will be an EC call on Thursday, September 3rd at 3pm Pacific Time. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: July 30, 2020 Executive Committee Call Minutes.docx Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document Size: 34838 bytes Desc: July 30, 2020 Executive Committee Call Minutes.docx URL: