<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:0in;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1693143998;
mso-list-type:hybrid;
mso-list-template-ids:1686031470 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><b>September 30, 2019 OpenID Board Meeting Minutes<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><b>Present:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Don Thibeau, Executive Director<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Mike Jones<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">John Bradley<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">George Fletcher<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><a name="_Hlk7447841">Wesley Dunnington<o:p></o:p></a></p>
<span style="mso-bookmark:_Hlk7447841"></span>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><a name="_Hlk20755623">Eric Schreiner<o:p></o:p></a></p>
<span style="mso-bookmark:_Hlk20755623"></span>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Lovlesh Chhabra<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><b>Present on the Phone:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Dale Olds<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Takehisa Shibata<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><b>Absent:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Amit Dhingra<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Takao Kojima<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Filip Verley<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><b>Visitors:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Mike Leszcz (on the phone)<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Board Updates<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Eric Schreiner is now representing Akamai (following Akamai’s acquisition of Janrain). Filip Verley is now representing Google, since Adam Dawes is no longer working in the identity space.
The board unanimously appointed Bjorn Hjelm as acting Vice Chairman to replace Adam.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Certification Program Update<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Mike Jones reported that the first Third-Party Initiated Login certifications have come in and that the OP logout tests are now in alpha release, with pilot mode expected to begin shortly.
The first FAPI-CIBA certification has also occurred.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">The board considered the proposal to migrate the Connect certification functionality from the existing Python code to the Java test suite, based on proposed milestones submitted by Hans and
the Certification team. Don and John assured us that we do have the funds to pay for the migration. The board unanimously approved the migration proposal.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Don reported that we don’t have a solid pipeline of certifications for FAPI deployments. We believe that banks will be doing FAPI certifications – we just don’t know the timeline. OBIE is
turning off their certification test suite today.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Certification for Open Source Projects<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">The Apache Foundation requested that they be allowed to certify Apache open source software for free. While the board is sympathetic to supporting open source, several felt that we would
be on a slippery slope defining criteria for “qualified open source projects”. Requests for sponsorship using Directed Funding is another mechanism that can and has be used to defray costs for some open source projects. The idea was tabled, pending further
discussion. We will ask the certification committee for further input on the goals and possibilities.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">4.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>FAPI Microsite<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Mike Leszcz has produced a draft of a FAPI “microsite”. It’s intended to be a less technical starting point/landing page for all things FAPI. It will be published at
<a href="https://openid.net/fapi">https://openid.net/fapi</a> (much like the Connect introduction page is at
<a href="https://openid.net/connect">https://openid.net/connect</a>). Please review the draft contents at
<a href="https://fapi.d-f.cc/">https://fapi.d-f.cc/</a>. Dave Tonge and Mike Jones have provided early feedback on the content.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">5.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>CAEP and the OpenID Foundation<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">The board discussed interest by those working on a Continuous Access Evaluation Protocol (CAEP) in doing the work in an OpenID working group. Possibilities include doing the work in the RISC
working group or forming a new working group. George doesn’t want two publish/subscribe specifications, which could easily happen if there are two different working groups. Lovlesh stated that CAEP could actually fail if implementations don’t even consume
RISC. The sense of the board is that we believe that it’s better to expand the RISC charter than to have two working groups.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">6.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Open Letter to Apple<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">We are publishing a second letter thanking Apple for their diligence in fixing the security and interop issues identified and asking for additional usability improvements. The motion to publish
the second letter unanimously passed.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">7.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Liaison Update<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">We are working with the Financial Data Exchange (FDX), the Financial Data and Technology Association (FDATA), and the Open Banking Implementation Entity (OBIE) in the FAPI space. We are working
with Project Verify – the four US mobile network operators – in the mobile space. We have a liaison relationship with IdentityPython for Python OpenID Connect libraries.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Mike suggested that we drop the IdentityPython liaison work, given that the Python JWTConnect libraries are not likely to be joint work due to lack of funding, going forward. The board concurred.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">We agreed to establish a liaison relationship with the W3C Web Payments WG. Tony Nadalin is in charge of the joint WebAuthn / Web Payments coordination effort.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">We will explore a liaison relationship with SWIFT for FAPI.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">8.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Membership and Marketing Update<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">We are in e-mail contact with those who have certified. We’re polling them about their certification experiences and soliciting their membership.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Some former board members are considering rejoining the board.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">9.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Bitbucket Deleting Mercurial Repositories<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Bitbucket is deleting Mercurial repositories on June 1, 2020. We will lose the issues, etc. unless we export them. We should encourage editors and working groups to make orderly transitions
to Git repositories, whether on Bitbucket, GitLab, or GitHub. This is an issue for multiple working groups and specs, including OpenID Connect.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">10.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>AppAuth Maintainers<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">George resumed the ongoing discussion about maintainers for libraries. Verizon Media is volunteering to become a maintainer for the Android AppAuth library. He proposed this to the Connect
working group. George and Lovlesh said that if we’re going to continue maintaining these, that we should also be marketing them. Mike reminded people that the board long ago decided that it was up to working groups to decide what libraries to maintain and
how to do so. Some are still hoping for us to put some basic policies in place.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">We could add something to the “How Working Groups Work” FAQ about guidelines for accepting pull requests for libraries that we maintain – specifically, that multiple committers should review
each PR.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">11.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Possible Whitepapers<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">Our FAPI, etc. whitepapers are off to a slow start, due to resource conflicts of the writers.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">12.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Upcoming Events<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">The schedule of upcoming events for 2019 and 2020 is posted at
<a href="https://openid.net/foundation/calendar-of-events/">https://openid.net/foundation/calendar-of-events/</a>.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>