<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:0in;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1693143998;
mso-list-type:hybrid;
mso-list-template-ids:1686031470 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1
{mso-list-id:1810242525;
mso-list-type:hybrid;
mso-list-template-ids:937883732 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><b>June 27, 2019 OpenID Board Meeting Minutes<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><b>Present:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Don Thibeau, Executive Director<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Mike Jones<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">John Bradley<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">George Fletcher<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Takao Kojima<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Takehisa Shibata<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><a name="_Hlk7447841">Wesley Dunnington<o:p></o:p></a></p>
<span style="mso-bookmark:_Hlk7447841"></span>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><b>Present on the Phone:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Adam Dawes<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><b>Absent:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Amit Dhingra<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Eric Schreiner<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Dale Olds<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><b>Visitors:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Mike Leszcz (on the phone)<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Hans Zandbelt, ZmartZone<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Torsten Lodderstedt, yes.com<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Certification Program<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">We now have four FAPI OP certifications. None of them are banks. RP tests are available and don’t appear to have been used yet. FAPI CIBA certification tests are being developed.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Hans Zandbelt discussed the certification consolidation proposal, which we previously evaluated at the May board meeting at EIC. The recommendation is to eventually migrate the existing Python
functionality to Java. Some proposed new functionality, such as MTLS and Token Binding, would also be easier to develop in Java than Python. The Selenium framework can be used for browser emulation.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">To migrate the functionality, a first step would be to document what the Python code currently tests. Some of this is explicit in the working group’s conformance profile specifications and
some of it is implicit. This would need funding. Roland Hedberg has already taken early steps to do this.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">We won’t start consolidation work until there is a project plan and a set of fixed price proposals. Hans believes that the team can do the planning work using the existing team budget. Hans
created a draft set of milestones which has been iterated on by the certification team.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Mike pointed out that the FAPI WG has not yet created a specification defining its certification profiles. Hans said that there are links in the test suite to the spec clauses. George agreed
that a separate specification of the profiles from the test code should be produced.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Torsten asked whether we should consider adding JARM testing to the certification program. Mike said that the first step of this would be for the FAPI working group to specify JARM profile(s).
Torsten agreed.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Hans described the possibility of certifiers wanting more handholding than is reasonable. Mike said that, to date, we’ve largely relied on people being reasonable, both those requesting support
and those providing support. There is explicitly money in the certification budget for modest amounts of support. John said that banks may try to get more support for free than developers have done to date. We will return to this topic.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Don said that he and John have been discussing that we now don’t have a reliable forecast for the number of FAPI certifications that are likely to come in in what timeframe.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Open Letter to Apple<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">We have drafted an open letter to Apple encouraging them to have Sign In with Apple faithfully use OpenID Connect.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Mike moved and George seconded that:<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraphCxSpFirst" style="margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt;mso-add-space:auto;mso-list:l1 level1 lfo2">
Nat post the open letter on openid.net<o:p></o:p></li><li class="MsoListParagraphCxSpMiddle" style="margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt;mso-add-space:auto;mso-list:l1 level1 lfo2">
We tweet about it<o:p></o:p></li><li class="MsoListParagraphCxSpLast" style="margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt;mso-add-space:auto;mso-list:l1 level1 lfo2">
We send a paper copy to the contact at Apple<o:p></o:p></li></ul>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">We agreed to try to get a few minutes of stage time at Identiverse to talk about the open letter. Don will ask Andi Hindle for the stage time.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Possible Whitepapers<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">We are considering writing whitepapers about FAPI, CIBA, and FAPI certification. There is an opportunity for matching funding for some of this work from the Financial Data Exchange (FDX).<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">4.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>List of OpenID Connect Deployments<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Nat suggested that we create a listing of deployments of OpenID Connect. For instance, the French national identity system uses OpenID Connect. Don reported that the World Bank has a list
of deployments. Don suggested that Adam Cooper might be able to work with him and the World Bank on this. Don will develop a plan to create the list.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">5.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Liaison Update<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">We are working on a liaison agreement with the Identity Python organization, which supports a number of open source digital identity projects being developed in Python. Don is working on
a liaison relationship with Project Verify, which consists of the major US mobile carriers. We have a liaison agreement with the Financial Data Exchange (FDX). FDX is requesting OpenID representation in one of their working groups. Don is willing to join
as an individual member. John is willing to do so as well. The Financial Data and Technology Association (FDATA) and OIDF are working together. We are working closely with the Open Banking Implementation Entity (OBIE) on their certification needs. The
FIDO Alliance announced the formation of their identity proofing working group.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">6.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Upcoming Events<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">The next board meeting will be the Monday evening before IIW. We are still working on a venue for that. OIDF Japan is planning an event on the 17<sup>th</sup> or 24<sup>th</sup> of January
2020 in Shibuya, Tokyo.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>