<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:291516714;
mso-list-type:hybrid;
mso-list-template-ids:-521622224 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><b>April 4, 2019 Executive Committee Call Minutes<o:p></o:p></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b>Present:<o:p></o:p></b></p>
<p class="MsoNormal">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal">John Bradley<o:p></o:p></p>
<p class="MsoNormal">George Fletcher<o:p></o:p></p>
<p class="MsoNormal">Don Thibeau, Executive Director<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b>Absent:<o:p></o:p></b></p>
<p class="MsoNormal">Adam Dawes<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b>Visitors:<o:p></o:p></b></p>
<p class="MsoNormal">Takehisa Shibata, KDDI<o:p></o:p></p>
<p class="MsoNormal">Tom Smedinghoff, Locke Lord LLP<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Membership Update<o:p></o:p></b></p>
<p class="MsoNormal">Akamai (which acquired Janrain) has joined the board and will be represented by John Summers. Ping Identity’s new board representative is Wesley Dunnington.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Open Banking Implementation Entity<o:p></o:p></b></p>
<p class="MsoNormal">OBIE decided not to follow through on their handshake agreement to pre-pay for 15 certifications. We are disappointed that the proposed agreement fell through. Don has asked them to confirm that they will deprecate their test suite in
September. He also asked them to confirm that the CMA 9 banks will certify at least once a year. They plan to send their members to our certification suite going forward.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Certification Update<o:p></o:p></b></p>
<p class="MsoNormal">Financial-grade API (FAPI) Read/Write OP certification launched on April 1<sup>st</sup>. We already have FAPI certifications from ForgeRock and Authlete. There is keen interest by other vendors. We don’t know when we’ll receive the first
certifications from banks.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">There are no FAPI RP certification instructions yet, but they are expected later this month. FAPI RP certification will launch in pilot mode.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Joseph Heenan is working on FAPI CIBA certification code.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">There are also several developments for OpenID Connect certification. The Form Post Response Mode profiles have reached production status. The Third Party Initiated Login profiles are in pilot mode. And the new Logout tests are live
at new-op.certification.openid.net and are being tested by early testers. As expected, having these tests is raising some questions about the intended semantics of some features of the logout specs. This is valuable feedback before these specifications become
final.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">4.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>FAPI Standardization Update<o:p></o:p></b></p>
<p class="MsoNormal">The FAPI working group is now having three calls every two weeks to accelerate progress, including working on CIBA and diligently tracking issues. The MODRNA CIBA Implementer’s Draft is generic. There are profiles for mobile operators
and Financial-grade APIs being defined. The FAPI CIBA profile tightens a number of things – possibly enabling formal verification.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">5.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Libraries Program Update<o:p></o:p></b></p>
<p class="MsoNormal">Don reports that Adam Dawes isn’t sure when his proposed directed funding for libraries will come through.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">George talked about possible library options. We could allow people to update their libraries to the OpenID GitHub. We currently have people contribute their code to working groups, which provides a clean IPR container. Even beyond that,
the Foundation could designate some libraries as being high-quality and well-resourced, when appropriate.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We don’t have policies in place for how many maintainers contributed libraries need to have or policies for how to add and remove maintainers. For instance, a former AppAuth maintainer can no longer maintain one of the projects and it’s
not clear how to choose successors.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mike repeated that our current procedures are for people to contribute code to working groups and it’s up to the working group whether to work on it. Mike stated that he’s against us hosting random code. George agreed.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Nat reminded us that there’s a standing deliverable for Don to create a report on how other organizations manage libraries. He plans to deliver that report before our board meeting in Mountain View.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mike stated that it’s a working group decision right now who to add and remove as maintainers and whether to start or stop working on a library. For instance, George could propose a new AppAuth maintainer that he has in mind to the Connect
working group.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">6.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Liaison Update<o:p></o:p></b></p>
<p class="MsoNormal">The Financial Data Exchange (FDX) and the OpenID Foundation have announced that they are collaborating. See
<a href="https://openid.net/2019/04/02/financial-data-exchange-openid-foundation-take-step-towards-global-standard-for-financial-data-sharing/">
https://openid.net/2019/04/02/financial-data-exchange-openid-foundation-take-step-towards-global-standard-for-financial-data-sharing/</a>. FDX is supportive of the FAPI standard and test suite. Expect a similar announcement with the Financial Data and Technology
Association (FDATA) in the next few weeks.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Project Verify is a joint venture by 4 major telcos in the US. We are working on a liaison relationship with them. Michael Engan is a lead architect of Project Verify. He and Bjorn Hjelm are advocates for them using OpenID Foundation
standards. Don is in communication with entities in Canada, Australia, and New Zealand as well.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">7.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Recruitment Effort<o:p></o:p></b></p>
<p class="MsoNormal">Don is preparing a recruitment campaign targeted at those who have certified. It will communicate actionable certification and foundation information for their benefit, including letting them know about FAPI certification and that Connect
certification prices will go up in June.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">8.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Upcoming Events<o:p></o:p></b></p>
<p class="MsoNormal">There’s an OpenID Workshop the day before IIW and a board meeting during IIW. There’s an OpenID Workshop and board meeting at EIC. The entire certification team will be at EIC, so this is a unique opportunity for board members and other
active members to meet with our certification engineers. There’s an OpenID Workshop and board meeting at Identiverse.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">9.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Decentralized Identity News<o:p></o:p></b></p>
<p class="MsoNormal">Nat reports that Microsoft released Open Source using the OpenID Connect Self-Issued protocol for DID authorization.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">10.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>French, Polish, and Czech Open Banking and FAPI<o:p></o:p></b></p>
<p class="MsoNormal">John met with STET (the French open banking entity) last week and described FAPI and CIBA to them and compared them to their existing approaches. He’ll be continuing the conversation. The FAPI working group is analyzing the Polish and
Czech open banking APIs, which are also different than FAPI.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>