<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:0in;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1693143998;
mso-list-type:hybrid;
mso-list-template-ids:1686031470 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><b>October 18, 2017 OpenID Board Meeting Minutes<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><b>Present:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Don Thibeau, Executive Director<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Mike Jones<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Brian Berliner<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Adam Dawes<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Bjorn Hjelm<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">John Bradley<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">George Fletcher<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Ashish Jain<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><b>Present on the Phone:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Pamela Dingle<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><b>Absent:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Tony Nadalin<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Prateek Mishra<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Tushar Pradhan<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Masato Obata<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Debbie Bucci<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><b>Visitors:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Phil Hunt, Oracle<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><b>Visitors on the Phone:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Tom Smedinghoff, Locke Lord LLP<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Mike Leszcz, OIDF<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Certification Update<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Mike reported that the RP Certification program is now in production mode, rather than pilot mode. The certification fees for RP Certification are the same as those for OP certification.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Filip Skokan is being brought on board as a contributor to the certification team. He produced the continuous integration tests already used for the certification software.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">The certification revenues are not directly covering our costs of operating the certification program. It probably breaks even if the incremental revenue from additional memberships attributable
to the certification program is factored in.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Brian Berliner asked about enabling additional cost and support models. Don will take this under consideration, particularly when FAPI certification comes online.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">We will be migrating off of the four physical hosts currently supplied by Symantec to hosted virtual machines by the end of the year. Brian Berliner produced a project plan to facilitate
the migration.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">We have actively mitigated what were previously single points of failure during this year. Multiple people understand how to maintain, enhance, release, and operate the certification software.
Multiple people are able to process certification applications. Docker containers for the certification software are available and being used by multiple parties.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Several new certification profiles about to be launched after review by the Connect working group. These include Form Post Response Mode, refresh token behaviors, logout functionality, and
OP-initiated login. These will initially be in pilot mode, in which we are “testing the tests”.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">We don’t have visibility into the FAPI testing coding being done by the Open Banking contractor.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Liaison Update<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Mike reported that the OpenID Connect Extended Authentication Profile (EAP) ACR Values specification can be used to request authentications that FIDO authenticators would satisfy. John added
that ACR value defined by other profiles may also accomplish this.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">[Pamela Dingle joined the meeting at this point]<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Open Banking Update<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Pam reported that the Open Banking developers have released prototype tests for the FAPI specs. Their Dynamic Client Registration spec is largely baked but is not compatible with OpenID Connect
Dynamic Client Registration. They require a signed request rather than a JSON request. The Open Banking folks want non-repudiation. Pam will set up a call to discuss this. Mike, John, Bjorn, George, Phil, and Don requested to participate.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">[Adam Dawes departed at this point]<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">4.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>ID Pro Relationship<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">The executive committee is working on ways for attendees of OpenID Events to get ID Pro education credit. It’s currently in the court of the ID Pro organization to make a specific proposal
to the OpenID Foundation.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">5.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Marketing Committee Update<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Adam and Don are working on consolidating our multiple presences on Facebook and Google+. This is part of an initiative to improve our social media communications. We will begin using these
and Twitter more systematically in the coming year and will be collecting engagement metrics.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">[Nat joined the meeting at this point]<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">6.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Internationalization of Board Meetings<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">There’s a proposal to hold a board meeting in Munich in conjunction with EIC and/or in London in conjunction with IETF. These might replace the meeting during RSA. Don will poll the board
and follow up with a specific proposal. There’s also the April board meeting at IIW.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">7.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>FAPI Update<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">FAPI has set up a repository to enable the Open Banking folks to institute change and issue tracking for their specs. They currently are not change tracked.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Nat said that FAPI may want Final Specification votes for Part 1 and Part 2 in a few months.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">There will be a joint FAPI Open Banking meeting on Monday, November 6<sup>th</sup> in London.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">8.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Real Estate Standards Organization (RESO) Update<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Don will be presenting at the RESO annual meeting tomorrow. RESO is using our certification suite as part of their certification. Several of the RESO vendors have also completed OpenID Certifications.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">9.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Membership and Budget Update<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">We are in good financial shape. We continue getting more members – in part, because of the certification program. We have money in the bank that can be used for projects, as needed. We
currently have something over 200 members.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">10.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>RISC Working Group Update<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">The RISC WG met on Monday at PayPal. There continues to be a robust discussion. There are now event definitions. Dick Hardt is working on creating a multi-lateral legal agreement to enable
sharing. Dick is asking for RISC participants’ lawyers to review the signal sharing agreement. Phil reported that RISC is still working on a management API, which will enable subjects to be added and removed.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">11.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>IDSA Discussion<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Ashish asked whether we might want to have a liaison relationship with the ID Defined Security Alliance (IDSA). There isn’t a specific ask from them at this time. Ashish will continue engaging
with them and thinking about possibilities. It might be good to get some of the IDSA members to participate in FastFed and RISC. Don will produce a recommendation about whether to establish a liaison relationship.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>