[OpenID board] October 18, 2017 OpenID Board Meeting Minutes
Mike Jones
Michael.Jones at microsoft.com
Fri Nov 17 08:51:01 UTC 2017
October 18, 2017 OpenID Board Meeting Minutes
Don Thibeau, Executive Director
Mike Jones
Brian Berliner
Adam Dawes
Bjorn Hjelm
John Bradley
George Fletcher
Ashish Jain
Present on the Phone:
Pamela Dingle
Nat Sakimura
Tony Nadalin
Prateek Mishra
Tushar Pradhan
Masato Obata
Debbie Bucci
Phil Hunt, Oracle
Visitors on the Phone:
Tom Smedinghoff, Locke Lord LLP
Mike Leszcz, OIDF
1. Certification Update
Mike reported that the RP Certification program is now in production mode, rather than pilot mode. The certification fees for RP Certification are the same as those for OP certification.
Filip Skokan is being brought on board as a contributor to the certification team. He produced the continuous integration tests already used for the certification software.
The certification revenues are not directly covering our costs of operating the certification program. It probably breaks even if the incremental revenue from additional memberships attributable to the certification program is factored in.
Brian Berliner asked about enabling additional cost and support models. Don will take this under consideration, particularly when FAPI certification comes online.
We will be migrating off of the four physical hosts currently supplied by Symantec to hosted virtual machines by the end of the year. Brian Berliner produced a project plan to facilitate the migration.
We have actively mitigated what were previously single points of failure during this year. Multiple people understand how to maintain, enhance, release, and operate the certification software. Multiple people are able to process certification applications. Docker containers for the certification software are available and being used by multiple parties.
Several new certification profiles about to be launched after review by the Connect working group. These include Form Post Response Mode, refresh token behaviors, logout functionality, and OP-initiated login. These will initially be in pilot mode, in which we are "testing the tests".
We don't have visibility into the FAPI testing coding being done by the Open Banking contractor.
2. Liaison Update
Mike reported that the OpenID Connect Extended Authentication Profile (EAP) ACR Values specification can be used to request authentications that FIDO authenticators would satisfy. John added that ACR value defined by other profiles may also accomplish this.
[Pamela Dingle joined the meeting at this point]
3. Open Banking Update
Pam reported that the Open Banking developers have released prototype tests for the FAPI specs. Their Dynamic Client Registration spec is largely baked but is not compatible with OpenID Connect Dynamic Client Registration. They require a signed request rather than a JSON request. The Open Banking folks want non-repudiation. Pam will set up a call to discuss this. Mike, John, Bjorn, George, Phil, and Don requested to participate.
[Adam Dawes departed at this point]
4. ID Pro Relationship
The executive committee is working on ways for attendees of OpenID Events to get ID Pro education credit. It's currently in the court of the ID Pro organization to make a specific proposal to the OpenID Foundation.
5. Marketing Committee Update
Adam and Don are working on consolidating our multiple presences on Facebook and Google+. This is part of an initiative to improve our social media communications. We will begin using these and Twitter more systematically in the coming year and will be collecting engagement metrics.
[Nat joined the meeting at this point]
6. Internationalization of Board Meetings
There's a proposal to hold a board meeting in Munich in conjunction with EIC and/or in London in conjunction with IETF. These might replace the meeting during RSA. Don will poll the board and follow up with a specific proposal. There's also the April board meeting at IIW.
7. FAPI Update
FAPI has set up a repository to enable the Open Banking folks to institute change and issue tracking for their specs. They currently are not change tracked.
Nat said that FAPI may want Final Specification votes for Part 1 and Part 2 in a few months.
There will be a joint FAPI Open Banking meeting on Monday, November 6th in London.
8. Real Estate Standards Organization (RESO) Update
Don will be presenting at the RESO annual meeting tomorrow. RESO is using our certification suite as part of their certification. Several of the RESO vendors have also completed OpenID Certifications.
9. Membership and Budget Update
We are in good financial shape. We continue getting more members - in part, because of the certification program. We have money in the bank that can be used for projects, as needed. We currently have something over 200 members.
10. RISC Working Group Update
The RISC WG met on Monday at PayPal. There continues to be a robust discussion. There are now event definitions. Dick Hardt is working on creating a multi-lateral legal agreement to enable sharing. Dick is asking for RISC participants' lawyers to review the signal sharing agreement. Phil reported that RISC is still working on a management API, which will enable subjects to be added and removed.
11. IDSA Discussion
Ashish asked whether we might want to have a liaison relationship with the ID Defined Security Alliance (IDSA). There isn't a specific ask from them at this time. Ashish will continue engaging with them and thinking about possibilities. It might be good to get some of the IDSA members to participate in FastFed and RISC. Don will produce a recommendation about whether to establish a liaison relationship.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20171117/cf65ffa7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: October 18, 2017 OpenID Board Meeting Minutes.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 33617 bytes
Desc: October 18, 2017 OpenID Board Meeting Minutes.docx
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20171117/cf65ffa7/attachment-0001.docx>
More information about the board
mailing list