[OpenID board] May 3, 2017 OpenID Board Meeting Minutes

Mike Jones Michael.Jones at microsoft.com
Fri May 19 18:38:11 UTC 2017


May 3, 2017 OpenID Board Meeting Minutes

Present:
Don Thibeau, Executive Director
Mike Jones
Nat Sakimura
Brian Berliner
Adam Dawes
Bjorn Hjelm
John Bradley
Debbie Bucci
George Fletcher
Prateek Mishra
Ashish Jain
Pamela Dingle

Present on the Phone:
Tony Nadalin

Absent:
Masato Obata
Tushar Pradhan

Visitors:
Tom Smedinghoff, Locke Lord LLP (on the phone)
Mike Leszcz, OIDF (on the phone)
Phil Hunt, Oracle


1.       Tenth Anniversary of the Foundation
The Foundation has been in operation for ten years now!


2.       Updates to Legal Documents
Tom described the updates made to the legal documents.  Tom notified us that he made conforming changes to the IPR process document that are not substantive in nature.  Microsoft's standards lawyers reviewed the documents and Tom incorporated the results of their feedback.  Don sent a complete set of both clean copies and redline documents to the full board earlier this week.  We plan to consider approval of these changes during the board meeting at the Cloud Identity Summit in June.

The changes align our documents with our existing operating practices.  Mike described that the minor changes to the IPR process are there to align with our business practices.  Tom added that there were no substantive changes to the actual IPR policies or procedures.  Tony sought a clarification that we are continuing to enumerate participants, which we are.  Prateek sought clarifications on how the patent non-assert process works.  We discussed the scenario in which an individual owns a patent and is representing a company.  Adam and Phil discussed whether we could require that companies to ensure that their representatives do not have a conflict of interest with the goals of the working groups.  Some expressed that this would be onerous and impractical.  John said that an alternative is the IETF process where people are required to assert patents at Implementer's Draft time could work as well.  Tom said that the risks we are discussing are ones that the foundation has already been bearing.  Don suggested that we proceed with the documents as-is.  The board concurred.

[Pamela Dingle joined on the phone at this point]


3.       Florida is asking for permission to post copies of some OpenID standards
Their procedures require them posting documents that are referenced in their regulations.  John suggested that we have them do a 302 redirect to the authoritative copies.  Tom said that their regulations require them actually publishing a copy.  Phil suggested that we request that they provide a link to the authoritative sources.  Pam asked Tom to send us a link to the regulations, which he will do.  We agreed to have the executive committee take up this topic.


4.       Accessible Documentation for Working Group Chairs and Members
As the foundation is growing, there are increasing numbers of working groups, chairs, and working group members.  People have agreed that it would be helpful to have an accessible "How working groups work" document, so both chairs and working group members understand both the "whats" and "whys" of the things that working groups do.  While many of those things are codified in IPR process and policy documents, an FAQ-like presentation is likely to be more accessible to participants.


5.       Web Site Updates
Don reported that the Marketing Committee is working on updates to the look of the Web site.  Auth0 has made specific proposals for graphical improvements that are being considered.


6.       Certification Update
Numbers of certifications continue increasing.  Increasing numbers of people are using local deployments of the testing software, which can be packaged into Docker containers.

Hans Zandbelt has joined the certification team and has contracted with the foundation for specific deliverables.  These augment the deliverables that Roland Hedberg is already producing.  Deliverables include new tests, additional documentation, and ongoing operation and maintenance.  Hans will be writing some of the new tests.

Symantec is providing us the certification hosts.  Symantec suggests that we eventually move hosting to actual hosting providers, because it will probably result in less friction as the scope of certification increases.  We could consider doing that near the end of the year.  Adam asked whether Symantec's certificates for Account Chooser would also be affected.  Brian said that no changes for Account Chooser are anticipated and that that's a separate discussion.  We acknowledged the value that Symantec has added to the certification program and our appreciation of it.

There are several other organizations using the certification program as part of their businesses, including RESO - the Real Estate Standards Organization.  The GSMA is using a copy of the certification software internally.  New certifications are being considered for additional specifications, such as FAPI.  The Open Banking organization has expressed interest in us doing certification for FAPI.  George expressed that we should only be doing certification for things that we develop.

We had a discussion of additional certifications that we could stand up, including for HEART, FAPI, iGov, EAP, RISC, etc.  While the software is open source and can be extended by anyone, actually creating new test profiles and deploying them is something that will likely require designated funding and a willing and capable developer to do the work.


7.       Governance Discussion
Prateek led a discussion of the roles of individuals organizations, and working groups.  John explained that, by design, working group participation is independent of membership - the founders having created a bicameral structure.  Some of the reasoning behind these choices and how they work in practice will be covered in the document that Mike is writing.  We talked about the ways that we ensure that implementers have IPR protections for OpenID specifications.


8.       Liaison Report
We are working on a liaison relationship with ISO TC 68 - Financial Services.  The ISO SC17 - Smart Card group is requesting a liaison relationship with us.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20170519/e9b9c722/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: May 3, 2017 OpenID Board Meeting Minutes.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 30882 bytes
Desc: May 3, 2017 OpenID Board Meeting Minutes.docx
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20170519/e9b9c722/attachment-0001.docx>


More information about the board mailing list