[OpenID board] December 6, 2018 Executive Committee Call Minutes
Mike Jones
Michael.Jones at microsoft.com
Thu Jan 3 22:24:30 UTC 2019
December 6, 2018 Executive Committee Call Minutes
Present:
Don Thibeau, Executive Director
Nat Sakimura
John Bradley
Mike Jones
Absent:
Adam Dawes
George Fletcher
Visitors:
Mike Leszcz, OpenID Foundation Staff
Tom Smedinghoff, Locke Lord LLP
1. OpenID Certification Program Update
Don is building a certification roadmap for 2019. It should enable new board members to quickly get up to speed on the certification program. We are building the certification budget out of sets of Statements of Work (SoWs) with contractors.
We are planning for transferring the FAPI certification from OBIE to the OIDF. We intend to have the plan done by the end of the year. Don will review the financials with us by the end of the year, including a proposed pricing model and projected revenues. He is reviewing the draft budget with John (our treasurer) this upcoming weekend.
Mike reported on new OpenID Connect certification work. The Form Post Profile will be moved from pilot to production after a few more people have tested the tests. Hans has deployed 3rd-party initiated login tests. We need to announce those to the working group and describe them in the instructions. Roland is building logout tests. This work will probably also improve the quality of the logout specs.
We are adding additional certification team developers to build up our capacity. Tomas Pazderka, a PyOIDC maintainer, will start by backstopping Roland. Serkan Özkan will start by backstopping Hans. The additional developers should be a help when we take over the FAPI certification work.
2. FAPI Update
Nat gave us a FAPI update. A lot of work is happening in MODRNA finishing the CIBA spec. FAPI is using that as well. Berlin Group seems to be going their own way, and as John observed, leaving a security hole in their protocol. Torsten Lodderstedt and John are attending a Berlin Group meeting in Paris tomorrow.
The FAPI working group is starting schema work. We are working on an FS-ISAC liaison relationship. We need to monitor the progress in Australia.
3. Board Elections Update
Mike Leszcz is driving this from the standard elections template. Mike, John, and Dale's terms end soon. We will run the election in January, as usual.
4. Meeting Calendar
A meeting calendar was sent to the board. There will be face-to-face board meetings at RSA and Identiverse. We agreed to add a FAPI workshop to be scheduled in Australia, given their adoption of FAPI. We've invited all of our contractors and consultants to EIC, including the certification contractors.
5. Budget
The certification budget will be a separate and large part of the overall budget - commensurate with the scale of the opportunities.
6. Research & Education Working Group
Mike & John met with some of the R&E WG members in Utrecht on Monday. They are starting schema work. They will also be profiling the OpenID Connect Federation spec for R&E use. Nat will encourage some Japanese R&E people to participate.
7. OIDF Japan
OIDF Japan celebrated the 10th year of the organization yesterday. OIDF Japan plans a 5 year celebration of OpenID Connect in February, 2019. The OIDF should consider marketing activities for this anniversary as well.
8. Know Your Customer (KYC) and Verified Claims work
Nat reported that there's interest in KYC work. There's an EU EKYC group producing recommendations by Spring next near. We should liaise closely with them.
Torsten proposed a Verified JWT Claims syntax at IIW. He contributed it to the OpenID Connect working group.
9. Self-Issued and Self-Sovereign Identity
Self-Issued identities can be used to build "self-sovereign" identities.
10. Implicit Flow
There are vigorous discussions about the use of the Implicit Flow in the OAuth working group. Hopefully a balanced view of pros and cons will be presented in the BCP draft, including the mitigations that are part of OpenID Connect. People are encouraged to participate in that discussion.
11. iGov
Mike failed to announce the iGov vote on the schedule published at https://openid.net/2018/10/17/public-review-period-for-two-proposed-igov-implementers-drafts/. Given the Christmas holidays, he now plans to announce the vote in late December and start the vote in early January.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20190103/49bdbead/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: December 6, 2018 Executive Committee Call Minutes.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 32135 bytes
Desc: December 6, 2018 Executive Committee Call Minutes.docx
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20190103/49bdbead/attachment-0001.docx>
More information about the board
mailing list