[OpenID board] May 31, 2023 OpenID Board Meeting Notes
Jordan, Marie
majordan at visa.com
Wed Jul 5 18:44:06 UTC 2023
May 31, 2023 OpenID Board Meeting Notes
Present in Person:
Nat Sakimura
Bjorn Hjelm
Vittorio Bertocci
Elcio Calefi
Dima Postnikov
Naveen CM
Nancy Cam-Winget
Chris Anderson (Cisco alternate)
Kristina Yasuda
Osamu Oshima
Gail Hodges
Don Thibeau
Present on the Call:
John Bradley
Marie Jordan
Kosuke Koiwai
Dirk Balfanz
Takao Kojima
Shoma Tanaka
Absent:
George Fletcher
Filip Verley
Wes Dunnington
Guests
Mike Jones
Mike Leszcz
Joseph Heenan
Mark Haine
Tom Smedinghoff (virtual)
1. New News - Gail Hodges
Specifications
* OID4VP Implementor's Draft 2.0
Members
* CA DMV
* Scytáles - Developing reference wallet application for EU
Liaisons
* EC - working to finalize official liaison agreement. OIDF has been invited to a handful of EC workshops in the meantime. Met with EC representatives at the end of EIC in Berlin. Kristina Yasuda shared that OIDF representatives have been participating in the EC Experts Group and the feedback has been positive.
* CAMARA - Bjorn Hjelm commented on this Linux Foundation project that has a number of sub-projects. is an open source project within Linux Foundation to define, develop and test the APIs. CAMARA works in close collaboration with the GSMA Operator Platform Group to align API requirements and publish API definitions and APIs that use OpenID Connect as baseline. Bjorn went on to comment that there may be some alignment between CAMARA Project and OIDF certification. Gail commented that Deutsche Telecom playing a leadership role in the project.
* OIX - Don Thibeau shared that OIX is developing a technical workshop for practitioners and developers in the open wallet space. Planning for a workshop in London in September 2023 that will be a collaborative effort between OIX, OIDF, OWF and FDX.
* OWF -- Kristina Yasuda commented that a task force was recently established and approved to look into OpenID4VC standards. Nat asked about the role of the task force within the OWF. Kristina responded that the work to look into those standards has been approved.
* MOSIP - Gail shared some late breaking news from earlier in the day regarding MOSIP. The Modular Open Source Identity Platform (MOSIP) helps Governments and other user organizations implement a digital, foundational identity system in a cost effective way. Some MOSIP representatives have started participating in OIDF WGs. Gail shared that MOSIP is planning to join the OIDF and more actively get involved in OIDF WGs as well as comment on OIDF whitepapers.
Gail went on to comment about some of the players outside of MOSIP that she engaged with at ID4Africa recently including Secure Identity Alliance and OSHA which are active in that jurisdiction. We're also seeing OIDF standards listed by the World Bank as a protocol that should be considered (but not requiring certification). She shared that the work of ID4Africa is high profile among African Government officials that they Kenyan President presented in person at the conference. A large group of ministerial leaders and heads of privacy participated in the conference and have rolled out GDPR-type legislation in numerous jurisdictions. Gail is positive on expanding the relationships in Africa as well as other jurisdictions in Latin America and Asia.
Working Groups
* Formation of OpenID4VC - working on WG Charter currently. Kristina Yasuda commented that once the Charter is completed it will be circulated to the Specifications Council for review and consideration.
Operations
* Website launch! - Mike Leszcz noted that there were a couple of issues with the install packages provided by Design Factory (web developers) and OSU OSL (hosting partner). This impacted the certification results database as well as many of the URL redirects. Mike L went on to comment that everyone involved in the project is actively working to resolve issues. Nat requested an issue tracker such as a shared Google spreadsheet for efficiently and transparency in identifying and resolving open issues. Mike L committed to following up with the board with an issue trackers once Identiverse concludes. Gail noted that there is a quality control issue that Mike L acknowledged and shared that the priority and focus is on fixing open issues immediately.
2. Resolution: OIDF Secretary Position - Nat Sakimura
Nat opened this topic by sharing that Marie Jordan with Visa has kindly stepped forward to take on the OIDF Secretary position. Marie shared that she's very happy to be nominated and looks forward to working with the OIDF board of directors. Gail went on to thank both Marie as well as Dima Postnikov for both considering the role.
Marie Jordan stepped out of the meeting at this point for an open board discussion. Mike Leszcz thanked all board members for the consideration of the role and the call to action. Mike Jones shared that he spoke to Marie and she appreciates the scope of responsibilities and the impact of the position and is will to take that on for the Foundation.
Nat then introduced the resolution below with Mike Leszcz reading the final paragraph for the record:
WHEREAS, the position of Secretary of the OpenID Foundation is currently vacant as a result of the resignation of the Director previously elected as Secretary by the Board; and
WHEREAS, the Bylaws of the Foundation require that the vacancy in the Secretary position be filled by election of the Board of Directors, and that only directors of the Foundation are eligible to serve as Secretary; and
WHEREAS, Marie Jordan, Senior Director, Global Standards Management at Visa, currently serves as a Sustaining Director of the OpenID Foundation and is eligible to serve as Secretary; and
WHEREAS, Ms. Jordan has been nominated to serve as Secretary to fill the remainder of the prior Secretary's term, and has indicated a willingness to serve in that position;
NOW THEREFORE, BE IT RESOLVED THAT the Board hereby unanimously elects Marie Jordan as Secretary of the OpenID Foundation, effective immediately, to fill the remainder of the prior Secretary's term - i.e., until the next annual election of officers at the 2024 annual meeting of the Board.
Nat asked for any comments or objections which there were none. Nat noted that the resolution passed unanimously and Marie Jordan is the new OIDF Secretary.
Marie rejoined the board meeting at this time.
3. Update: Specifications Support & Updates to Process Document - Mike Jones & Mark Haine
Nat introduced this topic by sharing that back in January 2023 Vittorio Bertocci pointed out that we had been out of compliance with the correct process(es) in a few instances. Nat had another look at the situation and noted that we need to put into place better control processes.
Mike Jones that kicked off the topic by sharing that he's been working with Mark Haine on this deliverable. This includes documenting all processes as well as looking at what processes can be automated. Mike J noted that the Foundation has evolved considerably over the years wherein we used to produce a few specs a year and doing things manually worked fine but we have grown past this approach.
Update on Spec Processes - Documentation
Documentation of existing spec lifecycle processes
* Spec contents requirements
* Documented requirements and best practices
* Spec publication procedures content documented
* Will drive automation of these procedures
* Membership approval procedures for each type of artifact documented
* E.g., Implementer's Draft, Final, Errata
* For instance, Secretary creates 3 blog posts and a vote for each approval round
* Content to be published shortly on new Web site
* Expanding on existing "How do working groups work?" content
* Will inform spec editors, WG chairs, Secretary, and planned automation
* Not yet on Web Site due to content freeze
* Will request friendly review within two weeks after publication
Update on Specs Processes - Tooling
We plan to create tools to
* verify specification document requirements (content)
* Driven by documentation of existing requirements
* IETF has an IDnits tool that reviews and identifies issues - this is the equivalent
* automate draft publication
* Allowing editors and chairs to publish to openid.net/specs/ without assistance
* IETF has a tool for this as well
* Mike J noted that he and Torsten Lodderstedt manage this currently
* streamline Secretary's vote management tasks
* Automate creation of content such as blog posts, vote contents, etc.
* Webform or similar to allow for customization - manual editing will be required at the end of the process (last step before posting)
Before implementation we will seek board review of
* re-designed processes
* proposed tooling approaches
* any needed budget allocation
There was an active board discussion on this topic:
· Mark Haine commented that the primary goals are reduction of effort while betting aligning processes to current way WGs work.
· Mike Jones commented that he and Gail reviewed an overview of documentation that we intend to post first. It will describe what we're doing right now. These living documents will evolve as the tooling is implemented.
· Dima Postnikov asked if there's an opportunity to utilize IETF tools or similar. Mike Jones commented that we would probably be deleting 90% of IETF's tooling and changing 80% of what remains.
· Marie Jordan asked for someone to summarize bullet 3, "streamline secretary's vote management tasks as this is important to her. Gail summarized:
o Nat is pointing out that even revisions to the website, we need to think about the versions there, so we don't distract them from our best practice versions
o Kristina mentioned there are some tools from GitHub that we could consider
· Vittorio noted that this is good progress but we also need to consider formatting, publishing, different use-cases, etc. Communicating the spirit of the process is just as important.
· Gail noted that Mike Jones and Mark Haine have the guidance they need on next steps.
Aligning Process Doc with Modern Practices
Proposed changes circulated to board on May 16 with additional updates circulated on May 30
* Nat, Vittorio and several others have noted places where processes are not documented or adhered to the unwritten processes
* It would be better to pick the things that are conventions and write them down as formal processes where they should be
* We have a Process Document that is our Constitution that fails to address a number of the things we do including basic things like adoption of a WG document
Summary of changes proposed to Process Document:
* Allow use of services controlled by OIDF such as github.com/openid/
* Describe adoption of specifications by working groups
* Allow adopted specifications to use "OpenID" in their names
* Allow Drafts to be considered for Final Specification status
* Remove text on identifying proxies via OpenID Identifiers
Next Steps for Revising Process Document - Mike Jones walked the board through the approval process
Board approval of proposed changes
* Supermajority board approval (2/3 of eligible voters) the goal, which requires a 30% membership-wide quorum - ideal process
* If we only have 51% board support, then we need 60% membership-wide quorum
21-day notice period
7-day Foundation-wide approval vote
* 30% quorum requirement
Changes take effect 21 days after approval
Mike Jones asked if there are proposed changes that board members would like addressed differently of if he has missed any updates
* Nat suggested we want to take our time going through this process to get it correct as it's been 2017 since we've gone through this. Mike Jones noted that the 2017 exercise updated the specs process and specs council approval process. Nat noted that members will need to review carefully and will likely require members counsel to review.
* Kristina commented that she was surprised it was 2017 since there were any updates in consideration of the open topics. She went onto comment that we should promptly address the proposed updates.
* Mike Leszcz noted for the record that when the board meeting minutes are distributed, we'll distribute the current Process Document as well as the redlined version with Mike Jones' proposed edits.
Gail suggested that the board has now has had an opportunity to have an important, open discussion topic. It makes sense to give board members time after the busy travel season to review proposed changes prior to the September board meeting.
* Reviewed the timeline if the topic is taken up again at the September 14, 2023 board meeting and kicks off the formal approval process which would take us into November 2023.
* Kristina Yasuda noted that she is not comfortable waiting until September to address the proposed changes and it taking until November to confirm to changes. Kristina asked if the board could be presented with an online vote prior to the September board meeting. Nat noted that we need to be careful rushing the process.
* Mike Jones commented that this requires super majority board approval so the Task Force doesn't actually help the process. He noted that board members should review the proposed changes and say if they support them or not and if not, what they want changed in order to change their vote to yes. Mike's proposed call to action is to provide board members a short timeframe to review and take a position and not waiting until September to do so. Nancy commented that a 21 day timeframe could be challenging if Cisco legal wants to review.
* Gail noted that there is a bias for speed in this process. Mike Jones noted that the most current version of the proposed changes to the Process Document were distributed to the board on Tuesday, May 30, 2023. Gail asked if there were a window of 3-5 weeks where we try to run a virtual vote. Gail recommended a check in survey in 3-5 weeks to see where the board stands from a super majority.
* Dima noted that the proposed changes on the slide are already incorporated into the revised draft. Mike Jones commented that other alignments could occur. He went on to note that the use of GitHub and Bitbucket are the burning issues to be resolved.
* Gail confirmed a check-in in four weeks. There were no objections to this approach.
4. Background & Resolution: OIDF Honorary Position of Distinguished Engineer - Don Thibeau
Background: A "Distinguished Engineer" is an honorific not a job title, e.g., once a "Distinguished Engineer" always a..."
OpenID Foundation "Distinguished Engineer"
* About 7 years ago the OIDF Board publicly recognized individuals for their distinguished contributions to the Foundation by granting them lifetime memberships.
* Dave Recordon and Dick Hardt were the first to be recognized by the Board, albeit without formal designation as Distinguished Engineers.
* Since that time, OIDF has been internationally recognized for the development and international adoption of open identity standards like OpenID Connect and FAPI.
* OIDF's "brand" as a center of excellence has been further enhanced as an innovator of self-certification models for technical conformance to standards at scale.
* OIDF would benefit from a simple and measured consideration by the board to recognize a small cohort of Distinguished Engineers.
* Any Board Member can nominate an individual who has made a clearly "distinguished" contribution. A unanimous Board consensus would be required for such recognition.
* Following this background are resolutions to approve the Distinguished Engineer position followed by a resolution to approve proposed Distinguished Engineers.
Don noted that the Foundation is at a point of maturity and authority to recognize distinguished contributions and now is the right time.
Don introduced a board resolution approving the establishment of the honorary position of an OpenID Foundation Distinguished Engineer.
* The proposed process is simple intentionally. Any board member at any time can propose an individual for consideration.
* Don noted that the following slide/topic is another board resolution approving three proposed Distinguished Engineers.
Comments on this topic:
* Nancy commented that we need to consider a more specific criteria as a name and proposal isn't enough. Kristina commented that she supports Nancy position of needing a specific criteria. There was a discussion around whether this is an official Foundation which was clarified that it's an honorific not a job title.
* Gail commented that the Foundation is built on the back on huge amount of volunteer efforts by members and contributors. Gail went on to comment that it seems a worthy task for the board to recognize some of these individuals and meaningful efforts. Gail also commented that the criteria is an important consideration so that the recognition isn't minimized in any way without specific criteria.
* Nancy asked if the end goal is recognition, then why not provide an award? Don suggested this another way of approaching. Kristina commented that the recognition could be arbitrary without specific criteria.
* Vittorio noted that a unanimous requirement would be needed. He went on to note the honorific is a nice to have but does not advance the position of the Foundation so this might not be the best use of board time.
* Gail's suggestion to the board is that we do not have consensus on the recommendation but it is an interesting topic that requires additional considerations. Gail went on to suggest we take the topic offline and if there is board appetite we can revisit.
* Mike Jones commented that he would like the Foundation to be in a position to recognize Nat and potentially a few others as Distinguished Engineers at the Connect 10th Anniversary at the OIDF-J Summit in January 2024.
5. Resolution: Designate OIDF Distinguished Engineers - Don Thibeau
This resolution was not put forth to the board as Gail recommended the board continue the conversation offline to determine if it makes sense to revisit at the September 14, 2023 board meeting.
6. Update: 2023 Budget Summary - Mike Leszcz
Summary as of April 30, 2023:
* Cash balance = $2,120,100
* Renewals = 95%+ of budget (does not include Google's recent renewal payment)
* Certification fees = 260% of budget ($140K budget vs. $364K actual)
* Total income 143% of budget
* Expenses 82% of budget with no expense concerns to report
* Current projected cash balance == $1,122,192
Gail noted that we needed to keep an eye on memberships and certification fees. We're in a healthy position currently. Gail noted that one of the areas that we cut back on per board feedback was travel budget for the certification team to convene in 2023. She noted that this is an important time in the certification team cycle as the team works through multiple jurisdictions and new team members. We originally budgeted for $30K but then cut back to $8K to cover Joseph's 2023 budget. Gail noted that the certification fees have outpaced budget and the ask of the board is to reinstate the $22K budget originally cut to allow for the certification team to convene in August at the OAuth Security Workshop in London.
Nancy commented as Treasurer that she has no concerns with the proposed increase in the certification team travel budget for 2023. She went onto comment that we need to ensure we are supporting the certification team as needed as it's an important part of the Foundation so we need to account for this support via the budget going forward.
Mike Leszcz noted that there is not a formal resolution for the board to review and consider as this request was confirmed just prior to the board meeting. Mike proceeded with a verbal resolution:
WHEREAS the OpenID Foundation Board of Directors have considered the request to increase the certification team travel budget from $8,000 to $30,000 total, an increase of $22,000,
WHEREAS the OpenID Foundation Board of Directors have considered the importance of making this investment in the certification program
NOW THEREFORE IT BE RESOLVED that the directors approve the increase in the certification program travel budget effective immediately.
Nat called for discussion or comments. Also called for any objections or dissent. There was none so Nat noted for the record that the resolution carries unanimously.
7. Strategy Review: Whitepapers - Gail Hodges
Current work
* Government Issued Digital Identity Credentials and the Privacy Landscape (v1 on May 5 with v2 to be published soon)
* Human Centric Digital Identity Credentials -- draft in next 2 weeks
* GAIN in 2023 -- draft in next 2 weeks
* Health - still in draft but recent conversation with HL7
* IoT Board Report - met in Berlin to review
* Shared signals use cases
Approach for new papers
* AI Board Report - increasing topic for Government officials
Process improvements
* "Disposition of Comments" tracking / reporting
* Comment periods for all stakeholders, "living documents"
* Call for editor to executive committee
Comments:
* Mike Jones noted that IoT whitepaper experience highlighted that we want to be publishing whitepapers that contain actionable recommendations.
* John Bradley commented on the AI report and noted that it will take some convincing what OpenID has to say about it. He could see FIDO looking at it from the perspective of how it's going to compromise remote identity proofing but doesn't see how that impacts any of our core protocols. He's not certain it's in the OIDF's wheelhouse. Nancy commented that she may agree with John but since it's such a hot topic the minimum we can do is to relate it to the implementations in the identity space with identity fraud as an example. John followed with that we need to have some connection to OpenID.
* Gail recommended that we pick this topic up at the next Task Force meeting next week.
8. Update: Open Banking/Open Data Market Engagement - Gail Hodges, Mike Leszcz & Mark Haine
Existing Markets
* US/ Canada - FDX met with OIDF at Identiverse to discuss FAPI adoption and certification
* Australia - ConnectID ongoing conversation what pricing model works
* Australia - ACCC/CDR
* Brazil - Open Banking
* Brazil - Open Insurance
* UK - OBIE
Expansion
* Latam - Chile, Mexico, Colombia
* Asia
* Middle East
* Africa
9. Review: 2024 Calendar Outlook - Gail Hodges
* Asia Board meeting - Japan in January 2024, + "Roadshow"
* Latam Board meeting - When, where? + "Roadshow"
* Dial down IIW Board meeting(s) in 2024
10. Review: September Board Meeting Outlook - Gail Hodges
* Update on FAPI Ecosystem meetings in summer
* Whitepapers - 20/20 - Impact assessment
* AI Report update
* Metrics update - a priority topic
* Board recommendation for OIDF website login
* ISO PaS update
* Specification automation update
* 10th Anniversary update
* 2024 Meeting calendar update
11. AOB
Thank you,
Marie Jordan
Secretary, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20230705/2e9b5bbf/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: May 31 2023 OpenID Board Meeting Notes Final.pdf
Type: application/pdf
Size: 305408 bytes
Desc: May 31 2023 OpenID Board Meeting Notes Final.pdf
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20230705/2e9b5bbf/attachment-0001.pdf>
More information about the board
mailing list