[OpenID board] April 27, 2016 OpenID Board Meeting Minutes
Pamela Dingle
pdingle at pingidentity.com
Mon May 9 12:42:41 UTC 2016
I didn't see it, I'm sorry - no amendments from my perspective.
On Mon, May 9, 2016 at 5:36 AM, Mike Jones <Michael.Jones at microsoft.com>
wrote:
> OK – I’ll amend the minutes accordingly. You hadn’t responded to the
> board-private draft version sent per policy for review purposes so I
> assumed that the draft version was correct. Are there any other amendments
> needed?
>
>
>
> *From:* board [mailto:openid-board-bounces at lists.openid.net] *On Behalf
> Of *Pamela Dingle
> *Sent:* Monday, May 9, 2016 5:19 AM
> *To:* openid-board at lists.openid.net
> *Cc:* board at openid.net
> *Subject:* Re: [OpenID board] April 27, 2016 OpenID Board Meeting Minutes
>
>
>
> Hey Mike -- I'm not sure it really matters, but I was on the phone for
> this meeting. I didn't say anything because I was in the airport (and then
> onboard my aircraft), but was present for whole meeting, only missing the
> very beginning and a little bit of the meeting that went over the time at
> the end there.
>
>
>
> Thanks!
>
>
>
> On Mon, May 9, 2016 at 3:01 AM, Mike Jones <Michael.Jones at microsoft.com>
> wrote:
>
> *April 27, 2016 OpenID Board Meeting Minutes*
>
>
>
> *Present:*
>
> Don Thibeau, Executive Director
>
> John Bradley
>
> Mike Jones
>
> Nat Sakimura
>
> George Fletcher
>
> Prateek Mishra
>
> Brian Berliner
>
> Dale Olds
>
> Adam Dawes
>
>
>
> *Present on the Phone:*
>
> Bjorn Hjelm
>
>
>
> *Absent:*
>
> Debbie Bucci
>
> Pamela Dingle
>
> Lydia Varmazis
>
> Tony Nadalin
>
>
>
> *Visitors:*
>
> Tom Smedinghoff, Locke Lord LLP (on the phone)
>
> Mike Leszcz, OIDF (on the phone)
>
> Phil Hunt, Oracle
>
>
>
> *1.** New Board Member*
>
> We welcomed Oracle to the board. Prateek Mishra and Phil Hunt are in
> attendance from Oracle.
>
>
>
> Prateek said that Oracle is working to integrate an identity fabric with
> business services – both for external applications and within the company.
> Phil Hunt said that SCIM is very important to Oracle and sees potential
> synergies between SCIM and OpenID Connect. Phil talked about developing
> best deployment practices. George and Brian and John affirmed Oracle’s
> goals. Phil expressed a desire for us to evaluate the possibility of doing
> SCIM interop and possibly conformance work, which the IETF doesn’t do.
>
>
>
> *2.** Legal and Policy Review*
>
> Tom has been going through our mostly 7-year-old legal documents,
> addressing issues found. One item was to create a software contribution
> agreement based upon the Google contribution agreement. Some members and
> potential members had also identified issues. We are explicitly not
> touching the IPR Policy and IPR Process documents.
>
>
>
> Tom has sent revised copies to the EC for review and is awaiting
> comments. Then they will be circulated to the full board. The new
> versions separate policies from procedures.
>
>
>
> Mike described that the IPR policy and process documents are, by design,
> difficult to update. Nat pointed out that we did update them once, in
> 2009, to streamline the specifications council working group approval
> procedures.
>
>
>
> *3.** Status of Trademarks*
>
> There is a deadline of May 6th for a response to a trademark registration
> refusal in Canada, which is related to SXIP’s registration of OpenID in
> Canada. Mike Jones and Don Thibeau are in communication with Dick Hardt
> about assigning SXIP’s registration to the OpenID Foundation, which Dick
> has agreed to do.
>
>
>
> *4.** OpenID Certification*
>
> Mike reported on the status of the certification program. The number of
> registrations continues to grow. Registrations are now being paid for by
> registrants. OpenID Connect working group members and Don are working with
> Roland Hedberg on advancing the RP certification program during IIW.
>
>
>
> *5.** Website Update*
>
> Mike reported that we are making substantial progress both towards
> deploying the revised membership Ruby code and towards transitioning from
> Darin Richardson, as our web site developer to Nov Matake, who has agreed
> to become our new web site developer. Mike and Don have continued to work
> with both Darin and with OSUOSL and are happy to report that the new code
> is now running on a staging server and another server that will be put in
> production to replace the 7-year old Ruby deployment, after the new code
> has been evaluated and accepted.
>
>
>
> *6.** Working Group Updates*
>
> There were substantive working group updates at the OpenID workshop on
> Monday, so we didn’t repeat most of that content here.
>
>
>
> Adam reported that Google is working on opening up their Android password
> manager and Account Chooser experience to other platforms. This would
> require a standard password manager API. That work is happening in the W3C
> Web Credentials working group. The Account Chooser working group may
> choose to utilize and build upon this functionality.
>
>
>
> *7.** Financial Update*
>
> The foundation is in sound financial shape. The legal efforts have been
> the primary cost driver but there are sufficient existing funds to cover
> that work without needing directed funding.
>
>
>
> *8.** Recognizing Substantive Contributions to the Foundation and
> its Mission*
>
> In recognition of their substantive contributions towards the creation of
> the OpenID Foundation and their long-term technical contributions to OpenID
> Foundation specifications, the foundation elected to honor David Recordon,
> Dick Hardt, and Drummond Reed by offering them lifetime invited expert
> status and accompanying free lifetime individual OpenID Foundation
> memberships. John made the motion and Adam seconded it. The motion passed
> unanimously.
>
>
>
> *9.** Communication about Security Best Practices*
>
> William Denniss led a productive discussion at IIW based on input from
> George Fletcher at the Monday OpenID workshop on OAuth mix-up attacks and
> related issues. We gathered notes about vulnerabilities for purposes of
> possibly publishing them as an informative note on the OpenID blog.
>
>
>
> Don pointed out that our mission includes adoption. He said that
> publishing advice to developers is a way of adding value to members,
> including internationally. We might call it a “Deployment Advisory” in the
> title. Mike said that it would be OK for the blog category to be “Security
> Advisory” but people thought that was too strong to use in the title. Our
> communication needs to include information on cross-site request forgery
> and the mix-up attacks.
>
>
>
> We will ask William Denniss to be lead author on the text. Mike, John,
> George, Phil, and Don will review the text.
>
>
>
> George moved that we publish information conveying the security and
> deployment guidance. Brian seconded the motion. John pointed out that we
> can coordinate with NIST, who has mechanisms for publishing security
> advisories, and that that might have a favorable side-effect of helping to
> deepen NISTs engagement with the OpenID Foundation.
>
>
>
>
> _______________________________________________
> board mailing list
> board at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-board
>
>
>
>
>
> --
>
> [image: Ping Identity logo] <https://www.pingidentity.com/>
>
> *Pam Dingle*
> Principal Technical Architect
> Ping Identity
>
> *@*
>
> pdingle at pingidentity.com
>
> [image: phone]
>
> +1 303.999.5890
>
> [image: twitter]
>
> @pamelarosiedee
>
>
>
> Connect with us!
>
> [image: pingidentity.com] <https://www.pingidentity.com/>
>
> [image: twitter logo]
> <http://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm>[image:
> twitter logo] <https://twitter.com/pingidentity>[image: youtube logo]
> <https://www.youtube.com/user/PingIdentityTV>[image: LinkedIn logo]
> <https://www.linkedin.com/company/21870>[image: Facebook logo]
> <https://www.facebook.com/pingidentitypage>[image: Google+ logo]
> <https://plus.google.com/u/0/114266977739397708540>[image: slideshare
> logo] <http://www.slideshare.net/PingIdentity>[image: rss feed icon]
> <https://www.pingidentity.com/blogs/>
> ------------------------------
>
> [image: CIS 2016] <https://www.cloudidentitysummit.com/en/index.html>
>
>
>
> _______________________________________________
> board mailing list
> board at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-board
>
>
--
[image: Ping Identity logo] <https://www.pingidentity.com/>
Pam Dingle
Principal Technical Architect
Ping Identity
@ pdingle at pingidentity.com
[image: phone] +1 303.999.5890
[image: twitter] @pamelarosiedee
Connect with us!
[image: pingidentity.com] <https://www.pingidentity.com/>
[image: twitter logo]
<http://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm>
[image:
twitter logo] <https://twitter.com/pingidentity> [image: youtube logo]
<https://www.youtube.com/user/PingIdentityTV> [image: LinkedIn logo]
<https://www.linkedin.com/company/21870> [image: Facebook logo]
<https://www.facebook.com/pingidentitypage> [image: Google+ logo]
<https://plus.google.com/u/0/114266977739397708540> [image: slideshare logo]
<http://www.slideshare.net/PingIdentity> [image: rss feed icon]
<https://www.pingidentity.com/blogs/>
------------------------------
[image: CIS 2016] <https://www.cloudidentitysummit.com/en/index.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20160509/926f3348/attachment-0003.html>
More information about the board
mailing list