[Openid-specs-ab] Reform OpenID Connect

Mike Jones Michael.Jones at microsoft.com
Thu Jul 26 17:43:06 UTC 2018

Mike S. - if you want to have a substantive discussion about the Federation draft, what I would suggest is that you attend working group meetings.  There are working group calls every week, with the schedule publicly available at http://openid.net/wg/connect/.  The times alternate so there is a European-friendly time and an Asian-friendly time.  I don't see any record of you ever having attended a working group call.  Likewise, come to the in-person working group meetings.  You weren't present at the working group meeting at Oracle on April 2nd where we discussed the status of the Federation draft.

Yes, of course people can participate via the mailing list.  But talking with the other active working group participants live is, in practice, a much more effective way to quickly get everyone on the same page.  Even if you can't join the in-person meetings, if you want to drive a particular outcome, at least participate in the working group calls.

A personal conclusion from these discussions is that I need to write the promised "How do working groups work?" FAQ sooner rather than later.  While the formal processes are published at https://openid.net/intellectual-property/ and they are being followed, I see it would be good to get down some of the informal stuff, like explaining the value of participating in working group calls and meetings.

				Best wishes,
				-- Mike

-----Original Message-----
From: Mike Schwartz <mike at gluu.org> 
Sent: Thursday, July 26, 2018 9:15 AM
To: Mike Jones <Michael.Jones at microsoft.com>
Cc: openid-specs-ab at lists.openid.net; Don Thibeau <don at oidf.org>
Subject: Re: [Openid-specs-ab] Reform OpenID Connect

Mike J,

I've never been involved in any substantive discussion on the federation spec. None happened on the mailing list. So the process for the design seems pretty simple. Roland and you decided what it was going to be, wrote it up, declared it as "OpenID Federation" and now you are asking us to vote on it. You might say it's only an IP vote, but its de facto a recommendation to implement.

In any case, this is just an example. The process is too squishy. Now that OpenID Connect has grown in importance--thanks in large part to your good work, but also that of others--we need more protection. Take a look at OASIS. There is much more detail on process. If OIDF is going to be an important standards organizations, you need to catch up.

I'm not alone in this. I got a bunch of notes offline expressing similar frustration. Not just from Phil. The timing seemed right to bring up the issue.

- Mike S

Michael Schwartz
Founder / CEO
mike at gluu.org

On 2018-07-26 11:00, Mike Jones wrote:
> Mike Schwartz - you have in no way been excluded.  Consensus calls are 
> being made and the published processes are being followed.  The 
> editors have already acknowledged your and other's review comments and 
> agreed to address your comments in the next revision, which will be 
> published following the Implementer's Draft vote (which will provide 
> IPR protections to existing implementers).
> I know that Nat has been working on some thoughts on explaining the 
> consensus process and its relationship to international 
> standardization efforts and plans to send that.  It's the middle of 
> the night for him so I wouldn't expect an instantaneous response from 
> him.
> It's fine to have disagreements about spec designs.  If you want 
> specific design changes, you owe it to the working group to say 
> specifically what alternate design you are advocating.  (Your 
> actionable comments thus far have been largely editorial, and wouldn't 
> change the design.)  But disagreement about engineering decisions 
> doesn't make the process broken.
> Your reactions seem pretty over the top and disconnected to the actual 
> facts of the situation.
> 				Sincerely,
> 				-- Mike
> -----Original Message-----
> From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> On 
> Behalf Of Mike Schwartz via Openid-specs-ab
> Sent: Thursday, July 26, 2018 8:35 AM
> To: Openid-specs Ab <openid-specs-ab at lists.openid.net>
> Subject: [Openid-specs-ab] Reform OpenID Connect
> OpenID Connect Community,
> I've tried to resolve the situation over the federation spec:
>    * I personally and privately emailed two of the spec editors (no 
> responses from either)
>    * I posted to this mailing list
>    * I personally reached out to the chairman of OIDF
>    * I expressed my concern to the OIDF board
> My net assessment is that Gluu was excluded from the spec development 
> process, that we get no say in any part of the content. It seems all 
> we can do is vote to approve the IP.  Today this is Gluu. Tomorrow it 
> could be you.
> What I'm asking you to do:
>    1. OBJECT to the OpenID Federation spec to send a message that this 
> is not ok. For $25, you can join as an individual:
> http://openid.net/foundation/members/
>    2. Sign this petition to Reform OpenID Connect, which I'll leave 
> open for some time and then present to the board.
> https://www.change.org/p/openid-connect-community-stakeholders-reform-
> governance-for-openid-connect
> The content of the petition is as follows:
> OpenID Connect has achieved significant adoption.  The community 
> should get a say in how it works--changes and new developments should 
> be subject to a fair, open, and consensus-based process.
> * Currently, there are no calls for consensus on any topic
> * The process for defining new specifications can arbitrarily exclude 
> input from participants depending on the whim of the spec editor
> * There is no requirement to reconcile or address objections
> * Voting rights on specifications are not based on individual 
> participation
> * There are no published best practices or code of conduct for spec 
> editors
> * There is no appeal process within a work group
> * There is a lack of transparency in the spec development process
> * The leadership of the foundation--the Chariman,  Executive Director 
> and the Board--has not provided adequate oversight of the WG process
> * All of these problems add up to risk for the community that one 
> person or organization may gain undue influence over OpenID Connect.
> This is not an acceptable risk for the community, who has invested so 
> much in the standard's success.
> * By signing this petition, you are asking the Board of Directors of 
> the OpenID Foundation to implement changes that align the work group 
> process with best practices for other consensus based standards 
> organizations.
> If this is not possible, OpenID Connect should move to an organization 
> that already has the governance in place to protect the standard from 
> future arbitrary control, like OASIS or Kantara.
> Thanks for your consideration.
> - Mike Schwartz
> ------------------------
> Michael Schwartz
> Gluu
> Founder / CEO
> mike at gluu.org
> https://www.linkedin.com/in/nynymike/
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

More information about the Openid-specs-ab mailing list