[Openid-specs-ab] Reform OpenID Connect

Mike Schwartz mike at gluu.org
Thu Jul 26 16:15:19 UTC 2018

Mike J,

I've never been involved in any substantive discussion on the federation 
spec. None happened on the mailing list. So the process for the design 
seems pretty simple. Roland and you decided what it was going to be, 
wrote it up, declared it as "OpenID Federation" and now you are asking 
us to vote on it. You might say it's only an IP vote, but its de facto a 
recommendation to implement.

In any case, this is just an example. The process is too squishy. Now 
that OpenID Connect has grown in importance--thanks in large part to 
your good work, but also that of others--we need more protection. Take a 
look at OASIS. There is much more detail on process. If OIDF is going to 
be an important standards organizations, you need to catch up.

I'm not alone in this. I got a bunch of notes offline expressing similar 
frustration. Not just from Phil. The timing seemed right to bring up the 

- Mike S

Michael Schwartz
Founder / CEO
mike at gluu.org

On 2018-07-26 11:00, Mike Jones wrote:
> Mike Schwartz - you have in no way been excluded.  Consensus calls are
> being made and the published processes are being followed.  The
> editors have already acknowledged your and other's review comments and
> agreed to address your comments in the next revision, which will be
> published following the Implementer's Draft vote (which will provide
> IPR protections to existing implementers).
> I know that Nat has been working on some thoughts on explaining the
> consensus process and its relationship to international
> standardization efforts and plans to send that.  It's the middle of
> the night for him so I wouldn't expect an instantaneous response from
> him.
> It's fine to have disagreements about spec designs.  If you want
> specific design changes, you owe it to the working group to say
> specifically what alternate design you are advocating.  (Your
> actionable comments thus far have been largely editorial, and wouldn't
> change the design.)  But disagreement about engineering decisions
> doesn't make the process broken.
> Your reactions seem pretty over the top and disconnected to the actual
> facts of the situation.
> 				Sincerely,
> 				-- Mike
> -----Original Message-----
> From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> On
> Behalf Of Mike Schwartz via Openid-specs-ab
> Sent: Thursday, July 26, 2018 8:35 AM
> To: Openid-specs Ab <openid-specs-ab at lists.openid.net>
> Subject: [Openid-specs-ab] Reform OpenID Connect
> OpenID Connect Community,
> I've tried to resolve the situation over the federation spec:
>    * I personally and privately emailed two of the spec editors (no
> responses from either)
>    * I posted to this mailing list
>    * I personally reached out to the chairman of OIDF
>    * I expressed my concern to the OIDF board
> My net assessment is that Gluu was excluded from the spec development
> process, that we get no say in any part of the content. It seems all
> we can do is vote to approve the IP.  Today this is Gluu. Tomorrow it
> could be you.
> What I'm asking you to do:
>    1. OBJECT to the OpenID Federation spec to send a message that this
> is not ok. For $25, you can join as an individual:
> http://openid.net/foundation/members/
>    2. Sign this petition to Reform OpenID Connect, which I'll leave
> open for some time and then present to the board.
> https://www.change.org/p/openid-connect-community-stakeholders-reform-governance-for-openid-connect
> The content of the petition is as follows:
> OpenID Connect has achieved significant adoption.  The community
> should get a say in how it works--changes and new developments should
> be subject to a fair, open, and consensus-based process.
> * Currently, there are no calls for consensus on any topic
> * The process for defining new specifications can arbitrarily exclude
> input from participants depending on the whim of the spec editor
> * There is no requirement to reconcile or address objections
> * Voting rights on specifications are not based on individual 
> participation
> * There are no published best practices or code of conduct for spec 
> editors
> * There is no appeal process within a work group
> * There is a lack of transparency in the spec development process
> * The leadership of the foundation--the Chariman,  Executive Director
> and the Board--has not provided adequate oversight of the WG process
> * All of these problems add up to risk for the community that one
> person or organization may gain undue influence over OpenID Connect.
> This is not an acceptable risk for the community, who has invested so
> much in the standard's success.
> * By signing this petition, you are asking the Board of Directors of
> the OpenID Foundation to implement changes that align the work group
> process with best practices for other consensus based standards
> organizations.
> If this is not possible, OpenID Connect should move to an organization
> that already has the governance in place to protect the standard from
> future arbitrary control, like OASIS or Kantara.
> Thanks for your consideration.
> - Mike Schwartz
> ------------------------
> Michael Schwartz
> Gluu
> Founder / CEO
> mike at gluu.org
> https://www.linkedin.com/in/nynymike/
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

More information about the Openid-specs-ab mailing list