[OpenID board] June 27, 2019 OpenID Board Meeting Minutes

Fri Aug 2 22:01:20 UTC 2019

June 27, 2019 OpenID Board Meeting Minutes

Present:
Don Thibeau, Executive Director
Nat Sakimura
Mike Jones
John Bradley
George Fletcher
Takao Kojima
Takehisa Shibata
Wesley Dunnington

Present on the Phone:
Adam Dawes

Absent:
Amit Dhingra
Eric Schreiner
Dale Olds

Visitors:
Mike Leszcz (on the phone)
Hans Zandbelt, ZmartZone
Torsten Lodderstedt, yes.com

1.       Certification Program
We now have four FAPI OP certifications.  None of them are banks.  RP tests are available and don't appear to have been used yet.  FAPI CIBA certification tests are being developed.

Hans Zandbelt discussed the certification consolidation proposal, which we previously evaluated at the May board meeting at EIC.  The recommendation is to eventually migrate the existing Python functionality to Java.  Some proposed new functionality, such as MTLS and Token Binding, would also be easier to develop in Java than Python.  The Selenium framework can be used for browser emulation.

To migrate the functionality, a first step would be to document what the Python code currently tests.  Some of this is explicit in the working group's conformance profile specifications and some of it is implicit.  This would need funding.  Roland Hedberg has already taken early steps to do this.

We won't start consolidation work until there is a project plan and a set of fixed price proposals.  Hans believes that the team can do the planning work using the existing team budget.  Hans created a draft set of milestones which has been iterated on by the certification team.

Mike pointed out that the FAPI WG has not yet created a specification defining its certification profiles.  Hans said that there are links in the test suite to the spec clauses.  George agreed that a separate specification of the profiles from the test code should be produced.

Torsten asked whether we should consider adding JARM testing to the certification program.  Mike said that the first step of this would be for the FAPI working group to specify JARM profile(s).  Torsten agreed.

Hans described the possibility of certifiers wanting more handholding than is reasonable.  Mike said that, to date, we've largely relied on people being reasonable, both those requesting support and those providing support.  There is explicitly money in the certification budget for modest amounts of support.  John said that banks may try to get more support for free than developers have done to date.  We will return to this topic.

Don said that he and John have been discussing that we now don't have a reliable forecast for the number of FAPI certifications that are likely to come in in what timeframe.

2.       Open Letter to Apple
We have drafted an open letter to Apple encouraging them to have Sign In with Apple faithfully use OpenID Connect.

Mike moved and George seconded that:

  *   Nat post the open letter on openid.net
  *   We tweet about it
  *   We send a paper copy to the contact at Apple

We agreed to try to get a few minutes of stage time at Identiverse to talk about the open letter.  Don will ask Andi Hindle for the stage time.

3.       Possible Whitepapers
We are considering writing whitepapers about FAPI, CIBA, and FAPI certification.  There is an opportunity for matching funding for some of this work from the Financial Data Exchange (FDX).

4.       List of OpenID Connect Deployments
Nat suggested that we create a listing of deployments of OpenID Connect.  For instance, the French national identity system uses OpenID Connect.  Don reported that the World Bank has a list of deployments.  Don suggested that Adam Cooper might be able to work with him and the World Bank on this.  Don will develop a plan to create the list.

5.       Liaison Update
We are working on a liaison agreement with the Identity Python organization, which supports a number of open source digital identity projects being developed in Python.  Don is working on a liaison relationship with Project Verify, which consists of the major US mobile carriers.  We have a liaison agreement with the Financial Data Exchange (FDX).  FDX is requesting OpenID representation in one of their working groups.  Don is willing to join as an individual member.  John is willing to do so as well.   The Financial Data and Technology Association (FDATA) and OIDF are working together.  We are working closely with the Open Banking Implementation Entity (OBIE) on their certification needs.  The FIDO Alliance announced the formation of their identity proofing working group.

6.       Upcoming Events
The next board meeting will be the Monday evening before IIW.  We are still working on a venue for that.  OIDF Japan is planning an event on the 17th or 24th of January 2020 in Shibuya, Tokyo.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20190802/64f3ed0e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: June 27, 2019 OpenID Board Meeting Minutes.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 34051 bytes
Desc: June 27, 2019 OpenID Board Meeting Minutes.docx
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20190802/64f3ed0e/attachment-0001.docx>